New directions for container debloating

Vaibhav Rastogi, Chaitra Niddodi, Sibin Mohan, Somesh Jha

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Application containers, such as Docker containers, are light-weight virtualization environments that "contain" applications together with their resources and confguration information. While they are becoming increasingly popular as a method for agile software deployment, current techniques for preparing containers add unnecessary bloat into them: they often include unneeded fles that increase the container size by several orders of magnitude. This not only leads to storage and network transfer issues but also security concerns. The problem is well-recognized but available solutions are mostly ad-hoc and not largely deployed. Our previous work, Cimplifier, on debloating containers uses dynamic analysis to identify the resources necessary to a container and then debloat it. However, the dynamic analysis uses model executions or test runs, which if incomplete, may not allow detection of all the necessary resources. Therefore, it is important to explore other directions towards container debloating. In this paper, we discuss two of them: a new intermediate representation allowing incorporation of multiple techniques, such as dynamic analysis and static analysis, for debloating; and test case augmentation using symbolic execution.

Original languageEnglish (US)
Title of host publicationFEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017
PublisherAssociation for Computing Machinery, Inc
Pages51-56
Number of pages6
ISBN (Electronic)9781450353953
DOIs
StatePublished - Nov 3 2017
Event2nd Workshop on Forming an Ecosystem Around Software Transformation, FEAST 2017 - Dallas, United States
Duration: Nov 3 2017 → …

Publication series

NameFEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017

Other

Other2nd Workshop on Forming an Ecosystem Around Software Transformation, FEAST 2017
CountryUnited States
CityDallas
Period11/3/17 → …

Keywords

  • Containers
  • Debloating
  • Least privilege

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Electrical and Electronic Engineering
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'New directions for container debloating'. Together they form a unique fingerprint.

Cite this