SummSlim: A Universal and Automated Approach for Debloating Container Images

• Published in: Proceedings - International Conference on Parallel and Distributed Systems pp. 132 - 141
• Main Authors: Zhang, Zhicong, Huang, Heqing, Xu, Shaowen, Zhou, Qihang, Zhang, Tianshu, Jia, Xiaoqi, Zhang, Weijuan
• Format: Conference Proceeding
• Language: English
• Published: IEEE 10.10.2024
• Subjects: Aerodynamics; Cloud computing; Containers; Libraries; Prototypes; Resource management; Reviews; Security; Streaming media; Testing
• ISSN: 2690-5965
• DOI: 10.1109/ICPADS63350.2024.00027

Container technology has become a cornerstone of cloud computing, offering notable benefits such as enhanced resource utilization and streamlined deployment processes. The adoption of container technology by leading cloud service providers has steadily increased over the years. However, during the image construction phase, the reuse of base images and the execution of certain commands often results in the retention of redundant files, leading to resource wastage and potential security vulnerabilities. In this research, we systematically review and analyze existing methodologies, identify shortcomings in current approaches, and propose an automated image debloating tool named SummSlim according to the characteristics of the container image construction process. We selected 195 official images from Docker Hub for testing and evaluated the effectiveness of SummSlim with a success rate of 98.46 \%. Then we compare and analyze the images before and after debloating, and make some novel suggestions for developers. To the best of our knowledge, SummSlim is the first practically available universal image debloating tool.