Skip to main content
Category

Mentorship

Demystifying the Linux Kernel Security Process (Video)

By Blog, Linux Foundation, Mentorship

There is a lot of misunderstanding about how the Linux kernel deals with security vulnerabilities. Greg Kroah-Hartman, Kernel Maintainer & Fellow at the Linux Foundation, presented a complimentary Mentorship Session exploring Demystifying the Linux Kernel Security Process on October 3. Watch the video below, which will go into how the Linux kernel security team works, how changes are propagated out to the public, and how users must take advantage of these changes in order to have a secure system.

Check out other upcoming webinars in the LF Live Mentorship Series here.

Trusted Execution Inside Secure Enclaves – LFX Mentorship Report

By Blog, Mentorship

Işıl Öz, 2022 ELISA Project Mentee and Assistant Professor at Izmir Institute of Technology

Hardware Trusted Execution Environment

Since remote computation has evolved as the cloud infrastructures offer high-performance and low-cost solutions, security has become a concern due to remote computer’s mainte- nance by untrusted parties. As the security mechanisms aim to maintain protection from attackers and enable execution confidentiality and integrity, they help to achieve safety requirements as well by making sure that both program code and data are not corrupted. Therefore, memory protection solutions support safety by ensuring trusted execution, and they target domains requiring both secure and safe execution [4, 15]. Homomorphic en- cryption, which directly works on the encrypted data, enables the handling of user data by third parties safer. However, its computational requirements lead to impractical perfor- mance issues.

Trusted execution environments (TEEs) maintain secure computation in an isolated area of a processor with hardware-assisted technologies. They offer both performance and security improvements by exposing a smaller trusted compute base (TCB) in the environment. Confidential Computing Consortium (CCC) defines TEE as an environment that provides a level of assurance of data integrity, data confidentiality, and code integrity [19]. Data integrity is preventing unauthorized entities from data modification while in use inside TEE. Data confidentiality means that unauthorized entities cannot view data while in use inside TEE. Code integrity is preventing unauthorized entities from code modification while it is being executed inside TEE. Depending on the implementation, TEE additionally may provide the following features:

  • Code confidentiality: TEE protects code while in use from being viewed by unautho- rized entities. For instance, an algorithm having intellectual property issues should not be exposed to third parties.
  • Authenticated launch: TEE enables the launching of a process when only it is verified to be secure.
  • Programmability: TEE consists of any arbitrary code or code that is loaded by a secure source.
  • Recoverability: TEE provides a recovery mechanism that resets the status from a corrupted state to a known safe state.
  • Attestability: TEE measures its origin and current state and maintains evidence that the code has integrity and has not been modified. Different hardware vendors offer TEE implementations in their processor architectures:
  • Intel Software Guard eXtensions (SGX): With SGX, which exists in Intel Xeon pro- cessors, applications run in a secure memory space without access by the untrusted operating system (enclave) and store the data it uses in this memory area.
  • ARM TrustZone: TrustZone is in Arm Cortex-A processors and provides a secure environment for memory, software, bus transactions, and interrupts. The applications running on TrustZone can perform trusted operations with API functions.
  • AMD Memory Encryption Technology: While AMD Secure Memory Encryption (SME) is a hardware-based secure memory encryption technology found in AMD EPYC processors, Secure Encrypted Virtualization (SEV) is the implementation of SME technology used in virtualized systems. We focus on SGX technology and open-source library operating systems that enable its functionality.

Intel Software Guard Extensions (SGX)

Intel’s Software Guard Extensions (SGX) provide hardware-based isolation for secure com- putations by supporting safe execution [18]. SGX reserves isolated memory regions called Processor Reserved Memory (PRM) or enclaves for code and data. The CPU protects the memory regions from all non-enclave memory accesses, including the kernel, hypervisor System Management Mode (SMM) accesses, and DMA accesses from peripherals. Non- addressable memory pages (Enclave Page Cache (EPC) pages) inside enclaves are reserved from the physical RAM and encrypted. Execution flow can only enter an enclave by special CPU instructions, similar to the mechanism for switching from user mode to kernel mode. Enclave execution always happens in protected mode, at ring 3.

Figure 1 presents an example execution flow for the applications utilizing protected memory regions. The initial code and data in an enclave are loaded by untrusted system software. During the loading stage, the system software asks the CPU to copy data from unprotected memory into the enclave and assigns the pages to the enclave. After all the enclave’s pages are loaded, the system software asks the CPU to mark the enclave as initialized, at which point the application can run the code inside the enclave with support for high-level language features. Other parties can perform a software attestation process to verify the identity of the enclave that it is communicating with an enclave and is running in a secure environment.

Open-source LibOS Projects

The library operating system (LibOS) technology enables us to take an application with little or no modifications and protect it in an SGX enclave [7]. While commercial and open-source LibOS options are available, we mention open-source projects and focus on a specific project, Mystikos, our mentorship is built on. The following open-source LibOS projects support Intel SGX:

Gramine [6]: Lightweight libOS, designed to run a single application inside enclaves with minimal host requirements.

