October 4-6 in Berlin, Germany
Register Now for LinuxCon+ContainerCon Europe
Thursday, October 6 • 17:00 - 17:50
Using Static Checkers to Find C Language Security Vulnerabilities in the Linux Kernel - Vaishali Thakkar, Linux Foundation

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Static code analysis is commonly understood to be an automatic check of source code by a tool. Hundreds of possible fault types have been identified in C code, such as uninitialized variables, buffer overflows, race conditions etc over the years. Since a major part of the Linux kernel is written in C, there is clearly a need for automatic checking for compliance with proper security-related idioms.

The talk will depict the most common security-related coding errors that can arise in the Linux kernel and how current static checkers are helping in finding/fixing them. The talk will give an overview of the available and most commonly used tools, including sparse, coccinelle, smatch, checkpatch, clang, coverity etc. It will also highlight the kind of security vulnerabilities each of these tools is best adapted to handle.

avatar for Vaishali Thakkar

Vaishali Thakkar

Linux kernel engineer, Freelancer
Vaishali Thakkar is a freelance kernel engineer and co-organizer of RGSoC. She has diverse interest in different areas/subsystems of Linux Kernel, including but not limited to I2C, Security, memory management. power management etc. She also volunteers as a coordinator for Linux Kernel... Read More →

Thursday October 6, 2016 17:00 - 17:50 CEST
Charlottenburg III