{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,30]],"date-time":"2026-01-30T05:38:03Z","timestamp":1769751483268,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":66,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,10,14]],"date-time":"2024-10-14T00:00:00Z","timestamp":1728864000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100006374","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["ACI-1440800"],"award-info":[{"award-number":["ACI-1440800"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100006374","name":"Office of Naval Research","doi-asserted-by":"publisher","award":["N00014-24- 1-2049, N68335-17-C-0558"],"award-info":[{"award-number":["N00014-24- 1-2049, N68335-17-C-0558"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,10,14]]},"DOI":"10.1145\/3689937.3695792","type":"proceedings-article","created":{"date-parts":[[2024,11,19]],"date-time":"2024-11-19T18:21:47Z","timestamp":1732040507000},"page":"11-18","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["SoK: Software Debloating Landscape and Future Directions"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7108-3809","authenticated-orcid":false,"given":"Mohannad","family":"Alhanahnah","sequence":"first","affiliation":[{"name":"Computer Sciences, University of Wisconsin-Madison, Madison, WI, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0816-6924","authenticated-orcid":false,"given":"Yazan","family":"Boshmaf","sequence":"additional","affiliation":[{"name":"Qatar Computing Research Institute, Hamad Bin Khalifa University, Doha, Qatar"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3940-2467","authenticated-orcid":false,"given":"Ashish","family":"Gehani","sequence":"additional","affiliation":[{"name":"SRI, Menlo Park, CA, US"}]}],"member":"320","published-online":{"date-parts":[[2024,11,19]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[n. d.]. Common Criteria Publications. https:\/\/www.commoncriteriaportal.org\/cc\/index.cfm."},{"key":"e_1_3_2_1_2_1","unstructured":"2017. U.S. Navy Program Guide. https:\/\/media.defense.gov\/2020\/May\/18\/2002302043\/-1\/-1\/1\/NPG17.PDF. [Accessed 15-06--2024]."},{"key":"e_1_3_2_1_3_1","unstructured":"2021. The Minimum Elements For a Software Bill of Materials. https:\/\/www.ntia.doc.gov\/files\/ntia\/publications\/sbom_minimum_elements_report.pdf. [Accessed 15-06--2024]."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359823"},{"key":"e_1_3_2_1_5_1","volume-title":"Trimmer: Context-Specific Code Reduction. 37th IEEE\/ACM Conference on Automated Software Engineering (ASE)","author":"Ahmad Aatira","year":"2022","unstructured":"Aatira Ahmad, Mubashir Anwar, Hashim Sharif, Ashish Gehani, and Fareed Zaffar. 2022. Trimmer: Context-Specific Code Reduction. 37th IEEE\/ACM Conference on Automated Software Engineering (ASE) (2022)."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2021.3095716"},{"key":"e_1_3_2_1_7_1","volume-title":"DepesRAG: Towards Managing Software Dependencies using Large Language Models. arXiv preprint arXiv:2405.20455","author":"Alhanahnah Mohannad","year":"2024","unstructured":"Mohannad Alhanahnah, Yazan Boshmaf, and Benoit Baudry. 2024. DepesRAG: Towards Managing Software Dependencies using Large Language Models. arXiv preprint arXiv:2405.20455 (2024)."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP53844.2022.00024"},{"key":"e_1_3_2_1_9_1","volume-title":"Blade: Scalable Source Code Debloating Framework. In 2023 IEEE Secure development Conference (SecDev).","author":"Ali Muaz","year":"2023","unstructured":"Muaz Ali, Rumaisa Habib, Ashish Gehani, Sazzadur Rahaman, and Zartash Uzmi. 2023. Blade: Scalable Source Code Debloating Framework. In 2023 IEEE Secure development Conference (SecDev)."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"crossref","unstructured":"Muaz Ali Muhammad Muzammil Faraz Karim Ayesha Naeem Rukhshan Haroon Muhammad Haris Huzaifah Nadeem Waseem Sabir Fahad Shaon Fareed Zaffar et al. 2023. SoK: A Tale of Reduction Security and Correctness-Evaluating Program Debloating Paradigms and Their Compositions. ESORICS.","DOI":"10.1007\/978-3-031-51482-1_12"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3422337.3447844"},{"key":"e_1_3_2_1_12_1","volume-title":"33rd USENIX Security Symposium (USENIX Security 24)","author":"Brown Michael D.","year":"2024","unstructured":"Michael D. Brown, Adam Meily, Brian Fairservice, Akshay Sood, Jonathan Dorn, Eric Kilmer, and Ronald Eytchison. 2024. A Broad Comparative Evaluation of Software Debloating Tools. In 33rd USENIX Security Symposium (USENIX Security 24). USENIX Association, Philadelphia, PA, 3927--3943. https:\/\/www.usenix.org\/conference\/usenixsecurity24\/presentation\/brown"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3338502.3359764"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3409738"},{"key":"e_1_3_2_1_15_1","volume-title":"Adaptive De-bloating and Hardening of COTS Firmware. In 29th USENIX Security Symposium (USENIX Security 20)","author":"Christensen Jake","year":"2020","unstructured":"Jake Christensen, Ionut Mugurel Anghel, Rob Taglang, Mihai Chiroiu, and Radu Sion. 2020. DECAF: Automatic, Adaptive De-bloating and Hardening of COTS Firmware. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 1713--1730."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/383082.383099"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3472811"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2928293"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3345665"},{"key":"e_1_3_2_1_20_1","volume-title":"Confine: Automated System Call Policy Generation for Container Attack Surface Reduction. In 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID","author":"Ghavamnia Seyedhamed","year":"2020","unstructured":"Seyedhamed Ghavamnia, Tapti Palit, Azzedine Benameur, and Michalis Polychronakis. 2020. Confine: Automated System Call Policy Generation for Container Attack Surface Reduction. In 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020). USENIX Association, San Sebastian, 443--458."},{"key":"e_1_3_2_1_21_1","volume-title":"Temporal System Call Specialization for Attack Surface Reduction. In 29th USENIX Conference on Security Symposium (SEC'20)","author":"Ghavamnia Seyedhamed","year":"2020","unstructured":"Seyedhamed Ghavamnia, Tapti Palit, Shachee Mishra, and Michalis Polychronakis. 2020. Temporal System Call Specialization for Attack Surface Reduction. In 29th USENIX Conference on Security Symposium (SEC'20). USENIX Association, USA, Article 99, 18 pages."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3559366"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev56634.2023.00023"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243838"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833695"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3623208"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2018.00029"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2016.146"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3338906.3338956"},{"key":"e_1_3_2_1_30_1","volume-title":"23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID","author":"Koishybayev Igibek","year":"2020","unstructured":"Igibek Koishybayev and Alexandros Kapravelos. 2020. Mininode: Reducing the Attack Surface of Node.js Applications. In 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020). USENIX Association, San Sebastian, 121--134."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3301417.3312501"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3273045.3273050"},{"key":"e_1_3_2_1_33_1","volume-title":"Reinforcement Learning Guided Software Debloating. 2nd Workshop on Machine Learning for Systems","author":"Le Nham","year":"2019","unstructured":"Nham Le, Ashish Gehani, Arie Gurfinkel, Susmit Jha, and Jorge Navas. 2019. Reinforcement Learning Guided Software Debloating. 2nd Workshop on Machine Learning for Systems (2019)."},{"key":"e_1_3_2_1_34_1","volume-title":"DIMVA 2017, Bonn, Germany, July 6--7, 2017, Proceedings 14","author":"Lei Lingguang","year":"2017","unstructured":"Lingguang Lei, Jianhua Sun, Kun Sun, Chris Shenefiel, Rui Ma, YuewuWang, and Qi Li. 2017. SPEAKER: Split-phase execution of application containers. In Detection of Intrusions and Malware, and Vulnerability Assessment: 14th International Conference, DIMVA 2017, Bonn, Germany, July 6--7, 2017, Proceedings 14. Springer, 230--251."},{"key":"e_1_3_2_1_35_1","volume-title":"12th ACM Conference on Computer and communications security.","author":"Ligatti J","year":"2005","unstructured":"J Ligatti, M Abadi, M Bidiu, and U Erlingsson. 2005. Control Flow integrity. In 12th ACM Conference on Computer and communications security."},{"key":"e_1_3_2_1_36_1","volume-title":"AutoDebloater: Automated Android App Debloating. In 2023 38th IEEE\/ACM International Conference on Automated Software Engineering (ASE). IEEE","author":"Liu Jiakun","year":"2023","unstructured":"Jiakun Liu, Xing Hu, Ferdian Thung, Shahar Maoz, Eran Toch, Debin Gao, and David Lo. 2023. AutoDebloater: Automated Android App Debloating. In 2023 38th IEEE\/ACM International Conference on Automated Software Engineering (ASE). IEEE, 2090--2093."},{"key":"e_1_3_2_1_37_1","volume-title":"MiniMon: Minimizing Android Applications with Intelligent Monitoring-Based Debloating. In 2024 IEEE\/ACM 46th International Conference on Software Engineering (ICSE). IEEE Computer Society, 990--990","author":"Liu Jiakun","year":"2024","unstructured":"Jiakun Liu, Zicheng Zhang, Xing Hu, Ferdian Thung, Shahar Maoz, Debin Gao, Eran Toch, Zhipeng Zhao, and David Lo. 2024. MiniMon: Minimizing Android Applications with Intelligent Monitoring-Based Debloating. In 2024 IEEE\/ACM 46th International Conference on Software Engineering (ICSE). IEEE Computer Society, 990--990."},{"key":"e_1_3_2_1_38_1","unstructured":"Miron Livny Bart Miller Jim Basney VonWelch Irene Landrum James A Kupsch Josef Burger Jeffery Peterson and Abe Megahed. 2020. Continuous Software Assurance Through a National Marketplace. Final Technical Report AFRL-RIRS-TR-2020--214."