Occlum [13]: Memory-safe, multi-process library OS (LibOS) for Intel SGX.

Intel SGX and Linux kernel library [16]: Designed to run existing unmodified Linux binaries inside of Intel SGX enclaves.

Mystikos [12]: Tools and runtime for launching unmodified container images in TEEs.

Mystikos

Mystikos [12] is a runtime and a set of tools for running Linux applications in a hardware- trusted execution environment (TEE). It currently supports Intel SGX. Mystikos aims for the following features: 1) Enable protection of application code and data while in memory through the use of hardware TEEs, 2) Allow users and application developers control over the makeup of the trusted computing base (TCB), 3) Simplify retargeting to other TEE architectures through a plugin architecture.

As shown in Figure 2, Mystikos includes the following components:

  • C-runtime based on musl libc: Handles passing the runtime functions from unsecure part to the secure part of the application.
  • LibOS-like kernel: Implements system calls for secure execution.
  • Kernel-target interface (TCALL): Communicates with the target implementations (SGX target based on Open Enclave SDK or Linux target for only verification on non-SGX platforms).
  • Command-line interface: Offers an interface for the programs targeting execution inside the enclave (myst exec-sgx or myst exec-linux).
  • Some related utilities: Tools for building an application for secure execution (myst-appbuilder), creating an archive for target program (myst mkcpio or myst mkext2), packaging an application (myst package-sgx). Figure 2: Mystikos architecture [12]. Figure 3 presents the application workflow when developing application in Mystikos, which consists of four steps:

Figure 3 presents the application workflow when developing application in Mystikos, which consists of four steps:

  1. Develop application: Develop the application using programming models of our choice.
  2. Create appdir: Create and populate an appdir directory that contains compiled application and essential dependencies.

3. Run in Mystikos: First create a root file system (rootfs) from appdir by using myst mkcpio or myst mkext2. Then run the application by using myst exec-sgx or myst exec-linux.

4. Package application: Sign and package the application.

Activities During the Mentorship

At the beginning of the mentorship period, I investigated the open-source libOS projects enabling and implementing SGX features (mentioned in Section 3). With a theoretical background in operating systems and processor architecture, I tried to understand the ex- isting implementations. In the meantime, I learned about some practical issues by following the LFX courses about Linux kernel and open-source project development (like GitHub is- sues and pull requests) to get hands-on experience. Specifically, I enrolled two LFX training courses: A Beginner’s Guide to Open-Source Software Development (LFD102) [3] and A Beginner’s Guide to Linux Kernel Development (LFD103) [2].

After deciding to work on Mystikos project, which is closely related security and safety issues, I started by examining open issues in Mystikos Github repository.

The first issue I have looked at was the following: Memory leak in myst syscall execve ([11]): It was about a potential bug in the function myst syscall execveat inside the file /kernel/syscall.c. The reason seemed to have an unfreed memory allocation in the function myst exec inside /kernel/exec.c file. After discussion with the maintainers re- garding the issue, I created a pull request and submitted it as a fix (Figure 4). However, the maintainers realized that the issue has been already fixed in the previous commits, so my commit has not been merged.

After being introduced in Mystikos and getting familiar with the code, I contacted to the maintainers. Vikas Amar Tikoo replied and offered me to work on improving debug-gability by either writing gdb extensions, improvements to strace mechanism in Mystikos, interactive shell support, or integration with native debugging tools like valgrind. Then he created an issue on github that I can work on: Interactive bash support issues ([9]). The aim is to run bash shell in Mystikos. However, Mystikos complains about it. I could replicate the case in my local machine (Figure 5). The problem seems that the ioctl requests/commands [10] have not been supported by Mystikos. I submitted a pull request with TIOCGPGRP and TIOCSPGRP ioclt system calls (Figure 6). I have been working on the issue and communicating with the maintainers about the implementation details.

Additionally, during my mentorship period, I attended the following online activities:

  • SGX Community Day Virtual Event, July 26-27, 2022 [1]: Inspirational talks from academics, startups, and big corporations about SGX implementations.
  • ELISA summit, September 7-8, 2022 [5]: Introductory overview, emerging trends, and current topics in utilizing open-source software for safety-critical applications.
  • SOAFEE Virtual Symposium, November 16-17, 2022 [17]: Presentations by open- source and independent software vendors organized by the Scalable Open Architecture For Embedded Edge (SOAFEE) Special Interest Group.

Moreover, as a researcher working in the field of computer architecture, the mentorship helped me to improve myself in the hardware security area. I have submitted a national research project titled as Security-Performance Tradeoff Analysis for Embedded Systems with GPUs, where we target to analyze both the security and performance of the embedded applications running inside enclaves. We aim to utilize the open-source LibOS projects and port the program executions partially into the enclaves. Mainly, we target to extend the mentorship work for safety-critical embedded CPU-GPU systems. Additionally, my mentorship encouraged my students to work on open-source projects and be included in mentorship programs.

