• Wang Y, Cheung S, Yu H and Zhu Z. (2025). Streamlining Software Bloated Dependencies. Managing Software Supply Chains. 10.1007/978-981-96-1797-5_6. (121-148).

    https://link.springer.com/10.1007/978-981-96-1797-5_6

  • Ruffy F, Wang Z, Antichi G, Panda A and Sivaraman A. Incremental Specialization of Network Programs. Proceedings of the 23rd ACM Workshop on Hot Topics in Networks. (264-272).

    https://doi.org/10.1145/3696348.3696870

  • He J, Hou P, Yu J, Qi J, Sun Y, Li L, Zhao R and Wu Y. D-Linker: Debloating Shared Libraries by Relinking From Object Files. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems. 10.1109/TCAD.2024.3446712. 43:11. (3768-3779).

    https://ieeexplore.ieee.org/document/10745870/

  • Blumschein C, Niephaus F, Stancu C, Wimmer C, Lincke J and Hirschfeld R. Finding Cuts in Static Analysis Graphs to Debloat Software. Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis. (603-614).

    https://doi.org/10.1145/3650212.3680306

  • Brown M, Meily A, Fairservice B, Sood A, Dorn J, Bits T and Eytchison R. A broad comparative evaluation of software debloating tools. Proceedings of the 33rd USENIX Conference on Security Symposium. (3927-3943).

    /doi/10.5555/3698900.3699120

  • Drosos G, Sotiropoulos T, Spinellis D and Mitropoulos D. (2024). Bloat beneath Python’s Scales: A Fine-Grained Inter-Project Dependency Analysis. Proceedings of the ACM on Software Engineering. 1:FSE. (2584-2607). Online publication date: 12-Jul-2024.

    https://doi.org/10.1145/3660821

  • Song X, Wang Y, Cheng X, Liang G, Wang Q and Zhu Z. Efficiently Trimming the Fat: Streamlining Software Dependencies with Java Reflection and Dependency Analysis. Proceedings of the IEEE/ACM 46th International Conference on Software Engineering. (1-12).

    https://doi.org/10.1145/3597503.3639123

  • Modi A, Tikmany R, Malik T, Komondoor R, Gehani A and D'Souza D. (2024). Kondo: Efficient Provenance-Driven Data Debloating 2024 IEEE 40th International Conference on Data Engineering (ICDE). 10.1109/ICDE60146.2024.00377. 979-8-3503-1715-2. (4965-4978).

    https://ieeexplore.ieee.org/document/10598013/

  • Tikmany R, Modi A, Atiq R, Reyad M, Gehani A and Malik T. (2024). Access-Based Carving of Data for Efficient Reproducibility of Containers 2024 IEEE 24th International Symposium on Cluster, Cloud and Internet Computing (CCGrid). 10.1109/CCGrid59990.2024.00068. 979-8-3503-9566-2. (557-566).

    https://ieeexplore.ieee.org/document/10701352/

  • Thung F, Liu J, Rattanukul P, Maoz S, Toch E, Gao D and Lo D. Towards Speedy Permission-Based Debloating for Android Apps. Proceedings of the IEEE/ACM 11th International Conference on Mobile Software Engineering and Systems. (84-87).

    https://doi.org/10.1145/3647632.3651390

  • Mak C and Cheung S. (2024). Automatic build repair for test cases using incompatible java versions. Information and Software Technology. 10.1016/j.infsof.2024.107473. (107473). Online publication date: 1-Apr-2024.

    https://linkinghub.elsevier.com/retrieve/pii/S0950584924000788

  • Yang S, Kang B and Nam J. (2024). Optimus: association-based dynamic system call filtering for container attack surface reduction. Journal of Cloud Computing. 10.1186/s13677-024-00639-3. 13:1.

    https://journalofcloudcomputing.springeropen.com/articles/10.1186/s13677-024-00639-3

