Eliminating Vulnerabilities by Disabling Unwanted Functionality in Binary Programs.

Driven by application diversification and market needs, software systems are integrating new features rapidly. However, this "feature creep" can compromise software security, as more code carries the risk of more vulnerabilities. This paper presents a system for disabling features activated by common input types, using a component called F-detector to detect feature-associated program control flow branches. The system includes a second component called F-blocker to disable features without disrupting application continuity. It does so by treating unwanted features as unexpected errors and leveraging error virtualization to recover execution, by redirecting it to appropriate existing error handling code. We implemented and evaluated the system on the Linux platform using 145 features from 9 programs, and results show that it can detect and disable all features with few errors, hence, outperforming previous works in terms of vulnerability mitigation through debloating.