Difference between revisions of "Active Projects"

From Linux Kernel Security Subsystem
Jump to: navigation, search
m
m
Line 15: Line 15:
 
[http://en.wikipedia.org/wiki/Coverity Coverity] provides static analysis tools for C, C++, and other languages.  Red Hat's Coverity license allows results to be shared with upstream projects.
 
[http://en.wikipedia.org/wiki/Coverity Coverity] provides static analysis tools for C, C++, and other languages.  Red Hat's Coverity license allows results to be shared with upstream projects.
  
Run by:
+
Run by: Paul Moore at Red Hat against what trees?
* Paul Moore at Red Hat against what trees?
 
  
 
== Smatch ==
 
== Smatch ==
Line 32: Line 31:
 
[http://valgrind.org/ Valgrind] is an instrumentation framework for building dynamic analysis tools and there are Valgrind tools for automatically detecting many memory management and threading bugs.
 
[http://valgrind.org/ Valgrind] is an instrumentation framework for building dynamic analysis tools and there are Valgrind tools for automatically detecting many memory management and threading bugs.
  
Run by:
+
Run by: ?
* ?
 
  
 
= Fuzz Testing =
 
= Fuzz Testing =
Line 41: Line 39:
 
[http://codemonkey.org.uk/projects/trinity/ Trinity] is a Linux system call fuzzer.
 
[http://codemonkey.org.uk/projects/trinity/ Trinity] is a Linux system call fuzzer.
  
Run by:
+
Run by: Dave Jones and Fengguang Wu
* Dave Jones and Fengguang Wu are running Trinity.
 
  
 
== Metasploit ==
 
== Metasploit ==
Line 48: Line 45:
 
[http://www.metasploit.com/ Metasploit] software is used for identifying security issues.  It includes many capabilities, including fuzzer support.
 
[http://www.metasploit.com/ Metasploit] software is used for identifying security issues.  It includes many capabilities, including fuzzer support.
  
Run by:
+
Run by: ?
* ?
 
  
 
= Development =
 
= Development =
Line 55: Line 51:
 
== ASLR for kernel code ==
 
== ASLR for kernel code ==
  
Owner: Google
+
Project Owner: Google

Revision as of 22:14, 14 November 2012

The Linux Security Workgroup has put together this page in an effort to bring the Linux security community together in hardening the Linux Kernel and to help prevent duplication of efforts. There are a number of active Linux Kernel hardening projects and this page gives details on some of them. If you have an update for this page, please email the kernel-hardening mailing list at kernel-hardening@lists.openwall.com.

Static Analysis

Coccinelle

Coccinelle is a tool for matching and fixing source code for C, C++, and other languages.

Run by:

  • Fengguang Wu - Running against what trees?
  • Artem Bityutskiy - Running against what trees?

Coverity

Coverity provides static analysis tools for C, C++, and other languages. Red Hat's Coverity license allows results to be shared with upstream projects.

Run by: Paul Moore at Red Hat against what trees?

Smatch

Smatch is a static analysis tool for C.

Run by:

  • Dan Carpenter - Running against linux-next x86_64 allmodconfig
  • Fengguang Wu - Running against what trees?

Dynamic Analysis

Valgrind

Valgrind is an instrumentation framework for building dynamic analysis tools and there are Valgrind tools for automatically detecting many memory management and threading bugs.

Run by: ?

Fuzz Testing

Trinity

Trinity is a Linux system call fuzzer.

Run by: Dave Jones and Fengguang Wu

Metasploit

Metasploit software is used for identifying security issues. It includes many capabilities, including fuzzer support.

Run by: ?

Development

ASLR for kernel code

Project Owner: Google