  • Lukaszewski D and Xie G. Software Defined Layer 4.5 Customization for Agile Network Operation. IEEE Transactions on Network and Service Management. 10.1109/TNSM.2023.3288875. 21:1. (35-50).

    https://ieeexplore.ieee.org/document/10160190/

  • Ali M, Muzammil M, Karim F, Naeem A, Haroon R, Haris M, Nadeem H, Sabir W, Shaon F, Zaffar F, Yegneswaran V, Gehani A and Rahaman S. (2024). SoK: A Tale of Reduction, Security, and Correctness - Evaluating Program Debloating Paradigms and Their Compositions. Computer Security – ESORICS 2023. 10.1007/978-3-031-51482-1_12. (229-249).

    https://link.springer.com/10.1007/978-3-031-51482-1_12

  • Wang X, Hui T, Zhao L and Cheng Y. Input-Driven Dynamic Program Debloating for Code-Reuse Attack Mitigation. Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering. (934-946).

    https://doi.org/10.1145/3611643.3616274

  • Mahurkar A, Wang X, Zhang H and Ravindran B. DynaCut. Proceedings of the 24th International Middleware Conference. (275-287).

    https://doi.org/10.1145/3590140.3629121

  • Ali M, Habib R, Gehani A, Rahaman S and Uzmi Z. (2023). BLADE: Towards Scalable Source Code Debloating 2023 IEEE Secure Development Conference (SecDev). 10.1109/SecDev56634.2023.00022. 979-8-3503-3132-5. (75-87).

    https://ieeexplore.ieee.org/document/10305561/

  • Wang G, Wu Y, Zhu Q, Xiong Y, Zhang X and Zhang L. (2023). A Probabilistic Delta Debugging Approach for Abstract Syntax Trees 2023 IEEE 34th International Symposium on Software Reliability Engineering (ISSRE). 10.1109/ISSRE59848.2023.00060. 979-8-3503-1594-3. (763-773).

    https://ieeexplore.ieee.org/document/10299940/

  • Liu X, Wen J, Chen Z, Li D, Chen J, Liu Y, Wang H and Jin X. (2023). FaaSLight: General Application-level Cold-start Latency Optimization for Function-as-a-Service in Serverless Computing. ACM Transactions on Software Engineering and Methodology. 32:5. (1-29). Online publication date: 30-Sep-2023.

    https://doi.org/10.1145/3585007

  • Turcotte A, Gokhale S and Tip F. (2023). Increasing the Responsiveness of Web Applications by Introducing Lazy Loading 2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE). 10.1109/ASE56229.2023.00192. 979-8-3503-2996-4. (459-470).

    https://ieeexplore.ieee.org/document/10298421/

  • Gharachorlu G and Sumner N. Type Batched Program Reduction. Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis. (398-410).

    https://doi.org/10.1145/3597926.3598065

  • Rommel F, Dietrich C, Ziegler A, Ostapyshyn I and Lohmann D. Thread-Level Attack-Surface Reduction. Proceedings of the 24th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems. (64-75).

    https://doi.org/10.1145/3589610.3596281

  • Kellas A, Cao A, Goodman P and Yang J. (2023). Divergent Representations: When Compiler Optimizations Enable Exploitation 2023 IEEE Security and Privacy Workshops (SPW). 10.1109/SPW59333.2023.00035. 979-8-3503-1236-2. (337-348).

    https://ieeexplore.ieee.org/document/10188620/

  • Navas J and Gehani A. (2023). OCCAM-v2: Combining Static and Dynamic Analysis for Effective and Efficient Whole-Program Specialization. Communications of the ACM. 66:4. (40-47). Online publication date: 1-Apr-2023.

    https://doi.org/10.1145/3583112

  • Soto-Valero C, Durieux T, Harrand N and Baudry B. (2023). Coverage-Based Debloating for Java Bytecode. ACM Transactions on Software Engineering and Methodology. 32:2. (1-34). Online publication date: 31-Mar-2023.

