Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

OS Dependability [clear filter]
Tuesday, October 27

12:00 GMT

The ELISA Project: Enabling Linux in Safety Applications - Lukas Bulwahn, BMW
There is a current industry trend to build fully autonomous systems. To reach this goal, industry must manage complex software systems with high performance, safety and security requirements. The operating system is non-differentiating in these systems and it is intended to be used multiple times over the whole product portfolio for a long time span. These conditions make it appealing to use Linux as a robust open-source operating system. Based on the results of the SIL2LinuxMP project, the Linux Foundation has initiated the ELISA (Enabling Linux In Safety Applications) Project in the beginning of 2019. The talk shall sketch goals of this collaboration, the first identified challenges of addressing safety aspects in the Linux kernel and the plan how to tackle them. Now, one and half years in movement, we can report our first steps and discussion results, go much more into the detailed problems we face and share our insights based on our recent retrospective. These pointers on challenges are generally insightful for any open-source project that wants to argue its quality and management of quality, as well as for companies that would like to develop their products with these insig

avatar for Lukas Bulwahn

Lukas Bulwahn

Safety Software Key Expert, BMW AG
Lukas Bulwahn has received a diploma in computer science and a PhD in formal methods from Technische Universität München. Since 2012, he is working at BMW on research and development of an open-source software platform for autonomous driving systems. One part of this research has... Read More →

Tuesday October 27, 2020 12:00 - 12:50 GMT
OS Dependability Theater

13:00 GMT

Getting to Know Spectre & Meltdown Checker - Agata Gruza, Intel & Stéphane Lesimple, OVHcloud
Spectre & Meltdown Checker is a widely used open source hardware vulnerability checker tool. This simple to use application evaluates your system’s exposure to speculative execution side channel issues and detects the presence of security mitigations on your system. It is compatible with BSD and all Linux* flavors and distributions, and can be used on-premises, in virtual environments, and in containers.

In this session we'll take a trip back to early 2018, when Spectre & Meltdown changed the landscape of the IT security for years to come, which made this Spectre & Meltdown Checker a necessity. You will learn the process of contributing to Spectre & Meltdown Checker (what needs to be done between discovering a CVE vulnerability and pushing a patch to address the CVE to the public main repo). We will go over CVE nomenclature for new CPU vulnerabilities, creating a list of unaffected processors, new hardware capabilities, and the patch itself. From there Agata will cover steps on how to install the checker script, and then how to review and read the output from the tool. She will wrap up with what to do if you discover a vulnerability in your system.

avatar for Agata Gruza

Agata Gruza

Lead Performance Engineer, Intel
Agata Gruza has been at Intel for over 5 years working on performance optimizations of Big Data frameworks like Cassandra, Spark, and Hadoop for Intel Architecture. Currently she is a Lead Performance Engineer and focuses on Linux kernel software mitigation. Agata is a Google (Android... Read More →

Tuesday October 27, 2020 13:00 - 13:50 GMT
OS Dependability Theater

16:15 GMT

Demystifying Open Source Crash Reporter: An In-depth Security Analysis - Seong-Joong Kim, National Security Research Institute
Software vendors provide crash reporter to automatically collect crash reports from users to facilitate efficient handling of crash of their products. The crash reporter should be secure and reliable due to the fact that it handles sensitive information, such as core dump that captures the CPU context and memory contents of the crashed program, and helps to address the issue of crashed program. Unfortunately, several security flaws have been reported to the various crashing reporter for Windows, Mac OS X, Linux, Mozilla, etc. In this talk, Seong-Joong Kim will address security problems that reside in popular open source project for crash reporter. After auditing the source code, he found several flaws in the project, caused by unrestricted file upload vulnerability. When it allows the upload of an arbitrary crash report and the attacker may overflow a buffer on heap-memory, unhandled exception or cause resource exhaustion, which may lead to dreadful consequences. He will demonstrate those attacks and share the steps for improving security of the crash reporter.

avatar for Seong-Joong Kim

Seong-Joong Kim

Security Researcher, National Security Research Institute
Seong-Joong Kim is a member of research staff at the National Security Research Institute. Prior to that, he was a researcher at TmaxSoft R&D Center for alternative service as mandatory military service duty. Also, he interned at Samsung Electronics in the capacity of a Software Engineer... Read More →

Tuesday October 27, 2020 16:15 - 17:05 GMT
OS Dependability Theater

17:15 GMT

Board Farm APIs for Automated Testing of Embedded Linux - Tim Bird, Sony & Harish Bansal, Timesys
For years, designers of automated testing systems have used ad-hoc designs for the interfaces between a test, the test framework and board farm software, and the device under test. This has resulted in a situation where hardware tests cannot be reused from one lab to another. This talk presents a proposal for a standard API between automated tests and board farm management software. The idea is to allow a test to query the farm about available bus connections, attached hardware and monitors, and other test installation infrastructure. The test can then allocate and use that hardware, in a lab-independent fashion. The proposal calls for a dual REST/command-line API, with support for discovery, control and operation - of hardware and network resources. It is hoped that establishing a standard in this area will allow for the creation of an ecosystem of shareable hardware tests and board farm software.

