DOCSLIB.ORG

Security Event Auditing of Infotainment and Communications Control: Implementation Approaches

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Security Event Auditing of Infotainment and Communications Control: Implementation Approaches K. Dorozhkina Security event auditing of infotainment and communications control: implementation approaches Karina Dorozhkina Kaspersky, 39A/2 Leningradskoe Shosse, 125212, Moscow, Russian Federation [email protected] Abstract. Today’s cars are deservedly called smart because they are no longer merely vehicles but complex devices communicating with each other and the outside world. With integrated infotainment (head unit ECU or HU) and com- munication (telematics ECU or TCU) control domains, they offer numerous ways to make the driver's life more comfortable. HUs and TCUs are powered by Linux or Android OS, similar to your mobile phone or tablet, and their hardware performance is more on a par with PCs than embedded systems. But as well as greater convenience, these enhanced vehicle capabilities bring greater responsibilities as the attack surface grows. For instance, it has been shown by several research groups that unauthorised remote access can result in CAN bus injection. Countering complex cyberattack scenarios requires security event monitoring inside the vehicle’s ECUs and the ability to deliver this information to vehicle operators (e.g., OEM or fleet owner) for incident discovery and re- sponse. Continuous asset monitoring in Security Operations Centers became the standard in enterprise-grade security with Endpoint Detection & Response solu- tions (EDR). Upcoming automotive cybersecurity regulations (UNECE WP.29/GRVA and ISO/SAE 21434) also cover this process. This paper gives a detailed description of security events from HU and TCU critical for malicious activity analysis as well as key mechanisms for their extraction. The target plat- forms are automotive embedded Linux distributions such as Automotive Grade Linux (AGL) and GENIVI. Mature systems such as udev and Linux Auditing will be reviewed along with the relatively new extended Berkeley Packet Filter (eBPF). Keywords: Head unit, Telematics, Linux, Audit, eBPF 1 Introduction Complex and comprehensive vehicle attack scenarios include payload delivery to cloud and internally connected ECUs (like head units and telematic control units) through MiTM attacks or external interface exploitation, long-term persistence of malicious code in the compromised ECUs and its lateral movement to other domains. The target of such attacks are unlikely to be individuals, but rather enterprises with business processes tightly connected with vehicle fleets. For example, in 2018 and 16 Security event auditing of infotainment and communications control 2 2019 successful cyberattacks were carried out against large car-sharing fleets in the US and Australia. Infotainment control and telematics provide the driver with a lot of useful func- tionality. It’s hard to imagine driving now without navigation maps or a USB port for a device with your favourite music. But, more importantly, it’s not just entertainment that can be provided by these ECUs – safety functions such as crash reporting and emergency warning by eCall or over-the-air software update (OTA) are key features of modern vehicles. All this functionality leads to a growing number of external inter- faces in today’s smart cars (Fig. 1). Fig. 1. External interfaces of a smart car This transformation from a simple vehicle to a sophisticated connected device has a downside – a growing number of potential vulnerabilities. With the ability to con- nect to the outside world, HUs and TCUs can be used as an entry point to car inter- nals. These domains obviously need to be isolated from other domain networks. But it 17 K. Dorozhkina 3 turns out that in the real world the situation isn’t so clear cut and often it’s possible to gain access to the powertrain or body control via CAN bus, or hacking the TCU or HU via external interfaces. The main aim here is to make infotainment and communication control more se- cure and more resistant to potential attacks. Leaving prevention functionality for a future talk, this paper focuses on the important function of secure auditing. This func- tion makes it possible for incident specialists to analyse malicious activity and report to a driver or OEM. Of course, this is not the only mechanism that should be used. Strong authentication and authorisation, strict policies and critical updates to remove old vulnerabilities should all be applied. But secure auditing is also an important part of car protection, giving an understanding of what went wrong and how. And it’s not just for cases of remote hacking – secure auditing can assist insurance companies with forensic analysis in cases of physical theft [1]. Numerous studies [1, 2] as well as upcoming automotive cybersecurity regulations (UNECE WP.29/GRVA and ISO/SAE 21434) stipulate that security logging is an obligatory part of securing a modern car. But there is no definition of which events are important and should be logged. The aim of this paper is to address the theme of security events in detail. Before we go into an in-depth explanation of security events and extraction meth- ods, let’s define the scope of potential infotainment and communication control oper- ating systems (OS). Security event groups are independent from the OS, but the mechanisms for collecting events may differ. It’s impossible to describe all cases, so this paper will concentrate mainly on two popular automotive Linux distributives, Automotive Grade Linux (AGL) and GENIVI, which are both based on the yocto framework. Renesas R-Car H3 board, using ARM architecture, was used as a refer- ence hardware platform. 