Container Debloating: Reducing Code Bloat in Container-based Applications

Team Members

• Sibin Mohan
• Chaitra Niddodi

Collaborators

• Somesh Jha, University of Wisconsin-Madison
• Vaibhav Rastogi, University of Wisconsin-Madison

Overview

Application containers, such as Docker containers, are light-weight virtualization environments that “contain” applications together with their resources and configuration information. While they are becoming increasingly popular as a method for agile software deployment, current techniques for preparing containers add unnecessary bloat into them: they often include unwanted files that increase the container size by several orders of magnitude. This not only leads to storage and network transfer issues but also security concerns. The problem is well-recognized but available solutions are mostly ad-hoc and not largely deployed. Cimplifier debloats a container by using dynamic analysis to identify the resources necessary to the container and then removing the unnecessary resources. However, dynamic analysis uses model executions or test runs, which if incomplete, may not allow detection of all the necessary resources. Therefore, it is important to explore other directions towards container debloating. These include a new intermediate representation allowing incorporation of multiple techniques, such as dynamic analysis and static analysis, for debloating; and test case augmentation using symbolic execution.

Funding

This project is supported by a grant from the Office of Naval Reserach (ONR).

Related Publications

• V. Rastogi, C. Niddodi, S. Mohan and S. Jha, “New Directions for Container Debloating”. Published in the 2017 Workshop on Forming an Ecosystem Around Software Transformation (FEAST’17), affiliated with the 2017 ACM Conference on Computer and Communications Security (CCS 2017).

News

• Debloating Containers [Oct 2017]