Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
October 4-6 in Berlin, Germany
Register Now for LinuxCon+ContainerCon Europe
View analytic
Thursday, October 6 • 17:00 - 17:50
Using Static Checkers to Find C Language Security Vulnerabilities in the Linux Kernel - Vaishali Thakkar, Linux Foundation

Sign up or log in to save this to your schedule and see who's attending!

Static code analysis is commonly understood to be an automatic check of source code by a tool. Hundreds of possible fault types have been identified in C code, such as uninitialized variables, buffer overflows, race conditions etc over the years. Since a major part of the Linux kernel is written in C, there is clearly a need for automatic checking for compliance with proper security-related idioms.

The talk will depict the most common security-related coding errors that can arise in the Linux kernel and how current static checkers are helping in finding/fixing them. The talk will give an overview of the available and most commonly used tools, including sparse, coccinelle, smatch, checkpatch, clang, coverity etc. It will also highlight the kind of security vulnerabilities each of these tools is best adapted to handle.

Speakers
avatar for Vaishali Thakkar

Vaishali Thakkar

Linux kernel engineer, Oracle
Vaishali Thakkar works as a Linux kernel enginner at Oracle. She mainly works on memory management and security part of the Linux kernel. She has diverse interest in operating system/embedded system related fields and often finds herself tinkering around static/dynamic analysis t... Read More →


Thursday October 6, 2016 17:00 - 17:50
Charlottenburg III
  • Experience Level Any