    https://doi.org/10.1145/3546948

  • Tërnava X, Acher M and Combemale B. Specialization of Run-time Configuration Space at Compile-time: An Exploratory Study. Proceedings of the 38th ACM/SIGAPP Symposium on Applied Computing. (1459-1468).

    https://doi.org/10.1145/3555776.3578613

  • Porter C, Khan S and Pande S. Decker: Attack Surface Reduction via On-Demand Code Mapping. Proceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 2. (192-206).

    https://doi.org/10.1145/3575693.3575734

  • Niddodi C, Gehani A, Malik T, Mohan S and Rilee M. IOSPReD: I/O Specialized Packaging of Reduced Datasets and Data-Intensive Applications for Efficient Reproducibility. IEEE Access. 10.1109/ACCESS.2022.3233787. 11. (1718-1731).

    https://ieeexplore.ieee.org/document/10004923/

  • Tang Y, Zhou H, Luo X, Chen T, Wang H, Xu Z and Cai Y. XDebloat: Towards Automated Feature-Oriented App Debloating. IEEE Transactions on Software Engineering. 10.1109/TSE.2021.3120213. 48:11. (4501-4520).

    https://ieeexplore.ieee.org/document/9573340/

  • Navas J and Gehani A. (2022). OCCAM-v2: Combining Static and Dynamic Analysis for Effective and Efficient Whole-program Specialization. Queue. 20:5. (58-85). Online publication date: 31-Oct-2022.

    https://doi.org/10.1145/3570922

  • Xin Q, Zhang Q and Orso A. Studying and Understanding the Tradeoffs Between Generality and Reduction in Software Debloating. Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering. (1-13).

    https://doi.org/10.1145/3551349.3556970

  • Olszewski D, Zhu W, Sathyanarayana S, Butler K and Traynor P. (2022). HallMonitor: A Framework for Identifying Network Policy Violations in Software 2022 IEEE Conference on Communications and Network Security (CNS). 10.1109/CNS56114.2022.9947243. 978-1-6654-6255-6. (245-253).

    https://ieeexplore.ieee.org/document/9947243/

  • Ahmad A, Noor A, Sharif H, Hameed U, Asif S, Anwar M, Gehani A, Zaffar F and Siddiqui J. Trimmer: An Automated System for Configuration-Based Software Debloating. IEEE Transactions on Software Engineering. 10.1109/TSE.2021.3095716. 48:9. (3485-3505).

    https://ieeexplore.ieee.org/document/9478582/

  • Huang K, Chen B, Xu C, Wang Y, Shi B, Peng X, Wu Y and Liu Y. (2022). Characterizing usages, updates and risks of third-party libraries in Java projects. Empirical Software Engineering. 27:4. Online publication date: 1-Jul-2022.

    https://doi.org/10.1007/s10664-022-10131-8

  • Lukaszewski D and Xie G. (2022). Towards Software Defined Layer 4.5 Customization 2022 IEEE 8th International Conference on Network Softwarization (NetSoft). 10.1109/NetSoft54395.2022.9844096. 978-1-6654-0694-9. (330-338).

    https://ieeexplore.ieee.org/document/9844096/

  • Tërnava X, Acher M, Lesoil L, Blouin A and Jézéquel J. Scratching the Surface of ./configure: Learning the Effects of Compile-Time Options on Binary Size and Gadgets. Reuse and Software Quality. (41-58).

    https://doi.org/10.1007/978-3-031-08129-3_3

  • Alhanahnah M, Jain R, Rastogi V, Jha S and Reps T. (2022). Lightweight, Multi-Stage, Compiler-Assisted Application Specialization 2022 IEEE 7th European Symposium on Security and Privacy (EuroS&P). 10.1109/EuroSP53844.2022.00024. 978-1-6654-1614-6. (251-269).

    https://ieeexplore.ieee.org/document/9797349/

  • Pashakhanloo P, Machiry A, Choi H, Canino A, Heo K, Lee I and Naik M. PacJam. Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security. (903-916).

