Difference between revisions of "Active Projects"

From Linux Kernel Security Subsystem
Jump to: navigation, search
m
(ASLR for kernel code)
 
(21 intermediate revisions by 2 users not shown)
Line 1: Line 1:
There are a number of active Linux Kernel hardening projects and this page gives details on some of them.
+
The [[Linux Security Workgroup]] has put together this page in an effort to bring the Linux security community together in hardening the Linux Kernel and to help prevent duplication of efforts. There are a number of active Linux Kernel hardening projects and this page gives details on some of them.
  
== Static Analysis ==
+
= Static Analysis =
  
= Coccinelle =
+
== Coccinelle ==
  
[http://en.wikipedia.org/wiki/Coccinelle_(software) Coccinelle] is a tool for matching and fixing source code.
+
[http://en.wikipedia.org/wiki/Coccinelle_(software) Coccinelle] is a tool for matching and fixing source code for C, C++, and other languages.
  
Who's running it: Fengguang Wu
+
Run by:
 +
* Fengguang Wu - Running against what trees?
 +
* Artem Bityutskiy - Running against what trees?
  
Targeted subsystems: ?
+
== Coverity ==
  
=== Coverity ===
+
[http://en.wikipedia.org/wiki/Coverity Coverity] provides static analysis tools for C, C++, and other languages.  Red Hat's Coverity license allows results to be shared with upstream projects.
  
Coverity provides static analysis tools for C, C++, and other languages.  Red Hat's Coverity license allows results to be shared with upstream projects.
+
Run by: Paul Moore at Red Hat against what trees?
  
Project page: Coverity is propietary.
+
== Smatch ==
  
Who's running it: ? (Red Hat)
+
[http://smatch.sourceforge.net/ Smatch] is a static analysis tool for C.
  
Targeted subsystems: ?
+
Run by:
 +
* Dan Carpenter - Running against linux-next x86_64 allmodconfig
 +
* Fengguang Wu - Running against what trees?
  
=== Smatch ===
+
= Dynamic Analysis =
  
Smatch is a static analysis tool for C.
+
== kmemcheck, kmemleak ==
  
Project page: http://repo.or.cz/w/smatch.git
+
Linux Kernel debugging features for detecting memory issues.
  
Who's running it: Dan Carpenter, Fengguang Wu
+
Run by: ?
  
Targeted subsystems: ?
+
== KEDR ==
  
== Fuzz Testing ==
+
[http://kedr.berlios.de/ KEDR] provides runtime analysis of Linux kernel modules including device drivers, file system modules, etc.
  
=== Trinity ===
+
Run by: ?
  
Trinity is a Linux system call fuzzer.
+
= Fuzz Testing =
  
Project page: http://codemonkey.org.uk/projects/trinity/
+
== Trinity ==
  
Who's running it: Dave Jones, Fengguang Wu
+
[http://codemonkey.org.uk/projects/trinity/ Trinity] is a Linux system call fuzzer.
 +
 
 +
Run by: Dave Jones and Fengguang Wu
 +
 
 +
== Metasploit ==
 +
 
 +
[http://www.metasploit.com/ Metasploit] software is used for identifying security issues.  It includes many capabilities, including fuzzer support.
 +
 
 +
Run by: ?
 +
 
 +
= Development =
 +
 
 +
== ASLR for kernel code ==
 +
 
 +
Kernel text and module base address now randomized on x86. Next will be arm64 and arm.
 +
 
 +
Project Owner: Google, Linaro

Latest revision as of 22:46, 4 November 2015

The Linux Security Workgroup has put together this page in an effort to bring the Linux security community together in hardening the Linux Kernel and to help prevent duplication of efforts. There are a number of active Linux Kernel hardening projects and this page gives details on some of them.

Static Analysis

Coccinelle

Coccinelle is a tool for matching and fixing source code for C, C++, and other languages.

Run by:

  • Fengguang Wu - Running against what trees?
  • Artem Bityutskiy - Running against what trees?

Coverity

Coverity provides static analysis tools for C, C++, and other languages. Red Hat's Coverity license allows results to be shared with upstream projects.

Run by: Paul Moore at Red Hat against what trees?

Smatch

Smatch is a static analysis tool for C.

Run by:

  • Dan Carpenter - Running against linux-next x86_64 allmodconfig
  • Fengguang Wu - Running against what trees?

Dynamic Analysis

kmemcheck, kmemleak

Linux Kernel debugging features for detecting memory issues.

Run by: ?

KEDR

KEDR provides runtime analysis of Linux kernel modules including device drivers, file system modules, etc.

Run by: ?

Fuzz Testing

Trinity

Trinity is a Linux system call fuzzer.

Run by: Dave Jones and Fengguang Wu

Metasploit

Metasploit software is used for identifying security issues. It includes many capabilities, including fuzzer support.

Run by: ?

Development

ASLR for kernel code

Kernel text and module base address now randomized on x86. Next will be arm64 and arm.

Project Owner: Google, Linaro