2 Security event groups 2.1 Defining the scope OSs such as GENIVI, AGL or QNX are highly complex software with a non-stop event flow. It’s impossible to collect and report all system activity due to disk space limitations or network bandwidth if we want to send these logs to the cloud. Moreo- ver, we need to filter out events to simplify future analysis and collect only those events that relate to possible incidents. Redundant event collecting can also lead to performance degradation. For example, we aren’t interested in open(), read() and write() syscalls for all filesystem nodes, but only for those that have restricted access, such as configuration files. Defining the full scope of security events requires a threat model covering all possible attack surfaces [1]. But for simplicity and as a case study for this paper, let’s review an existing Tesla attack (Fig. 2) [3]. The entry point was via Wi-Fi spoofing and the subsequent exploiting of a vulner- ability in a WebKit browser. In this context, the collecting of network events seems reasonable. Another step in this attack was patching setresuid() syscall to get the root privilege. This in turn leads to the idea of collecting specific syscalls information 18 Security event auditing of infotainment and communications control 4 related to privilege escalation and processes creation. Further manipulations led to access being gained to the gateway through its reprogramming. This indicates that the filesystem is heavily used in attempts by the intruder to achieve persistence. From this case we see three types of security events: network events, syscall events related to privilege escalation, and process creation and filesystem events. Fig. 2. TESLA attack scheme. As was mentioned above, it’s not only remote attacks that are possible but also physical attacks involving theft or cases of car sharing. TCU and HU external inter- face activity such as USB activity must be recorded and it adds one more event group for connected device information. The following sections will describe which mecha- nisms can be used for extracting these events. 2.2 Enabling auditing systems in yocto distributions As our target systems are AGL and GENIVI distributions, both based on the yocto framework, a custom setup for all systems is necessary that will be described below. Almost all systems for security auditing are disabled in yocto images built from scratch. So, it’s necessary to define a custom layer with a kernel and image recipes for adding extra kernel config options and deploying the required packages [11]. Below are some examples. Additional kernel config example for Linux Auditing system: CONFIG_AUDIT=y CONFIG_AUDITSYSCALL=y CONFIG_AUDIT_WATCH=y CONFIG_AUDIT_TREE=y CONFIG_INTEGRITY_AUDIT=y Additional custom yocto layer packages: IMAGE_INSTALL_append += " audit" IMAGE_INSTALL_append += " audit auditd " 19 K. Dorozhkina 5 6 IMAGE_INSTALL_append += " udev-rules " IP address assigning to USB to Ethernet adapter: IMAGE_INSTALL_append += " iproute2 “ network_broadcast_address=169.254.255.255 network_interface_name=eth0 network_local_address=169.254.245.57 network_address_family=AF_INET network_address_action=added network_interface_address=169.254.245.57 network_address_mask_length=16 network_address_scope=global Such network events can serve as the start point in incident investigation as they relate to external interface activity. After a malicious connection is established an attacker may try to invoke syscalls like setresuid() in the Tesla example or launch binaries. It is then interesting to analyse the syscalls sequence and process tree crea- tion. 2.4 Syscall events The Linux Auditing system was first introduced in kernel version 2.6 and is available in all the latest distributions, including GENIVI and AGL. The core functionality is Fig. 3. Security event groups and collecting methods the logging of kernel activity for future incident investigation. As is shown in this paper, using only this mechanism is not enough because it doesn’t cover the full net- 2.3 Network events work or device activity (Fig. 3), but can give a lot of information about syscalls used, including process creation events. Based on these events we can track the whole pro- Linux distributions such as Genivi and AGL use the Netlink service for communica- cess tree with arguments and analyse executed sequences. For example, we can detect tion between the kernel and user space. This allows communication with the rtnetlink spoofed firmware updates and its initiator or compare the current process flow with a system that provides read/write access to routing tables.
