{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,10]],"date-time":"2026-02-10T13:06:55Z","timestamp":1770728815333,"version":"3.49.0"},"reference-count":52,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2021,12,24]],"date-time":"2021-12-24T00:00:00Z","timestamp":1640304000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000006","name":"Office of Naval Research","doi-asserted-by":"crossref","award":["N00014-18-1-2660"],"award-info":[{"award-number":["N00014-18-1-2660"]}],"id":[{"id":"10.13039\/100000006","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Softw. Eng. Methodol."],"published-print":{"date-parts":[[2022,4,30]]},"abstract":"<jats:p>IoT firmware oftentimes incorporates third-party components, such as network-oriented middleware and media encoders\/decoders. These components consist of large and mature codebases, shipping with a variety of non-critical features. Feature bloat increases code size, complicates auditing\/debugging, and reduces stability. This is problematic for IoT devices, which are severely resource-constrained and must remain operational in the field for years.<\/jats:p>\n          <jats:p>\n            Unfortunately, identification and complete removal of code related to unwanted features requires familiarity with codebases of interest, cumbersome manual effort, and may introduce bugs. We address these difficulties by introducing PRAT, a system that takes as input the codebase of software of interest, identifies and maps features to code, presents this information to a human analyst, and removes all code belonging to unwanted features. PRAT solves the challenge of identifying feature-related code through a novel form of differential dynamic analysis and visualizes results as user-friendly\n            <jats:italic>feature graphs<\/jats:italic>\n            .\n          <\/jats:p>\n          <jats:p>Evaluation on diverse codebases shows superior code removal compared to both manual feature deactivation and state-of-art debloating tools, and generality across programming languages. Furthermore, a user study comparing PRAT to manual code analysis shows that it can significantly simplify the feature identification workflow.<\/jats:p>","DOI":"10.1145\/3487568","type":"journal-article","created":{"date-parts":[[2021,12,24]],"date-time":"2021-12-24T14:22:36Z","timestamp":1640355756000},"page":"1-25","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Guided Feature Identification and Removal for Resource-constrained Firmware"],"prefix":"10.1145","volume":"31","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4706-8999","authenticated-orcid":false,"given":"Ryan","family":"Williams","sequence":"first","affiliation":[{"name":"Northeastern University, Boston, USA"}]},{"given":"Tongwei","family":"Ren","sequence":"additional","affiliation":[{"name":"Worcester Polytechnic Institute, Worcester, USA"}]},{"given":"Lorenzo","family":"De Carli","sequence":"additional","affiliation":[{"name":"Worcester Polytechnic Institute, Worcester, USA"}]},{"given":"Long","family":"Lu","sequence":"additional","affiliation":[{"name":"Northeastern University, Boston, USA"}]},{"given":"Gillian","family":"Smith","sequence":"additional","affiliation":[{"name":"Worcester Polytechnic Institute, Worcester, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,12,24]]},"reference":[{"key":"e_1_3_2_2_2","unstructured":"2018. Eclipse Mosquitto. Retrieved from https:\/\/mosquitto.org\/."},{"key":"e_1_3_2_3_2","unstructured":"2019. AMQP library for C. Retrieved from https\/\/github.com\/Azure\/azure-uamqp-c. original-date: 2015-11-20T06:13:31Z."},{"key":"e_1_3_2_4_2","unstructured":"2019. ccache - compiler cache. Retrieved from https\/\/ccache.dev\/."},{"key":"e_1_3_2_5_2","unstructured":"2019. darconeous\/libnyoci: A flexible CoAP stack for embedded devices and computers. RFC7252 compatible. Retrieved from https\/\/github.com\/darconeous\/libnyoci."},{"key":"e_1_3_2_6_2","unstructured":"2019. Doxygen: main page. Retrieved from http\/\/www.doxygen.nl\/."},{"key":"e_1_3_2_7_2","unstructured":"2019. GitHub - jtpereyda\/boofuzz. Retrieved from https\/\/github.com\/jtpereyda\/boofuzz."