Nav: Home

Shedding the fat: ONR explores ways to trim software bloat, improve security

July 12, 2016

ARLINGTON, Va.--Have you ever upgraded your software program or app, only to find it didn't seem to perform as well as the older version? The problem most likely was caused by software bloat, a condition where updated software runs slower because of repetitive code, requiring more memory--and becoming more vulnerable to cyber attacks.

"Software bloat isn't only a nuisance or inconvenience," said Dr. Sukarno Mertoguno, a program officer in the Office of Naval Research's (ONR) C4ISR Department. "It also presents a serious security risk, since the additional code could offer hackers more entry points into a software program."

Security is especially important given ONR's current efforts to design the Naval Tactical Cloud--a multiyear initiative to harness the power of cloud computing and bring big data capabilities to the warfighting environment.

To ensure the Navy's cloud and other computing efforts run more securely and efficiently, ONR is supporting the work of researchers like Dr. Dinghao Wu at Pennsylvania State University and Dr. Harry Xu at the University of California, Irvine.

Software bloat is a big problem today because of how code is written and compiled. Past generations of coders wrote new, individualized code for each program upgrade, adding only what was needed to improve performance.

Thanks to voracious consumer appetites for software features and faster product rollouts, modern coders use pre-made libraries to meet demand. The problem is these libraries contain both the new code and the repetitive code from previous software versions. Downloading the libraries actually installs both sets of code in an upgrade--creating layers of redundant, unused and outdated functions that slow down computer running time.

Then there's the security issue. "A bloated software system contains a larger code base that could lead to more vulnerabilities and greater entry platforms for hackers and cyber terrorists," said Wu. "After gaining access to a system, a hacker can use the code--even unused, older code--for malicious purposes."

Using Java, among the world's most widely used computer programming languages, Wu and his team at Penn State created a tool called JRed, which can read thousands of lines of code in seconds. Through a complex algorithm, JRed applies predefined rules to the code of software upgrades and then identifies and removes bloated, repetitive code. JRed has demonstrated it can shrink software bloat by approximately 50 percent, resulting in faster running times.

Xu and his group at UC Irvine also used Java in their research. However, they designed an optimization technique called Library Auto-Selection, or LAS.

LAS creates "shadow libraries" that can update existing software by pinpointing areas of bloat and adding only the necessary code and data needed for upgrade--skipping the repetitive code. The shadow library then is disabled through an automatic switch mechanism, eliminating the risk of repetition or cyber attack. Xu said his LAS method has trimmed software bloat significantly and improved run time speed by more than 70 percent.

"Aside from concerns about effectiveness and cost savings, reducing software bloat is critical to the capabilities of the Navy and Marine Corps," said Xu. "Military-focused software plays such a large role in the warfighting environment--from carrying out mission-critical tasks to managing confidential data--and must be even more resistant to cyber attacks than software available to the public."

The next step in Wu's and Xu's research involves cutting software bloat in mobile applications and large-scale cloud-computing networks. Their work is part of ONR's Cyber Security and Complex Software Systems Program, which focuses on the design and construction of software systems that meet required assurances for security, safety, reliability and performance.
-end-


Office of Naval Research

Related Cloud Computing Articles:

Analysis of human genomes in the cloud
Scientists from EMBL present a tool for large-scale analysis of genomic data with cloud computing.
Quantum cloud computing with self-check
With a quantum coprocessor in the cloud, physicists from Innsbruck, Austria, open the door to the simulation of previously unsolvable problems in chemistry, materials research or high-energy physics.
Storage beyond the cloud
As the data boom continues to boom, more and more information gets filed in less and less space.
The secret life of cloud droplets
Do water droplets cluster inside clouds? Researchers confirm two decades of theory with an airborne imaging instrument.
Cloud computing load balancing based on ant colony algorithms improves performance
The criticality of certain sectors, as well as the requirement of users, involve Cloud providers to guarantee a high level of performance.
Army researcher minimizes the impact of cyber-attacks in cloud computing
Through a collaborative research effort, an Army researcher has made a novel contribution to cloud security and the management of cyberspace risks.
'Cloud computing' takes on new meaning for scientists
Clouds may be wispy puffs of water vapor drifting through the sky, but they're heavy lifting computationally for scientists wanting to factor them into climate simulations.
Space cloud discovery
No one has ever seen what Case Western Reserve University astronomers first observed using a refurbished 75-year-old telescope in the Arizona mountains.
How far to go for satellite cloud image forecasting into operation
Simulated satellite cloud images not only have the visualization of cloud imagery, but also can reflect more information about the model.
Study: How to calculate pricing and resources for cloud computing
Researchers in the University at Buffalo School of Management have developed a new algorithm that cloud computing service providers can use to establish pricing and allocate resources.
More Cloud Computing News and Cloud Computing Current Events

Trending Science News

Current Coronavirus (COVID-19) News

Top Science Podcasts

We have hand picked the top science podcasts of 2020.
Now Playing: TED Radio Hour

Climate Mindset
In the past few months, human beings have come together to fight a global threat. This hour, TED speakers explore how our response can be the catalyst to fight another global crisis: climate change. Guests include political strategist Tom Rivett-Carnac, diplomat Christiana Figueres, climate justice activist Xiye Bastida, and writer, illustrator, and artist Oliver Jeffers.
Now Playing: Science for the People

#562 Superbug to Bedside
By now we're all good and scared about antibiotic resistance, one of the many things coming to get us all. But there's good news, sort of. News antibiotics are coming out! How do they get tested? What does that kind of a trial look like and how does it happen? Host Bethany Brookeshire talks with Matt McCarthy, author of "Superbugs: The Race to Stop an Epidemic", about the ins and outs of testing a new antibiotic in the hospital.
Now Playing: Radiolab

Speedy Beet
There are few musical moments more well-worn than the first four notes of Beethoven's Fifth Symphony. But in this short, we find out that Beethoven might have made a last-ditch effort to keep his music from ever feeling familiar, to keep pushing his listeners to a kind of psychological limit. Big thanks to our Brooklyn Philharmonic musicians: Deborah Buck and Suzy Perelman on violin, Arash Amini on cello, and Ah Ling Neu on viola. And check out The First Four Notes, Matthew Guerrieri's book on Beethoven's Fifth. Support Radiolab today at Radiolab.org/donate.