Load more

Recommended publications
  • An Introduction to Linux IPC
    An introduction to Linux IPC Michael Kerrisk © 2013 linux.conf.au 2013 http://man7.org/ Canberra, Australia [email protected] 2013-01-30 http://lwn.net/ [email protected] man7 .org 1 Goal ● Limited time! ● Get a flavor of main IPC methods man7 .org 2 Me ● Programming on UNIX & Linux since 1987 ● Linux man-pages maintainer ● http://www.kernel.org/doc/man-pages/ ● Kernel + glibc API ● Author of: Further info: http://man7.org/tlpi/ man7 .org 3 You ● Can read a bit of C ● Have a passing familiarity with common syscalls ● fork(), open(), read(), write() man7 .org 4 There’s a lot of IPC ● Pipes ● Shared memory mappings ● FIFOs ● File vs Anonymous ● Cross-memory attach ● Pseudoterminals ● proc_vm_readv() / proc_vm_writev() ● Sockets ● Signals ● Stream vs Datagram (vs Seq. packet) ● Standard, Realtime ● UNIX vs Internet domain ● Eventfd ● POSIX message queues ● Futexes ● POSIX shared memory ● Record locks ● ● POSIX semaphores File locks ● ● Named, Unnamed Mutexes ● System V message queues ● Condition variables ● System V shared memory ● Barriers ● ● System V semaphores Read-write locks man7 .org 5 It helps to classify ● Pipes ● Shared memory mappings ● FIFOs ● File vs Anonymous ● Cross-memory attach ● Pseudoterminals ● proc_vm_readv() / proc_vm_writev() ● Sockets ● Signals ● Stream vs Datagram (vs Seq. packet) ● Standard, Realtime ● UNIX vs Internet domain ● Eventfd ● POSIX message queues ● Futexes ● POSIX shared memory ● Record locks ● ● POSIX semaphores File locks ● ● Named, Unnamed Mutexes ● System V message queues ● Condition variables ● System V shared memory ● Barriers ● ● System V semaphores Read-write locks man7 .org 6 It helps to classify ● Pipes ● Shared memory mappings ● FIFOs ● File vs Anonymous ● Cross-memoryn attach ● Pseudoterminals tio a ● proc_vm_readv() / proc_vm_writev() ● Sockets ic n ● Signals ● Stream vs Datagram (vs uSeq.
    [Show full text]
  • Linux and Free Software: What and Why?
    Linux and Free Software: What and Why? (Qué son Linux y el Software libre y cómo beneficia su uso a las empresas para lograr productividad económica y ventajas técnicas?) JugoJugo CreativoCreativo Michael Kerrisk UniversidadUniversidad dede SantanderSantander UDESUDES © 2012 Bucaramanga,Bucaramanga, ColombiaColombia [email protected] 77 JuneJune 20122012 http://man7.org/ man7.org 1 Who am I? ● Programmer, educator, and writer ● UNIX since 1987; Linux since late 1990s ● Linux man-pages maintainer since 2004 ● Author of a book on Linux programming man7.org 2 Overview ● What is Linux? ● How are Linux and Free Software created? ● History ● Where is Linux used today? ● What is Free Software? ● Source code; Software licensing ● Importance and advantages of Free Software and Software Freedom ● Concluding remarks man7.org 3 ● What is Linux? ● How are Linux and Free Software created? ● History ● Where is Linux used today? ● What is Free Software? ● Source code; Software licensing ● Importance and advantages of Free Software and Software Freedom ● Concluding remarks man7.org 4 What is Linux? ● An operating system (sistema operativo) ● (Operating System = OS) ● Examples of other operating systems: ● Windows ● Mac OS X Penguins are the Linux mascot man7.org 5 But, what's an operating system? ● Two definitions: ● Kernel ● Kernel + package of common programs man7.org 6 OS Definition 1: Kernel ● Computer scientists' definition: ● Operating System = Kernel (núcleo) ● Kernel = fundamental program on which all other programs depend man7.org 7 Programs can live
    [Show full text]
  • Linux Kernel and Driver Development Training Slides
    Linux Kernel and Driver Development Training Linux Kernel and Driver Development Training © Copyright 2004-2021, Bootlin. Creative Commons BY-SA 3.0 license. Latest update: October 9, 2021. Document updates and sources: https://bootlin.com/doc/training/linux-kernel Corrections, suggestions, contributions and translations are welcome! embedded Linux and kernel engineering Send them to [email protected] - Kernel, drivers and embedded Linux - Development, consulting, training and support - https://bootlin.com 1/470 Rights to copy © Copyright 2004-2021, Bootlin License: Creative Commons Attribution - Share Alike 3.0 https://creativecommons.org/licenses/by-sa/3.0/legalcode You are free: I to copy, distribute, display, and perform the work I to make derivative works I to make commercial use of the work Under the following conditions: I Attribution. You must give the original author credit. I Share Alike. If you alter, transform, or build