Kaiwan Billimoria
Linux Author, Trainer, Consultant
Bengaluru, India
Actions
Kaiwan taught himself programming on his Dad's IBM PC back in 1983. Next, with C/Assembly on DOS until he discovered Unix and Linux!
Kaiwan is the author of five books on Linux:
https://amazon.com/author/kaiwanbillimoria
He's worked on many aspects of Linux including drivers and embedded Linux projects. His Linux mania feeds well into his passion for teaching these topics to engineers (for close to 30 years now). As well, he's an international speaker and a recreational (ultra)runner.
Area of Expertise
How to quickly find memory bugs using [K]ASAN and Interpreting it's Shadow Memory report
Even today, memory bugs plague C/C++ developers, as these aren't managed languages and thus aren't memory-safe. For both user and kernel space developers, learning to, and actually using dynamic analysis tooling is critical in catching these defects. The Address Sanitizer (ASAN) Compile Time Instrumentation (CTI) approach proved so successful in userspace that it was ported to the Linux kernel as KASAN. However, interpreting its 'shadow memory' report is quite often ignored! Don't, as it's very useful! A quick tutorial - with a demo - on how exactly to do this is presented here.
As well, it's well known that the closer a defect's found to the developer's desk, the cheaper it is to fix; with [K]ASAN tooling, the chances of catching these deadly and insiduous bugs goes up. Make using them a part of your workflow!
Mitigating Hackers With Hardening on Linux – An Overview for Developers, Focus on BoF
Modern society is largely info-driven; embedded/IoT products based on our beloved Linux thrive.
Unfortunately, there's a huge gap in the security posture of many end-products. Hackers currently have a field day!
This session helps you understand why/where software vulnerabilities exist, while programming and after, what Linux app/OS Hardening techniques one can deploy, what tools and methodologies help mitigate security issues.
The session is heavily biased toward developers working on (embedded) Linux systems using the 'C' programming language,
for both application (user) and kernel-space (drivers, custom features), and the security challenges faced by them.
The tutorial consists of 3 parts:
Part 1: Security and Hacking Intro
Part 2: Deep dive into (some) software vulnerabilities, their root causes; CPU ABI basics geared to understanding the process / thread stack layout; understanding the BoF attack vector
Part 3: Modern OS Hardening Countermeasures (Linux), for both userspace apps and the kernel.
To make these discussions practical, a quick code-level demo of a simple BoF vuln on an ARM VM / hardware board will be performed (with all relevant code & docs provided on GitHub).
Leveraging the OS CPU scheduler to write real-time MT apps
The Linux OS is powerful; here you'll learn some aspects of this power, particularly, how the kernel CPU (or task) scheduler can be leveraged to support the writing of (soft) real-time multithreaded (MT) applications (with C).
First the basics: the (real!) meaning of real-time, the state machine of a Linux process/thread, the meaning of the various POSIX scheduling policies available on the system.
The meat of this talk (and live demo!) will be how you, as a systems / app developer, can leverage the OS by using appropriate Pthread/system call APIs to query and set the CPU scheduling policy and priority, at a *per thread* level of granularity!
We conclude with an overview of the LF Real-Time Linux (RTL) kernel, how to configure the kernel for RT, and deploy it for use (with appropriately written RT apps), thus enabling the ability to use Linux as an RTOS.
Agenda brief:
- What does real-time actually mean
- The Linux process state machine
- How Linux schedules processes and threads
- The POSIX Scheduling Policies and what they mean
- Setting sched policy and priority on an application thread
- Demo MT app; code walkthru & demo
- Overview: making Linux an RTOS (it's done as of 6.11!)
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top