October 4-6 in Berlin, Germany
Register Now for LinuxCon+ContainerCon Europe
View analytic
Thursday, October 6 • 17:00 - 17:50
Using Static Checkers to Find C Language Security Vulnerabilities in the Linux Kernel - Vaishali Thakkar, Linux Foundation

Sign up or log in to save this to your schedule and see who's attending!

Static code analysis is commonly understood to be an automatic check of source code by a tool. Hundreds of possible fault types have been identified in C code, such as uninitialized variables, buffer overflows, race conditions etc over the years. Since a major part of the Linux kernel is written in C, there is clearly a need for automatic checking for compliance with proper security-related idioms.

The talk will depict the most common security-related coding errors that can arise in the Linux kernel and how current static checkers are helping in finding/fixing them. The talk will give an overview of the available and most commonly used tools, including sparse, coccinelle, smatch, checkpatch, clang, coverity etc. It will also highlight the kind of security vulnerabilities each of these tools is best adapted to handle.

avatar for Vaishali Thakkar

Vaishali Thakkar

Linux kernel engineer, Oracle
Vaishali Thakkar is associated with RGSoC as a co-organizer and a core-selection committee member since last 2 years. She works as a Linux kernel enginner at Oracle. She mainly works on memory management and security part of the Linux kernel and have diverse interest in operating... Read More →

Thursday October 6, 2016 17:00 - 17:50
Charlottenburg III
  • Experience Level Any