    https://doi.org/10.1145/3488932.3524054

  • Williams R, Ren T, De Carli L, Lu L and Smith G. (2021). Guided Feature Identification and Removal for Resource-constrained Firmware. ACM Transactions on Software Engineering and Methodology. 31:2. (1-25). Online publication date: 30-Apr-2022.

    https://doi.org/10.1145/3487568

  • Zhang H, Ren M, Lei Y and Ming J. One size does not fit all: security hardening of MIPS embedded systems via static binary debloating for shared libraries. Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems. (255-270).

    https://doi.org/10.1145/3503222.3507768

  • Ye R, Liu L, Hu S, Zhu F, Yang J and Wang F. (2022). JSLIM: Reducing the Known Vulnerabilities of JavaScript Application by Debloating. Emerging Information Security and Applications. 10.1007/978-3-030-93956-4_8. (128-143).

    https://link.springer.com/10.1007/978-3-030-93956-4_8

  • Yagemann C, Chung S, Saltaformaggio B and Lee W. Automated Bug Hunting With Data-Driven Symbolic Root Cause Analysis. Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. (320-336).

    https://doi.org/10.1145/3460120.3485363

  • Soto-Valero C, Durieux T and Baudry B. A longitudinal analysis of bloated Java dependencies. Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. (1021-1031).

    https://doi.org/10.1145/3468264.3468589

  • Sjoholmsierchio M, Hale B, Lukaszewski D and Xie G. (2021). Strengthening SDN Security: Protocol Dialecting and Downgrade Attacks 2021 IEEE 7th International Conference on Network Softwarization (NetSoft). 10.1109/NetSoft51509.2021.9492614. 978-1-6654-0522-5. (321-329).

    https://ieeexplore.ieee.org/document/9492614/

  • Soto-Valero C, Harrand N, Monperrus M and Baudry B. (2021). A comprehensive study of bloated dependencies in the Maven ecosystem. Empirical Software Engineering. 26:3. Online publication date: 1-May-2021.

    https://doi.org/10.1007/s10664-020-09914-8

  • Biswas P, Burow N and Payer M. Code Specialization through Dynamic Feature Observation. Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy. (257-268).

    https://doi.org/10.1145/3422337.3447844

  • Xin Q, Kim M, Zhang Q and Orso A. Subdomain-based generality-aware debloating. Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering. (224-236).

    https://doi.org/10.1145/3324884.3416644

  • Zhang Q, Wang J, Gulzar M, Padhye R and Kim M. BigFuzz. Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering. (722-733).

    https://doi.org/10.1145/3324884.3416641

  • Bartell S, Dietz W and Adve V. (2020). Guided linking: dynamic linking without the costs. Proceedings of the ACM on Programming Languages. 4:OOPSLA. (1-29). Online publication date: 13-Nov-2020.

    https://doi.org/10.1145/3428213

  • Bruce B, Zhang T, Arora J, Xu G and Kim M. JShrink: in-depth investigation into debloating modern Java applications. Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. (135-146).

    https://doi.org/10.1145/3368089.3409738

  • Qian C, Koo H, Oh C, Kim T and Lee W. Slimium: Debloating the Chromium Browser with Feature Subsetting. Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. (461-476).

    https://doi.org/10.1145/3372297.3417866

  • Wang Y, Chen B, Huang K, Shi B, Xu C, Peng X, Wu Y and Liu Y. (2020). An Empirical Study of Usages, Updates and Risks of Third-Party Libraries in Java Projects 2020 IEEE International Conference on Software Maintenance and Evolution (ICSME). 10.1109/ICSME46990.2020.00014. 978-1-7281-5619-4. (35-45).

    https://ieeexplore.ieee.org/document/9240619/

  • Mishra S and Polychronakis M. (2020). Saffire: Context-sensitive Function Specialization against Code Reuse Attacks 2020 IEEE European Symposium on Security and Privacy (EuroS&P). 10.1109/EuroSP48549.2020.00010. 978-1-7281-5087-1. (17-33).

    https://ieeexplore.ieee.org/document/9230416/

  • Ghavamnia S, Palit T, Mishra S and Polychronakis M. Temporal system call specialization for attack surface reduction. Proceedings of the 29th USENIX Conference on Security Symposium. (1749-1766).

