This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
October 4-6 in Berlin, Germany
Register Now for LinuxCon+ContainerCon Europe
View analytic
Thursday, October 6 • 17:00 - 17:50
Using Static Checkers to Find C Language Security Vulnerabilities in the Linux Kernel - Vaishali Thakkar, Linux Foundation

Sign up or log in to save this to your schedule and see who's attending!

Static code analysis is commonly understood to be an automatic check of source code by a tool. Hundreds of possible fault types have been identified in C code, such as uninitialized variables, buffer overflows, race conditions etc over the years. Since a major part of the Linux kernel is written in C, there is clearly a need for automatic checking for compliance with proper security-related idioms.

The talk will depict the most common security-related coding errors that can arise in the Linux kernel and how current static checkers are helping in finding/fixing them. The talk will give an overview of the available and most commonly used tools, including sparse, coccinelle, smatch, checkpatch, clang, coverity etc. It will also highlight the kind of security vulnerabilities each of these tools is best adapted to handle.

avatar for Vaishali Thakkar

Vaishali Thakkar

Linux kernel engineer, Oracle
Vaishali Thakkar is working as a Linux Kernel engineer at Oracle. She works on memory management part of the kernel and a tool Coccinelle to find/fix bugs in the Linux kernel. She previously worked as an Outreachy intern on project Coccinelle. Her area of interest includes embedded systems, operating systems and computer architecture.

Thursday October 6, 2016 17:00 - 17:50
Charlottenburg III
  • Experience Level Any