Difference between revisions of "Active Projects"
CoreyBryant (talk | contribs) |
|||
(8 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
The [[Linux Security Workgroup]] has put together this page in an effort to bring the Linux security community together in hardening the Linux Kernel and to help prevent duplication of efforts. There are a number of active Linux Kernel hardening projects and this page gives details on some of them | The [[Linux Security Workgroup]] has put together this page in an effort to bring the Linux security community together in hardening the Linux Kernel and to help prevent duplication of efforts. There are a number of active Linux Kernel hardening projects and this page gives details on some of them. | ||
= Static Analysis = | = Static Analysis = | ||
Line 15: | Line 15: | ||
[http://en.wikipedia.org/wiki/Coverity Coverity] provides static analysis tools for C, C++, and other languages. Red Hat's Coverity license allows results to be shared with upstream projects. | [http://en.wikipedia.org/wiki/Coverity Coverity] provides static analysis tools for C, C++, and other languages. Red Hat's Coverity license allows results to be shared with upstream projects. | ||
Run by: | Run by: Paul Moore at Red Hat against what trees? | ||
== Smatch == | == Smatch == | ||
Line 25: | Line 24: | ||
* Dan Carpenter - Running against linux-next x86_64 allmodconfig | * Dan Carpenter - Running against linux-next x86_64 allmodconfig | ||
* Fengguang Wu - Running against what trees? | * Fengguang Wu - Running against what trees? | ||
= Dynamic Analysis = | |||
== kmemcheck, kmemleak == | |||
Linux Kernel debugging features for detecting memory issues. | |||
Run by: ? | |||
== KEDR == | |||
[http://kedr.berlios.de/ KEDR] provides runtime analysis of Linux kernel modules including device drivers, file system modules, etc. | |||
Run by: ? | |||
= Fuzz Testing = | = Fuzz Testing = | ||
Line 32: | Line 45: | ||
[http://codemonkey.org.uk/projects/trinity/ Trinity] is a Linux system call fuzzer. | [http://codemonkey.org.uk/projects/trinity/ Trinity] is a Linux system call fuzzer. | ||
Run by: | Run by: Dave Jones and Fengguang Wu | ||
== Metasploit == | |||
[http://www.metasploit.com/ Metasploit] software is used for identifying security issues. It includes many capabilities, including fuzzer support. | |||
Run by: ? | |||
= Development = | = Development = | ||
== ASLR for kernel code == | |||
Kernel text and module base address now randomized on x86. Next will be arm64 and arm. | |||
Project Owner: Google, Linaro |
Latest revision as of 22:46, 4 November 2015
The Linux Security Workgroup has put together this page in an effort to bring the Linux security community together in hardening the Linux Kernel and to help prevent duplication of efforts. There are a number of active Linux Kernel hardening projects and this page gives details on some of them.
Static Analysis
Coccinelle
Coccinelle is a tool for matching and fixing source code for C, C++, and other languages.
Run by:
- Fengguang Wu - Running against what trees?
- Artem Bityutskiy - Running against what trees?
Coverity
Coverity provides static analysis tools for C, C++, and other languages. Red Hat's Coverity license allows results to be shared with upstream projects.
Run by: Paul Moore at Red Hat against what trees?
Smatch
Smatch is a static analysis tool for C.
Run by:
- Dan Carpenter - Running against linux-next x86_64 allmodconfig
- Fengguang Wu - Running against what trees?
Dynamic Analysis
kmemcheck, kmemleak
Linux Kernel debugging features for detecting memory issues.
Run by: ?
KEDR
KEDR provides runtime analysis of Linux kernel modules including device drivers, file system modules, etc.
Run by: ?
Fuzz Testing
Trinity
Trinity is a Linux system call fuzzer.
Run by: Dave Jones and Fengguang Wu
Metasploit
Metasploit software is used for identifying security issues. It includes many capabilities, including fuzzer support.
Run by: ?
Development
ASLR for kernel code
Kernel text and module base address now randomized on x86. Next will be arm64 and arm.
Project Owner: Google, Linaro