avatar for Tim Bird

Tim Bird

Principal Software Engineer, Sony
Tim Bird is a Principal Software Engineer for Sony Corporation, where he helps Sony use Linux and other open source software in their products. Tim is the maintainer of the Fuego test framework, and is involved in various groups in the Linux Foundation, including LF Board of Directors... Read More →
avatar for Harish Bansal

Harish Bansal

Technical Engineer, Timesys
Harish Bansal is an Embedded Board Farm and Test Automation (TA) technical engineer manager at Timesys with 13+ years of applications development experience. Prior to joining Timesys, Harish worked for Honeywell India, Vocollect, and other companies. Harish holds a master's degree... Read More →

Tuesday October 27, 2020 17:15 - 18:05 GMT
OS Dependability Theater

18:30 GMT

Unsolved Problems in Open Source Security - Rhys Arkins, WhiteSource
Very few people today doubt the principles and benefits of Open Source, but you can definitely be forgiven for having concerns about its security. Some of the ways we rely on Open Source today are fundamentally flawed, yet almost never discussed - from registries hosting unsigned artifacts of unreproducible source to package managers which propagate new versions of dependencies at the earliest opportunity. It's time to identify these unsolved - and mostly undiscussed - risks, evaluate their potential impact, and determine what can be done in the Open Source community to address them. This presentation will discuss why we need reproducible builds in open source, verified artifacts, and why the majority of package managers may need a substantial change, while one in particular got it right. It will also provide some recommendations on defensive use of open source particularly for products and industries at the highest risk of software supply chain attacks.

avatar for Rhys Arkins

Rhys Arkins

Director of Product, WhiteSource
Rhys Arkins is the Director of Product at WhiteSource, where he focuses on Develop Solutions. Rhys joined WhiteSource in 2019 through the acquisition of the company he founded, Renovate Bot - an open source tool for automating dependency updates. He is a big proponent of using automation... Read More →

Tuesday October 27, 2020 18:30 - 19:20 GMT
OS Dependability Theater

19:30 GMT

Deploying Linux in Safety Critical Applications - Three Key Challenges - Christopher Temple, Arm Germany GmbH
The next wave of highly automated and highly dependable automotive and industrial systems are driving a strong desire to deploy Linux in such systems. While dependability attributes like availability, safety and maintainability have already received attention in existing application domains like cloud computing the safety aspect is new. The safety aspect for Linux revolves around three key challenges. Firstly, the OS needs to provide specific services with sufficient safety properties to the safety application. Secondly, the OS needs to show intrinsic safety in a way that the OS itself does not become a source of hazardous operation. Thirdly, the OS needs to be able to interface adequately to underlying safety hardware such that safety properties provided by the hardware are enabled and maintained, and no new uncovered safety issues are introduced. The presentation will discuss issues and ideas around identifying sufficient safety properties, the challenges and potential solutions around intrinsic safety, and the state-of-the-art around safety enabled hardware and related integration needs in light of different application classes.

avatar for Christopher Temple

Christopher Temple

Lead Safety and Reliability Systems Architect, Arm
As Lead Safety & Reliability Architect Dr. Chris Temple develops the safety and reliability technology roadmap, and drives thought leadership in next generation cost effective safety systems at Arm. Temple is active in the ELISA open source project, where he is investigating inter-dependencies... Read More →

Tuesday October 27, 2020 19:30 - 20:20 GMT
OS Dependability Theater
Wednesday, October 28

16:15 GMT

Software Quality and Testing – Recognize and Fix the Risks - Boris Cipot, Synopsys
Software development is continually changing and in doing so, it is becoming more complex. To keep up with this evolution the landscape of development, testing tools and security requirements have all progressed. Development teams are finding themselves under more pressure, to not only build quality software with tight time pressures, but ensuring it is compliant with both internal and external standards, for example GDPR. In this session, we will look at what these problems are and how you can combat them.

Key takeaways:
  • Understand what are the problems are in today’s software development and testing
  • Understand solutions for secure software development and testing
  • How to find vulnerabilities and other risks earlier in the software development lifecycle
  • How to reduce operational, security and license compliance risk

What will we talk about:
  • What are today's problems in Software testing?
  • Why is it so hard to keep the quality of the software high?
  • What to consider when using tools as a solution?
  • What is SCA and why it matters?

avatar for Boris Cipot

Boris Cipot

Senior Security Engineer, Synopsys
Boris Cipot is a senior security engineer at Synopsys. He helps companies of all shapes and sizes to create secure software. Boris joined Synopsys when Black Duck Software was acquired in 2017.  He specializes in open source software security, robotics, and artificial intelligence... Read More →

Wednesday October 28, 2020 16:15 - 17:05 GMT
OS Dependability Theater
  OS Dependability

Twitter Feed