upon this work, you may distribute the resulting work only under a license identical to this one. I For any reuse or distribution, you must make clear to others the license terms of this work. I Any of these conditions can be waived if you get permission from the copyright holder. Your fair use and other rights are in no way affected by the above. Document sources: https://github.com/bootlin/training-materials/ - Kernel, drivers and embedded Linux - Development, consulting, training and support - https://bootlin.com 2/470 Hyperlinks in the document There are many hyperlinks in the document I Regular hyperlinks: https://kernel.org/ I Kernel documentation links: dev-tools/kasan I Links to kernel source files and directories: drivers/input/ include/linux/fb.h I Links to the declarations, definitions and instances of kernel symbols (functions, types, data, structures): platform_get_irq() GFP_KERNEL struct file_operations - Kernel, drivers and embedded Linux - Development, consulting, training and support - https://bootlin.com 3/470 Company at a glance I Engineering company created in 2004, named ”Free Electrons” until Feb.
    [Show full text]
  • Control Groups (Cgroups)
    System Programming for Linux Containers Control Groups (cgroups) Michael Kerrisk, man7.org © 2020 [email protected] February 2020 Outline 19 Cgroups 19-1 19.1 Introduction to cgroups v1 and v2 19-3 19.2 Cgroups v1: hierarchies and controllers 19-17 19.3 Cgroups v1: populating a cgroup 19-24 19.4 Cgroups v1: release notification 19-33 19.5 Cgroups v1: a survey of the controllers 19-43 19.6 Cgroups /procfiles 19-65 19.7 Cgroup namespaces 19-68 Outline 19 Cgroups 19-1 19.1 Introduction to cgroups v1 and v2 19-3 19.2 Cgroups v1: hierarchies and controllers 19-17 19.3 Cgroups v1: populating a cgroup 19-24 19.4 Cgroups v1: release notification 19-33 19.5 Cgroups v1: a survey of the controllers 19-43 19.6 Cgroups /procfiles 19-65 19.7 Cgroup namespaces 19-68 Goals Cgroups is a big topic Many controllers V1 versus V2 interfaces Our goal: understand fundamental semantics of cgroup filesystem and interfaces Useful from a programming perspective How do I build container frameworks? What else can I build with cgroups? And useful from a system engineering perspective What’s going on underneath my container’s hood? System Programming for Linux Containers ©2020, Michael Kerrisk Cgroups 19-4 §19.1 Focus We’ll focus on: General principles of operation; goals of cgroups The cgroup filesystem Interacting with the cgroup filesystem using shell commands Problems with cgroups v1, motivations for cgroups v2 Differences between cgroups v1 and v2 We’ll look briefly at some of the controllers System Programming for Linux Containers ©2020, Michael Kerrisk Cgroups 19-5 §19.1
    [Show full text]
  • Open Source Software
    OPEN SOURCE SOFTWARE Product AVD9x0x0-0010 Firmware and version 3.4.57 Notes on Open Source software The TCS device uses Open Source software that has been released under specific licensing requirements such as the ”General Public License“ (GPL) Version 2 or 3, the ”Lesser General Public License“ (LGPL), the ”Apache License“ or similar licenses. Any accompanying material such as instruction manuals, handbooks etc. contain copyright notes, conditions of use or licensing requirements that contradict any applicable Open Source license, these conditions are inapplicable. The use and distribution of any Open Source software used in the product is exclusively governed by the respective Open Source license. The programmers provided their software without ANY WARRANTY, whether implied or expressed, of any fitness for a particular purpose. Further, the programmers DECLINE ALL LIABILITY for damages, direct or indirect, that result from the using this software. This disclaimer does not affect the responsibility of TCS. AVAILABILITY OF SOURCE CODE: Where the applicable license entitles you to the source code of such software and/or other additional data, you may obtain it for a period of three years after purchasing this product, and, if required by the license conditions, for as long as we offer customer support for the device. If this document is available at the website of TCS and TCS offers a download of the firmware, the offer to receive the source code is valid for a period of three years and, if required by the license conditions, for as long as TCS offers customer support for the device. TCS provides an option for obtaining the source code: You may obtain any version of the source code that has been distributed by TCS for the cost of reproduction of the physical copy.