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/2695664.2695751"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP48549.2020.00010"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.5555\/998675.999433"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3583112"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3488932.3524054"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3575693.3575734"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3385412.3386017"},{"key":"e_1_3_2_1_46_1","volume-title":"RAZOR: A Framework for Post-deployment Software Debloating. In 28th USENIX Security Symposium (USENIX Security 19)","author":"Qian Chenxiong","year":"2019","unstructured":"Chenxiong Qian, Hong Hu, Mansour Alharthi, Pak Ho Chung, Taesoo Kim, and Wenke Lee. 2019. RAZOR: A Framework for Post-deployment Software Debloating. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA, 1733--1750."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417866"},{"key":"e_1_3_2_1_48_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Quach Anh","year":"2018","unstructured":"Anh Quach, Aravind Prakash, and Lok Yan. 2018. Debloating Software through Piece-Wise Compilation and Loading. In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, Baltimore, MD, 869--886."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3106237.3106271"},{"key":"e_1_3_2_1_50_1","volume-title":"DIMVA 2019, Gothenburg, Sweden, June 19--20, 2019, Proceedings 16","author":"Redini Nilo","year":"2019","unstructured":"Nilo Redini, RuoyuWang, Aravind Machiry, Yan Shoshitaishvili, Giovanni Vigna, and Christopher Kruegel. 2019. Bintrimmer: Towards static binary debloating through abstract interpretation. In Detection of Intrusions and Malware, and Vulnerability Assessment: 16th International Conference, DIMVA 2019, Gothenburg, Sweden, June 19--20, 2019, Proceedings 16. Springer, 482--501."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/2254064.2254104"},{"key":"e_1_3_2_1_52_1","volume-title":"Static Previrtualization. 12th High Confidence Software and Systems Conference (HCSS)","author":"Shankar Natarajan","year":"2012","unstructured":"Natarajan Shankar and Ashish Gehani. 2012. Static Previrtualization. 12th High Confidence Software and Systems Conference (HCSS) (2012)."},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.45"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/3546948"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-020-09914-8"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/3180155.3180236"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2021.3120213"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/3611643.3616274"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/3487568"},{"key":"e_1_3_2_1_60_1","volume-title":"LIGHTBLUE: Automatic Profile-Aware Debloating of Bluetooth Stacks. In 30th USENIX Security Symposium (USENIX Security 21)","author":"Wu Jianliang","year":"2021","unstructured":"Jianliang Wu, Ruoyu Wu, Daniele Antonioli, Mathias Payer, Nils Ole Tippenhauer, Dongyan Xu, Dave (Jing) Tian, and Antonio Bianchi. 2021. LIGHTBLUE: Automatic Profile-Aware Debloating of Bluetooth Stacks. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, 339--356."},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/3324884.3416644"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/3551349.3556970"},{"key":"e_1_3_2_1_63_1","volume-title":"International Symposium on Emerging Information Security and Applications. Springer, 128--143","author":"Ye Renjun","year":"2021","unstructured":"Renjun Ye, Liang Liu, Simin Hu, Fangzhou Zhu, Jingxiu Yang, and Feng Wang. 2021. JSLIM: Reducing the known vulnerabilities of Javascript application by debloating. In International Symposium on Emerging Information Security and Applications. Springer, 128--143."},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1145\/3652963.3655064"},{"key":"e_1_3_2_1_65_1","volume-title":"BLAFS: A Bloat Aware File System.","author":"Zhang Huaifeng","year":"2023","unstructured":"Huaifeng Zhang, Mohannad Alhanahnah, and Ahmed Ali-Eldin. 2023. BLAFS: A Bloat Aware File System. (2023). arXiv:2305.04641"},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/3503222.3507768"}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","location":"Salt Lake City UT USA","acronym":"CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2024 Workshop on Forming an Ecosystem Around Software Transformation"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3689937.3695792","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3689937.3695792","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,23]],"date-time":"2025-08-23T20:35:49Z","timestamp":1755981349000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3689937.3695792"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,14]]},"references-count":66,"alternative-id":["10.1145\/3689937.3695792","10.1145\/3689937"],"URL":"https:\/\/doi.org\/10.1145\/3689937.3695792","relation":{},"subject":[],"published":{"date-parts":[[2024,10,14]]},"assertion":[{"value":"2024-11-19","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}