ONR looks to take the bloat out of software upgrades

Navy researchers are taking aim at a common problem that can make software programs run more slowly while also making them more vulnerable to attack—software bloat.

Software bloat isn’t quite the same as bloated software, a complaint users have leveled, for instance, at some previous versions of Microsoft Windows that were deemed too big to work efficiently. Instead, it’s the result of upgrades intended to improve software performance and/or boost security actually hurting both.

The problem grows out of increasing demand for new features to arrive more quickly, the Office of naval Research said in a release. So instead of writing individual code for each upgrade, programmers now use software libraries that contain both the old a new code, thus including old, unused code that can slow things down because it’s using more memory than necessary , while also raising security risks.

“Software bloat isn’t only a nuisance or inconvenience,” Dr. Sukarno Mertoguno, a program officer in ONR’s C4ISR Department, said. “It also presents a serious security risk, since the additional code could offer hackers more entry points into a software program.”

ONR, citing the security aspects of operating the Navy’s Naval Tactical Cloud, is working with researchers such as Dr. Dinghao Wu at Pennsylvania State University and Dr. Harry Xu at the University of California, Irvine, to find ways to make software more secure and efficient.

Wu and his Penn State team have created a Java-based tool called JRed, which can read thousands of lines of code in a matter of seconds and uses a complex algorithm to remove repetitive code, ONR said. JRed can cut the amount of software bloat by about 50 percent.

Xu and researchers at UC Irvine, meanwhile, have developed Library Auto-Selection, or LAS, an optimization technique, creating what researchers call shadow libraries that identify bloat and add only the code necessary for the upgrade. ONR said LAS have reduced software bloat significantly while shortening the run time of upgrades by about 70 percent.

Next up for the researchers: reducing bloat in mobile applications and large cloud networks, two things the military is relying on  more and more.

“Aside from concerns about effectiveness and cost savings, reducing software bloat is critical to the capabilities of the Navy and Marine Corps,” said Xu. “Military-focused software plays such a large role in the warfighting environment—from carrying out mission-critical tasks to managing confidential data—and must be even more resistant to cyber attacks than software available to the public.”