Skip to content

qixin5/debop

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
cmake
cmake
 
 
docker
docker
 
 
include
include
 
 
lib/wrappers
lib/wrappers
 
 
src/cpp/reducer
src/cpp/reducer
 
 
test
test
 
 
CMakeLists.txt
CMakeLists.txt
 
 
README.md
README.md
 
 

Repository files navigation

Debop

Debop is a multi-goal debloating technique. In its current implementation, Debop supports an objective function that encodes three goals: size reduction, attack surface reduction, and generality. It leverages a Markov Chain Monte Carlo (MCMC) sampling technique to explore the search space and search for a debloated program that maximizes the objective.

Requirements

  • CMake >= 3.10.2
  • Clang and LLVM >= 9.0.0
  • spdlog >= 1.3.1
  • ROPgadget >= 5.8

Installation

Make sure you have installed all the required libraries (shown above). Please refer to https://github.com/llvm/llvm-project.git to install LLVM and Clang. Please refer to https://github.com/gabime/spdlog to install spdlog. Please refer to https://github.com/JonathanSalwan/ROPgadget to install ROPgadget.

Linux

Once you have all the requirements, do the following steps.

  1. In CMakeLists.txt, change to your own paths the last two include_directories (lines ending with "Change to your own path!").
  2. Run mkdir build && cd build.
  3. Run cmake ...
  4. Run make.

Quick Test

  1. Test ROPgadget by running ROPgadget --version from command line.
  2. In the debop directory, go to quicktest by running cd test/quicktest.
  3. Run ./run_debop.
  4. After running, check that you have a debop-out directory containing a few sample C files and a log.txt file. In log.txt file, there is a reporting summary shown at the end. If you've found all these, the running was successful.

Usage

DEBOP_BIN [OPTION] ORACLE_FILE SOURCE_FILE

DEBOP_BIN: The debop binary (build/bin/reducer).

ORACLE_FILE: The oracle script used to compile source, run tests, and compute scores. It should compute a total of six scores:

  1. Size of original program
  2. Size of reduced program
  3. Number of gadgets in original program
  4. Number of gadgets in reduced program
  5. Number of total tests
  6. Number of tests the program passes The resulting scores should be redirected to a file named "eval_rslt.txt". See test/quicktest/test.sh for an example.

SOURCE_FILE: The program source file(s).

OPTION:

-m: Number of samples.
-i: Number of sampling iterations. (Default is 100. Consider using a large value.)
-a: Alpha value (weight for attack surface reduction).
-e: Beta value (weight for generality).
-k: K value (for computing density values).
-s: No value needed. Save temp files.
-B: If you want to use MCMC at the BasicBlock level, add this option.

Note

It is strongly recommended that you provide Debop with a source file with all the code unexercised by the oracle inputs eliminated. This would make Debop's search space significantly smaller. To produce such a file, please refer to https://github.com/qixin5/debcov.

Contact

If you have questions, please contact Qi Xin via [email protected].

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

Debop-v1.0.0 Latest
Feb 18, 2022

Packages

No packages published

Languages