Google to fund work to improve Linux kernel security

The Linux Foundation announced on Google funding to maintain Linux kernel protections and harden the kernel. Full-time jobs will include Gustavo Silva ( Gustavo Silva ) and Nathan Chenslor ( Nathan Chancellor ).

Nathan is best known for his work of providing building the Linux kernel using the Clang compiler and using compile-time protections such as CFI (Control Flow Integrity). Nathan’s further work in the first phase will focus on eliminating all the bugs that pop up when using Clang / LLVM, and implementing a continuous integration system for testing Clang-based assemblies. When the known issues are resolved, work will begin to add additional security hardening capabilities to the kernel provided by the Clang compiler.

Gustavo is one of the active participants in the KSPP (Kernel Self Protection Project) project to promote active protection technologies into the Linux kernel. Gustavo’s main task will be to fix some classes of buffer overflows by replacing all zero-length or single-element array instances with a dimensionless array declaration ( Flexible Array Member ). In addition, Gustavo will deal with fixing errors in the code, before it gets into the main composition of the kernel, and developing active protection mechanisms in the kernel.

/Media reports.