    /doi/10.5555/3489212.3489311

  • Xin Q, Kim M, Zhang Q and Orso A. Program debloating via stochastic optimization. Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering: New Ideas and Emerging Results. (65-68).

    https://doi.org/10.1145/3377816.3381739

  • Niddodi C, Gehani A, Malik T, Navas J and Mohan S. MiDas: Containerizing Data-Intensive Applications with I/O Specialization. Proceedings of the 3rd International Workshop on Practical Reproducible Evaluation of Computer Systems. (21-25).

    https://doi.org/10.1145/3391800.3398174

  • Porter C, Mururu G, Barua P and Pande S. BlankIt library debloating: getting what you want instead of cutting what you don’t. Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation. (164-180).

    https://doi.org/10.1145/3385412.3386017

  • Kuo H, Williams D, Koller R and Mohan S. A Linux in unikernel clothing. Proceedings of the Fifteenth European Conference on Computer Systems. (1-15).

    https://doi.org/10.1145/3342195.3387526

  • Agadakos I, Jin D, Williams-King D, Kemerlis V and Portokalidis G. Nibbler. Proceedings of the 35th Annual Computer Security Applications Conference. (70-83).

    https://doi.org/10.1145/3359789.3359823

  • Quach A and Prakash A. Bloat Factors and Binary Specialization. Proceedings of the 3rd ACM Workshop on Forming an Ecosystem Around Software Transformation. (31-38).

    https://doi.org/10.1145/3338502.3359765

  • Brown M and Pande S. CARVE. Proceedings of the 3rd ACM Workshop on Forming an Ecosystem Around Software Transformation. (1-7).

    https://doi.org/10.1145/3338502.3359764

  • Ziegler A, Geus J, Heinloth B, Hönig T and Lohmann D. (2019). Honey, I Shrunk the ELFs. ACM Transactions on Embedded Computing Systems. 18:5s. (1-23). Online publication date: 31-Oct-2019.

    https://doi.org/10.1145/3358222

  • Qian C, Hu H, Alharthi M, Chung P, Kim T and Lee W. RAZOR. Proceedings of the 28th USENIX Conference on Security Symposium. (1733-1750).

    /doi/10.5555/3361338.3361459

  • Azad B, Laperdrix P and Nikiforakis N. Less is more. Proceedings of the 28th USENIX Conference on Security Symposium. (1697-1714).

    /doi/10.5555/3361338.3361456

  • Brown M and Pande S. Is less really more? towards better metrics for measuring security improvements realized through software debloating. Proceedings of the 12th USENIX Conference on Cyber Security Experimentation and Test. (5-5).

    /doi/10.5555/3359012.3359017

  • Koo H, Ghavamnia S and Polychronakis M. Configuration-Driven Software Debloating. Proceedings of the 12th European Workshop on Systems Security. (1-6).

    https://doi.org/10.1145/3301417.3312501

  • Davidsson N, Pawlowski A and Holz T. (2019). Towards Automated Application-Specific Software Stacks. Computer Security – ESORICS 2019. 10.1007/978-3-030-29962-0_5. (88-109).

    http://link.springer.com/10.1007/978-3-030-29962-0_5

  • Redini N, Wang R, Machiry A, Shoshitaishvili Y, Vigna G and Kruegel C. (2019). BinTrimmer: Towards Static Binary Debloating Through Abstract Interpretation. Detection of Intrusions and Malware, and Vulnerability Assessment. 10.1007/978-3-030-22038-9_23. (482-501).

    http://link.springer.com/10.1007/978-3-030-22038-9_23