Linux Security Summit 2012/Abstracts/Cook

From Linux Kernel Security Subsystem
Revision as of 04:24, 27 June 2012 by JamesMorris (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Title

Finding kernel vulnerabilities using Coccinelle

Presenter

Kees Cook, Google

Abstract

The "spatch" tool gets a lot of use in the kernel already for making wide changes, or for finding bugs and anti-patterns. Finding security flaws is, of course, also possible. This presentation will show how several Coccinelle rules were developed and used in finding various kernel vulnerabilities both large (CVE-2010-2962, CVE-2010-2963) and small (CVE-2010-4655, CVE-2010-4656). Finally, we will open a discussion on how to continue to expand the corpus and keep it running against new kernel releases.

Personal tools
Namespaces

Variants
Actions
Navigation
Tools