},{"key":"e_1_3_2_8_2","unstructured":"2019. Lora-net\/LoRaMac-node: Reference implementation and documentation of a LoRa network node. Retrieved from https\/\/github.com\/Lora-net\/LoRaMac-node."},{"key":"e_1_3_2_9_2","unstructured":"2019. obgm\/libcoap: A CoAP (RFC 7252) implementation in C. Retrieved from https\/\/github.com\/obgm\/libcoap."},{"key":"e_1_3_2_10_2","unstructured":"2019. OpenDDS. Retrieved from https\/\/opendds.org\/."},{"key":"e_1_3_2_11_2","unstructured":"2019. zeromq\/libzmq: ZeroMQ core engine in C++ implements ZMTP\/3.1. Retrieved from https\/\/github.com\/zeromq\/libzmq."},{"key":"e_1_3_2_12_2","unstructured":"2020. aom - Git at Google. Retrieved from https\/\/aomedia.googlesource.com\/aom\/."},{"key":"e_1_3_2_13_2","unstructured":"2020. cloudflare \/ quiche: Savoury implementation of the QUIC transport protocol and HTTP\/3. Retrieved from https\/\/github.com\/cloudflare\/quiche."},{"key":"e_1_3_2_14_2","unstructured":"2020. CVE - Common Vulnerabilities and Exposures. Retrieved from https\/\/cve.mitre.org\/."},{"key":"e_1_3_2_15_2","unstructured":"2020. FFmpeg. Retrieved from https\/\/ffmpeg.org\/."},{"key":"e_1_3_2_16_2","unstructured":"2020. xiph \/ rav1e: The fastest and safest AV1 encoder. Retrieved from https\/\/github.com\/xiph\/rav1e."},{"key":"e_1_3_2_17_2","unstructured":"2021. AFLNet: A Greybox Fuzzer for Network Protocols. Retrieved from https\/\/github.com\/aflnet\/aflnet."},{"key":"e_1_3_2_18_2","unstructured":"2021. american fuzzy lop - a security-oriented fuzzer. Retrieved from https\/\/github.com\/google\/AFL."},{"key":"e_1_3_2_19_2","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813707"},{"key":"e_1_3_2_20_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.39"},{"key":"e_1_3_2_21_2","first-page":"8","article-title":"CARVE: Practical Security-focused Software Debloating Using Simple Feature Set Mappings","volume":"1907","author":"Brown Michael D.","year":"2019","unstructured":"Michael D. Brown and Santosh Pande. 2019. CARVE: Practical Security-focused Software Debloating Using Simple Feature Set Mappings. CoRR abs\/1907.02180 (2019), 8.","journal-title":"CoRR"},{"key":"e_1_3_2_22_2","first-page":"209","volume-title":"Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation (OSDI\u201908)","author":"Cadar Cristian","year":"2008","unstructured":"Cristian Cadar, Daniel Dunbar, and Dawson Engler. 2008. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation (OSDI\u201908). USENIX Association, Berkeley, CA, 209\u2013224."},{"key":"e_1_3_2_23_2","doi-asserted-by":"publisher","DOI":"10.1145\/3273045.3273048"},{"key":"e_1_3_2_24_2","volume-title":"Model Checking","author":"Jr. Edmund M. Clarke,","year":"1999","unstructured":"Edmund M. Clarke, Jr., Orna Grumberg, and Doron A. Peled. 1999. Model Checking. The MIT Press, Cambridge, MA."},{"key":"e_1_3_2_25_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICPC.2008.39"},{"key":"e_1_3_2_26_2","doi-asserted-by":"publisher","DOI":"10.14722\/diss.2020.23001"},{"key":"e_1_3_2_27_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSM.2005.42"},{"key":"e_1_3_2_28_2","article-title":"How to Fuzz a Server with American Fuzzy Lop","author":"Foote Jonathan","year":"2015","unstructured":"Jonathan Foote. 2015. How to Fuzz a Server with American Fuzzy Lop. Retrieved from https:\/\/www.fastly.com\/blog\/how-fuzz-server-american-fuzzy-lop.","journal-title":"Retrieved from https:\/\/www.fastly.com\/blog\/how-fuzz-server-american-fuzzy-lop"},{"key":"e_1_3_2_29_2","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243838"},{"key":"e_1_3_2_30_2","doi-asserted-by":"publisher","DOI":"10.1109\/HASE.2016.27"},{"key":"e_1_3_2_31_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2013.45"},{"key":"e_1_3_2_32_2","first-page":"179","volume-title":"Formal Verification for Security in IoT Devices","author":"Keerthi K.","year":"2019","unstructured":"K. Keerthi, Indrani Roy, Aritra Hazra, and Chester Rebeiro. 2019. Formal Verification for Security in IoT Devices. Springer International Publishing, Cham, 179\u2013200."