查看文章

Real-world software is usually built on top of other software provided as packages that are managed by package managers. Package managers facilitate code reusability and programmer productivity but incur significant software bloat by installing excessive dependent packages. This dependency hell increases potential security issues and hampers rapid response to newly discovered vulnerabilities. We propose a package-oriented debloating framework, PacJam, for adaptive and security-aware management of an application's dependent packages. PacJam improves upon existing debloating techniques by providing a configurable fallback mechanism via post-deployment policies. It also elides the need to completely specify the application's usage scenarios and does not require runtime support. Moreover, PacJam enables to rapidly mitigate newly discovered vulnerabilities with minimal impact on the application …