    [Show full text]
  • Greg Kroah-Hartman [email protected] Github.Com/Gregkh/Presentation-Kdbus
    kdbus IPC for the modern world Greg Kroah-Hartman [email protected] github.com/gregkh/presentation-kdbus Interprocess Communication ● signal ● synchronization ● communication standard signals realtime The Linux Programming Interface, Michael Kerrisk, page 878 POSIX semaphore futex synchronization named eventfd unnamed semaphore System V semaphore “record” lock file lock file lock mutex threads condition variables barrier read/write lock The Linux Programming Interface, Michael Kerrisk, page 878 data transfer pipe communication FIFO stream socket pseudoterminal POSIX message queue message System V message queue memory mapping System V shared memory POSIX shared memory shared memory memory mapping Anonymous mapping mapped file The Linux Programming Interface, Michael Kerrisk, page 878 Android ● ashmem ● pmem ● binder ashmem ● POSIX shared memory for the lazy ● Uses virtual memory ● Can discard segments under pressure ● Unknown future pmem ● shares memory between kernel and user ● uses physically contigous memory ● GPUs ● Unknown future binder ● IPC bus for Android system ● Like D-Bus, but “different” ● Came from system without SysV types ● Works on object / message level ● Needs large userspace library ● NEVER use outside an Android system binder ● File descriptor passing ● Used for Intents and application separation ● Good for small messages ● Not for streams of data ● NEVER use outside an Android system QNX message passing ● Tight coupling to microkernel ● Send message and control, to another process ● Used to build complex messages
    [Show full text]
  • Analyzing a Decade of Linux System Calls
    Noname manuscript No. (will be inserted by the editor) Analyzing a Decade of Linux System Calls Mojtaba Bagherzadeh Nafiseh Kahani · · Cor-Paul Bezemer Ahmed E. Hassan · · Juergen Dingel James R. Cordy · Received: date / Accepted: date Abstract Over the past 25 years, thousands of developers have contributed more than 18 million lines of code (LOC) to the Linux kernel. As the Linux kernel forms the central part of various operating systems that are used by mil- lions of users, the kernel must be continuously adapted to changing demands and expectations of these users. The Linux kernel provides its services to an application through system calls. The set of all system calls combined forms the essential Application Programming Interface (API) through which an application interacts with the kernel. In this paper, we conduct an empirical study of the 8,770 changes that were made to Linux system calls during the last decade (i.e., from April 2005 to December 2014) In particular, we study the size of the changes, and we manually identify the type of changes and bug fixes that were made. Our analysis provides an overview of the evolution of the Linux system calls over the last decade. We find that there was a considerable amount of technical debt in the kernel, that was addressed by adding a number of sibling calls (i.e., 26% of all system calls). In addition, we find that by far, the ptrace() and signal handling system calls are the most difficult to maintain and fix. Our study can be used by developers who want to improve the design and ensure the successful evolution of their own kernel APIs.