},{"key":"e_1_3_2_33_2","doi-asserted-by":"publisher","DOI":"10.1145\/3301417.3312501"},{"key":"e_1_3_2_34_2","unstructured":"Anton J. Kuzel. 1992. Sampling in qualitative inquiry. Sage Publications Inc."},{"key":"e_1_3_2_35_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-22110-1_49"},{"key":"e_1_3_2_36_2","doi-asserted-by":"publisher","DOI":"10.1145\/1134285.1134307"},{"key":"e_1_3_2_37_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2007.1016"},{"key":"e_1_3_2_38_2","first-page":"1733","volume-title":"Proceedings of the 28th USENIX Security Symposium (USENIX Security\u201919)","author":"Qian Chenxiong","year":"2019","unstructured":"Chenxiong Qian, Hong Hu, Mansour Alharthi, Pak Ho Chung, Taesoo Kim, and Wenke Lee. 2019. RAZOR: A framework for post-deployment software debloating. In Proceedings of the 28th USENIX Security Symposium (USENIX Security\u201919). USENIX Association, 1733\u20131750."},{"key":"e_1_3_2_39_2","first-page":"869","volume-title":"Proceedings of the USENIX Security Symposium","author":"Quach Anh","year":"2018","unstructured":"Anh Quach, Aravind Prakash, and Lok Yan. 2018. Debloating software through piece-wise compilation and loading. In Proceedings of the USENIX Security Symposium. 869\u2013886."},{"key":"e_1_3_2_40_2","doi-asserted-by":"publisher","DOI":"10.1145\/2254064.2254104"},{"key":"e_1_3_2_41_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICPC.2010.10"},{"key":"e_1_3_2_42_2","unstructured":"Steve Schmidt. 2015. Introducing s2n a New Open Source TLS Implementation. Retrieved from https\/\/aws.amazon.com\/blogs\/security\/introducing-s2n-a-new-open-source-tls-implementation\/."},{"key":"e_1_3_2_43_2","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315313"},{"key":"e_1_3_2_44_2","doi-asserted-by":"publisher","DOI":"10.1007\/BFb0032731"},{"key":"e_1_3_2_45_2","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3238160"},{"key":"e_1_3_2_46_2","first-page":"551","volume-title":"PerCom Workshops","author":"Simpson Anna Kornfeld","year":"2017","unstructured":"Anna Kornfeld Simpson, Franziska Roesner, and Tadayoshi Kohno. 2017. Securing vulnerable home IoT devices with an in-hub security manager. In PerCom Workshops. IEEE, 551\u2013556."},{"key":"e_1_3_2_47_2","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23368"},{"key":"e_1_3_2_48_2","doi-asserted-by":"publisher","DOI":"10.1145\/3180155.3180236"},{"key":"e_1_3_2_49_2","doi-asserted-by":"publisher","DOI":"10.1145\/3106237.3106271"},{"key":"e_1_3_2_50_2","doi-asserted-by":"publisher","DOI":"10.1002\/smr.4360070105"},{"key":"e_1_3_2_51_2","volume-title":"Proceedings of the 27th USENIX Security Symposium (USENIX Security\u201918)","author":"Yun Insu","year":"2018","unstructured":"Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang, and Taesoo Kim. 2018. QSYM: A practical concolic execution engine tailored for hybrid fuzzing. In Proceedings of the 27th USENIX Security Symposium (USENIX Security\u201918)."},{"key":"e_1_3_2_52_2","doi-asserted-by":"publisher","DOI":"10.1109\/32.988498"},{"key":"e_1_3_2_53_2","doi-asserted-by":"publisher","DOI":"10.1145\/1131421.1131424"}],"container-title":["ACM Transactions on Software Engineering and Methodology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3487568","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3487568","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3487568","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:31:20Z","timestamp":1750188680000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3487568"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,12,24]]},"references-count":52,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2022,4,30]]}},"alternative-id":["10.1145\/3487568"],"URL":"https:\/\/doi.org\/10.1145\/3487568","relation":{},"ISSN":["1049-331X","1557-7392"],"issn-type":[{"value":"1049-331X","type":"print"},{"value":"1557-7392","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,12,24]]},"assertion":[{"value":"2021-01-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-09-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-12-24","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}