ConMonitor: Lightweight Container Protection with Virtualization and VM Functions

In this research, we systematically review and analyze existing methodologies, identifying shortcomings in current approaches, and propose an automated image debloating tool named SummSlim according to the characteristics of the container image construction process. We selected 195 official images from Docker Hub for testing and evaluated the effectiveness of SummSlim with a success rate of 98.46%. Then we compare and analyze the images before and after debloating, and make some novel suggestions for developers.