    [Show full text]
  • Linux.Kernel.And.Driver.Development
    Linux Kernel and Driver Development Training Linux Kernel and Driver Development Training Gr´egory Cl´ement,Michael Opdenacker, Free Electrons Maxime Ripard, S´ebastienJan, Thomas Petazzoni Embedded Linux Free Electrons Developers c Copyright 2004-2013, Free Electrons. Creative Commons BY-SA 3.0 license. Latest update: March 29, 2013. Document updates and sources: http://free-electrons.com/doc/training/linux-kernel Corrections, suggestions, contributions and translations are welcome! Free Electrons. Kernel, drivers and embedded Linux development, consulting, training and support. http://free-electrons.com 1/496 Rights to copy c Copyright 2004-2013, Free Electrons License: Creative Commons Attribution - Share Alike 3.0 http://creativecommons.org/licenses/by-sa/3.0/legalcode You are free: I to copy, distribute, display, and perform the work I to make derivative works I to make commercial use of the work Under the following conditions: I Attribution. You must give the original author credit. I Share Alike. If you alter, transform, or build upon this work, you may distribute the resulting work only under a license identical to this one. I For any reuse or distribution, you must make clear to others the license terms of this work. I Any of these conditions can be waived if you get permission from the copyright holder. Your fair use and other rights are in no way affected by the above. Free Electrons. Kernel, drivers and embedded Linux development, consulting, training and support. http://free-electrons.com 2/496 Electronic copies of these documents I Electronic copies of your particular version of the materials are available on: http://free-electrons.com/doc/training/linux-kernel I Open the corresponding documents and use them throughout the course to look for explanations given earlier by the instructor.
    [Show full text]
  • Schedule: Sunday
    Schedule: Sunday page 2 Main tracks and lightning talks page 3 Devrooms in AW building page 4-5 Devrooms in H building page 5-6 Devrooms in K building page 6-7 Devrooms in U building Latest schedule and mobile apps on https://fosdem.org/schedule/ Compiled on 26/01/2016, see fosdem.org for updates. Page 1 of 12, Sunday Main tracks Main tracks Lightning Talks J.Janson K.1.105 (La Fontaine) H.2215 (Ferrer) 10:00 A New Patchwork Stephen Finucane 10:15 Re-thinking Linux Distributions Free communications with Free Software Buildtime Trend : visualise what’s trending in 10:30 Langdon White Daniel Pocock your build process – Dieter Adriaenssens Learning about software development with 10:45 Kibana dashboards – Jesus M. Gonzalez- Barahona 11:00 coala – Code Analysis Made Simple Lasse Schuirmann 11:15 Building a peer-to-peer network for Real-Time Beyond reproducible builds Communication How choosing the Raft consensus algorithm 11:30 Holger Levsen saved us 3 months of development time – Adrien Béraud, Guillaume Roguez Robert Wojciechowski Keeping your files safe in the post-Snowden 11:45 era with SXFS – Robert Wojciechowski 12:00 Spiffing – Military grade security Dave Cridland 12:15 illumos at 5 Mainflux Layers Box 12:30 Dan McDonald Drasko Draskovic Istvàn Koren FAI – The Universal Installation Tool 12:45 Thomas Lange 13:00 Knot DNS Resolver Ondrejˇ Surý 13:15 RocksDB Storage Engine for MySQL How containers work in Linux Prometheus – A Next Generation Monitoring 13:30 Yoshinori Matsunobu James Bottomley System Brian Brazil Going cross-platform – how htop was made 13:45 portable Hisham Muhammad 14:00 Ralph – Data Center Asset Management Sys- tem and DCIM, 100% Open Source.
    [Show full text]
  • An Introduction to Control Groups (Cgroups)
    Open Source Summit Europe 2018 An introduction to control groups (cgroups) Michael Kerrisk, man7.org c 2018 [email protected] Open Source Summit Europe 21 October 2018, Edinburgh, Scotland Outline 1 Introduction 3 2 Introduction to cgroups v1 and v2 6 3 Cgroups hierarchies and controllers 19 4 Cgroups v1: populating a cgroup 26 5 Cgroups v1: a survey of the controllers 33 6 Cgroups /proc files 45 7 Optional topic: release notification (cgroups v1) 48 Outline 1 Introduction 3 2 Introduction to cgroups v1 and v2 6 3 Cgroups hierarchies and controllers 19 4 Cgroups v1: populating a cgroup 26 5 Cgroups v1: a survey of the controllers 33 6 Cgroups /proc files 45 7 Optional topic: release notification (cgroups v1) 48 Who am I? Contributor to Linux man-pages project since 2000 Maintainer since 2004 Maintainer email: [email protected] Project provides ≈1050 manual pages, primarily documenting system calls and C library functions https://www.kernel.org/doc/man-pages/ Author of a book on the Linux programming interface http://man7.org/tlpi/ Trainer/writer/engineer Lots of courses at http://man7.org/training/ Email: [email protected] Twitter: @mkerrisk c 2018, Michael Kerrisk @mkerrisk An introduction to control groups (cgroups) 4 §1.1 Who am I? Contributor to Linux man-pages project since 2000 Maintainer since 2004 Maintainer email: [email protected] Project provides ≈1050 manual pages, primarily documenting system calls and C library functions https://www.kernel.org/doc/man-pages/ Author of a book on the Linux programming interface http://man7.org/tlpi/
    [Show full text]
  • Why Kernel Space Sucks (Or: Deconstructing Two Myths) (Or: an Abridged History of Kernel-Userspace Interface Blunders...)
