Nav: Home

Shedding the fat: ONR explores ways to trim software bloat, improve security

July 12, 2016

ARLINGTON, Va.--Have you ever upgraded your software program or app, only to find it didn't seem to perform as well as the older version? The problem most likely was caused by software bloat, a condition where updated software runs slower because of repetitive code, requiring more memory--and becoming more vulnerable to cyber attacks.

"Software bloat isn't only a nuisance or inconvenience," said Dr. Sukarno Mertoguno, a program officer in the Office of Naval Research's (ONR) C4ISR Department. "It also presents a serious security risk, since the additional code could offer hackers more entry points into a software program."

Security is especially important given ONR's current efforts to design the Naval Tactical Cloud--a multiyear initiative to harness the power of cloud computing and bring big data capabilities to the warfighting environment.

To ensure the Navy's cloud and other computing efforts run more securely and efficiently, ONR is supporting the work of researchers like Dr. Dinghao Wu at Pennsylvania State University and Dr. Harry Xu at the University of California, Irvine.

Software bloat is a big problem today because of how code is written and compiled. Past generations of coders wrote new, individualized code for each program upgrade, adding only what was needed to improve performance.

Thanks to voracious consumer appetites for software features and faster product rollouts, modern coders use pre-made libraries to meet demand. The problem is these libraries contain both the new code and the repetitive code from previous software versions. Downloading the libraries actually installs both sets of code in an upgrade--creating layers of redundant, unused and outdated functions that slow down computer running time.

Then there's the security issue. "A bloated software system contains a larger code base that could lead to more vulnerabilities and greater entry platforms for hackers and cyber terrorists," said Wu. "After gaining access to a system, a hacker can use the code--even unused, older code--for malicious purposes."

Using Java, among the world's most widely used computer programming languages, Wu and his team at Penn State created a tool called JRed, which can read thousands of lines of code in seconds. Through a complex algorithm, JRed applies predefined rules to the code of software upgrades and then identifies and removes bloated, repetitive code. JRed has demonstrated it can shrink software bloat by approximately 50 percent, resulting in faster running times.

Xu and his group at UC Irvine also used Java in their research. However, they designed an optimization technique called Library Auto-Selection, or LAS.

LAS creates "shadow libraries" that can update existing software by pinpointing areas of bloat and adding only the necessary code and data needed for upgrade--skipping the repetitive code. The shadow library then is disabled through an automatic switch mechanism, eliminating the risk of repetition or cyber attack. Xu said his LAS method has trimmed software bloat significantly and improved run time speed by more than 70 percent.

"Aside from concerns about effectiveness and cost savings, reducing software bloat is critical to the capabilities of the Navy and Marine Corps," said Xu. "Military-focused software plays such a large role in the warfighting environment--from carrying out mission-critical tasks to managing confidential data--and must be even more resistant to cyber attacks than software available to the public."

The next step in Wu's and Xu's research involves cutting software bloat in mobile applications and large-scale cloud-computing networks. Their work is part of ONR's Cyber Security and Complex Software Systems Program, which focuses on the design and construction of software systems that meet required assurances for security, safety, reliability and performance.
-end-


Office of Naval Research

Related Cloud Computing Articles:

Quantum cloud computing with self-check
With a quantum coprocessor in the cloud, physicists from Innsbruck, Austria, open the door to the simulation of previously unsolvable problems in chemistry, materials research or high-energy physics.
Storage beyond the cloud
As the data boom continues to boom, more and more information gets filed in less and less space.
The secret life of cloud droplets
Do water droplets cluster inside clouds? Researchers confirm two decades of theory with an airborne imaging instrument.
Cloud computing load balancing based on ant colony algorithms improves performance
The criticality of certain sectors, as well as the requirement of users, involve Cloud providers to guarantee a high level of performance.
Army researcher minimizes the impact of cyber-attacks in cloud computing
Through a collaborative research effort, an Army researcher has made a novel contribution to cloud security and the management of cyberspace risks.
'Cloud computing' takes on new meaning for scientists
Clouds may be wispy puffs of water vapor drifting through the sky, but they're heavy lifting computationally for scientists wanting to factor them into climate simulations.
Space cloud discovery
No one has ever seen what Case Western Reserve University astronomers first observed using a refurbished 75-year-old telescope in the Arizona mountains.
How far to go for satellite cloud image forecasting into operation
Simulated satellite cloud images not only have the visualization of cloud imagery, but also can reflect more information about the model.
Study: How to calculate pricing and resources for cloud computing
Researchers in the University at Buffalo School of Management have developed a new algorithm that cloud computing service providers can use to establish pricing and allocate resources.
Smartly containing the cloud increases computing efficiency, says first-of-its-kind study
Virginia Tech researchers discovered ways to further improve computing efficiency using management tools for cloud-based light-weight virtual machine replacements called containers.
More Cloud Computing News and Cloud Computing Current Events

Best Science Podcasts 2019

We have hand picked the best science podcasts for 2019. Sit back and enjoy new science podcasts updated daily from your favorite science news services and scientists.
Now Playing: TED Radio Hour

Rethinking Anger
Anger is universal and complex: it can be quiet, festering, justified, vengeful, and destructive. This hour, TED speakers explore the many sides of anger, why we need it, and who's allowed to feel it. Guests include psychologists Ryan Martin and Russell Kolts, writer Soraya Chemaly, former talk radio host Lisa Fritsch, and business professor Dan Moshavi.
Now Playing: Science for the People

#538 Nobels and Astrophysics
This week we start with this year's physics Nobel Prize awarded to Jim Peebles, Michel Mayor, and Didier Queloz and finish with a discussion of the Nobel Prizes as a way to award and highlight important science. Are they still relevant? When science breakthroughs are built on the backs of hundreds -- and sometimes thousands -- of people's hard work, how do you pick just three to highlight? Join host Rachelle Saunders and astrophysicist, author, and science communicator Ethan Siegel for their chat about astrophysics and Nobel Prizes.