JSLIM: Reducing the Known Vulnerabilities of JavaScript Application by Debloating

Ye, Renjun; Liu, Liang; Hu, Simin; Zhu, Fengsen; Yang, Jingxiu; Wang, Feng

doi:10.1007/978-3-030-93956-4_8

Cited by 5 publications

(4 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To address this issue, several tools have been proposed to remove bloat from source code directly, i.e., not when the code is deployed. These tools are usually tailored to specific programming languages such as C/C++ [11,31], JavaScript [71] and PHP [6]. These tools typically result in source-code size reduction [6,11,31], a reduction in CVEs [6,11,31,71] and reduction in binary sizes [11].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Machine Learning Systems are Bloated and Vulnerable

Zhang,

Alhanahnah,

Ahmed

et al. 2024

SIGMETRICS Perform. Eval. Rev.

View full text Add to dashboard Cite

Today's software is bloated with both code and features that are not used by most users. This bloat is prevalent across the entire software stack, from operating systems and applications to containers. Containers are lightweight virtualization technologies used to package code and dependencies, providing portable, reproducible and isolated environments. For their ease of use, data scientists often utilize machine learning containers to simplify their workflow. However, this convenience comes at a cost: containers are often bloated with unnecessary code and dependencies, resulting in very large sizes. In this paper, we analyze and quantify bloat in machine learning containers. We develop MMLB, a framework for analyzing bloat in software systems, focusing on machine learning containers. MMLB measures the amount of bloat at both the container and package levels, quantifying the sources of bloat. In addition, MMLB integrates with vulnerability analysis tools and performs package dependency analysis to evaluate the impact of bloat on container vulnerabilities. Through experimentation with 15 machine learning containers from TensorFlow, PyTorch, and Nvidia, we show that bloat accounts for up to 80% of machine learning container sizes, increasing container provisioning times by up to 370% and exacerbating vulnerabilities by up to 99%. For more detail, see the full paper, ~\citezhang2024machine.

show abstract

Section: Related Workmentioning

confidence: 99%

“…These tools are usually tailored to specific programming languages such as C/C++ [11,31], JavaScript [71] and PHP [6]. These tools typically result in source-code size reduction [6,11,31], a reduction in CVEs [6,11,31,71] and reduction in binary sizes [11].…”

Section: Related Workmentioning

confidence: 99%

Machine Learning Systems are Bloated and Vulnerable

Zhang,

Alhanahnah,

Ahmed

et al. 2024

SIGMETRICS Perform. Eval. Rev.

View full text Add to dashboard Cite

show abstract

“…µTrimmer [44], designed for MIPS firmware, eliminates unwanted basic blocks in shared libraries. JSLIM [42] is another debloating framework to remove dead code and code containing vulnerabilities in JavaScript applications. Unlike these code-based debloating techniques, IOSPReD explores data-based debloating for efficient storage space utilization and application reproducibility.…”

Section: B Code-based Debloatingmentioning

confidence: 99%

IOSPReD: I/O Specialized Packaging of Reduced Datasets and Data-Intensive Applications for Efficient Reproducibility

et al. 2023

View full text Add to dashboard Cite

The data generated by large scale scientific systems such as NASA's Earth Observing System Data and Information System is expected to increase substantially. Consequently, applications processing these huge volumes of data suffer from lack of storage space at the execution site. This poses a critical challenge while sharing data and reproducing application executions w.r.t. specific user inputs in dataintensive applications. To address this issue, we propose IOSPReD (I/O Specialized Packaging of Reduced Datasets), a data-based debloating framework, designed to automatically track and package only necessary chunks of data (along with the application) in a container. IOSPReD uses the specific inputs provided by the user to identify the necessary data chunks. To do so, the high level user inputs are mapped down to low level data file offsets. We evaluate IOSPReD on different realistic NASA datasets to assess (i) the amount of data reduction, (ii) the reproducibility of results across multiple application executions and also (iii) the impact on performance.

show abstract

“…This step is carried out by: (i) performing a lightweight search on Google Scholar, and (ii) by analysing the scientific publications cited and citing the studies we already identified as related to our work (see Section VI). This activity leads to the following 6 promising tools: Qiong et al [45], UFFRemover [33], JSLIM [46], Muzeel [47], Goel et al [48], Google LightHouse. 6 Three researchers assessed the applicability of each potentially-usable tool (e.g., a functioning implementation of the tool must be publicly available).…”

Section: ) Novel Features and Extensionsmentioning

confidence: 99%

JavaScript Dead Code Identification, Elimination, and Empirical Assessment

Malavolta

Nirghin

Scoccia

et al. 2023

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

General rightsCopyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights.• Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal Take down policyIf you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim.

show abstract

JSLIM: Reducing the Known Vulnerabilities of JavaScript Application by Debloating

Cited by 5 publications

References 14 publications

Machine Learning Systems are Bloated and Vulnerable

Machine Learning Systems are Bloated and Vulnerable

IOSPReD: I/O Specialized Packaging of Reduced Datasets and Data-Intensive Applications for Efficient Reproducibility

JavaScript Dead Code Identification, Elimination, and Empirical Assessment

Contact Info

Product

Resources

About