    Why kernel space sucks (Or: Deconstructing two myths) (Or: An abridged history of kernel-userspace interface blunders...) LinuxCon North America Michael Kerrisk © 2012 San Diego, CA, USA [email protected] 2012-08-29 http://man7.org/ man7 .org 1 Who am I? ● Professionally: programmer (primarily); also educator and writer ● Working with UNIX + Linux for nearly 25 years ● Linux man-pages maintainer since 2004 ● 124 releases (as at Aug 2012) ● written or cowritten ~295 of ~950 man pages ● lots of API review and testing, many bug reports ● Author of a book on kernel-userspace API ● IOW: Lots of time looking at the interface man7 .org 2 Intro: Why Userspace Sucks ● Paper/talk by Dave Jones of Red Hat ● First presented at Ottawa LS 2006 ● A lead-in to deconstructing a couple of myths ● Why Userspace Sucks → WUSS ● http://www.kernel.org/doc/ols/2006/ols2006v1-pages-441-450.pdf ● http://www.codemonkey.org.uk/projects/talks/ols2k6.tar.gz ● http://lwn.net/Articles/192214/ man7 .org 3 Motivation for WUSS ● We (kernel developers) have created a kernel that performs magnificently ● But, can we make it better? ● Why does it take so long to boot, start applications, and shut down? ● Why does my idle laptop consume so much battery power? man7 .org 4 Findings from WUSS ● DJ starts instrumenting the kernel, and finds... ● Boot up: 80k stat(), 27k open(), 1.4k exec() ● Shutdown: 23k stat(), 9k open() ● Userspace programmers wreck performance doing crazy things! ● open() and reparse same file multiple times! ● read config files for many devices not even present! ● stat() (or even open()) 100s of files they never need ● timers triggering regular unnecessary wake-ups man7 .org 5 Conclusions from WUSS ● Room for a lot of improvement in userspace! ● Userspace programmers should be aware of and using trace and analysis tools ● (perf, LTTng, ftrace, systemtap, strace, valgrind, powertop, etc.) man7 .org 6 Kernelspace Userspace “We (kernel developers) are much smarter than those crazy userspace programmers” man7 .org 7 Kernelspace Userspace Something's wrong with this picture..
    [Show full text]
  • Secure Programming for Linux and Unix HOWTO
    Secure Programming for Linux and Unix HOWTO David A. Wheeler v3.010 Edition Copyright © 1999, 2000, 2001, 2002, 2003 David A. Wheeler v3.010, 3 March 2003 This book provides a set of design and implementation guidelines for writing secure programs for Linux and Unix systems. Such programs include application programs used as viewers of remote data, web applications (including CGI scripts), network servers, and setuid/setgid programs. Specific guidelines for C, C++, Java, Perl, PHP, Python, Tcl, and Ada95 are included. For a current version of the book, see http://www.dwheeler.com/secure−programs This book is Copyright (C) 1999−2003 David A. Wheeler. Permission is granted to copy, distribute and/or modify this book under the terms of the GNU Free Documentation License (GFDL), Version 1.1 or any later version published by the Free Software Foundation; with the invariant sections being ``About the Author'', with no Front−Cover Texts, and no Back−Cover texts. A copy of the license is included in the section entitled "GNU Free Documentation License". This book is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Secure Programming for Linux and Unix HOWTO Table of Contents Chapter 1. Introduction......................................................................................................................................1 Chapter 2. Background......................................................................................................................................4
    [Show full text]