Thanks to the LFX mentorship program supported by ELISA, I found an opportunity to be introduced to the open-source software community and gained a practical hands-on experience in open-source software development. The mentorship was helpful in terms of both enhancing my hands-on skills and learning the open-source project development pro- cess. While I have a strong background in theoretical operating systems and computer architecture area, especially my operating systems software skills have substantially im- proved. Moreover, the regular meetings with my experienced mentor and communication with the open-source project maintainers were very helpful for both technical and social skill development.

After getting experience on the Mystikos project, I am working on the issue and will continue working on it after my mentorship period. With this experience, I am planning to contribute to other open-source LibOS projects by combining my research interests and practical experience. After being introduced to the open-source community, I believe that I will be able to find more opportunities in the related domains requiring both security and safety. Since I learned that secure execution environments/containers maintain secure and

Safe execution inside enclaves, we can utilize them for different applications in safety-critical systems.

References:

  1. 3rd sgx community day virtual event. https://community.intel.com/t5/Blogs/ Tech-Innovation/Data-Center/Third-SGX-Community-Day/post/1393177. Ac- cessed: 2022-11-16.
  2. A beginner’s guide to linux kernel development (lfd102). https://trainingportal.linuxfoundation.org/learn/course/ a-beginners-guide-to-linux-kernel-development-lfd103. Accessed: 2022- 11-16.
  3.  A beginner’s guide to open source software development (lfd102). https://trainingportal.linuxfoundation.org/courses/ a-beginners-guide-to-open-source-software-development-lfc102. Accessed: 2022-11-16.
  4. Eclipse software defined vehicle working group. https://sdv.eclipse.org/. Ac- cessed: 2022-11-23.
  5. Elisa summit. https://events.linuxfoundation.org/elisa-summit/. Accessed: 2022-11-16.
  1. Gramine – a library os for unmodified applications. https://gramineproject.io/. Accessed: 2022-11-16.
  2. Intel software guard extensions. https://www.intel.com/content/www/us/ en/developer/tools/software-guard-extensions/get-started.html. Accessed: 2022-11-16.
  3. Intel software guard extensions (intel sgx) web-based training. https: //www.intel.com/content/www/us/en/developer/articles/technical/ intel-sgx-web-based-training.html. Accessed: 2022-11-16.
  4. Interactive bash support issues. https://github.com/deislabs/mystikos/issues/ 1423. Accessed: 2022-11-16.
  5. ioctl(2) — linux manual page. https://man7.org/linux/man-pages/man2/ioctl. 2.html. Accessed: 2022-11-16.
  6. Memory leak in myst syscall execve. https://github.com/deislabs/mystikos/ issues/946. Accessed: 2022-11-16.
  7. Mystikos. https://github.com/deislabs/mystikos. Accessed: 2022-11-16.
  8. Occlum – a library os empowering everyone to run every application in secure enclaves. https://occlum.io/. Accessed: 2022-11-16.
  9. Pull request – ioctl system calls. https://github.com/deislabs/mystikos/pull/ 1439. Accessed: 2022-11-24.
  10. Scalable open architecture for embedded edge (soafee) project. https://soafee.io/. Accessed: 2022-11-23.
  11. Sgx-lkl library os for running linux applications inside of intel sgx enclaves. https: //github.com/lsds/sgx-lkl. Accessed: 2022-11-16.
  12. Soafee virtual symposium. https://soafee.io/blog/2022/virtual_symposium/. Accessed: 2022-11-16.
  13. Victor Costan and Srinivas Devadas. Intel sgx explained. Cryptology ePrint Archive, 2016.
  14. A Publication of The Confidential Computing Consortium. Confidential computing: Hardware-based trusted execution for applications and data. Technical report, January 2021.

Why We Need Open Source Mentorship Programs

By Blog, Mentorship

Written by Jason Perlow, Editorial Director at the Linux Foundation

Mentorship programs in open source are critical for the growth and development of the open source community, and the LFX Mentorship program is no exception. The program’s participants find it so valuable that a whopping 99% of the graduates felt the program to be beneficial, and 47% said it helped them get a job.

In a recent study conducted by Linux Foundation Research, Mentorship in Open Source, with a report authored by Linux Foundation Editorial Director Jason Perlow, over 100 mentees from the LFX Mentorship graduating classes of 2020 and 2021 were surveyed and interviewed about their experiences during participation and postgraduation. This includes several mentorships with the ELISA Project.

The study explores the intrinsic, economic, and career value of mentorship programs in open source, highlighting the importance of such programs for both mentees and mentors.

Benefits of mentorship programs

One of the key benefits of mentorship programs is the intrinsic value they provide. Mentors can share their knowledge and experience with mentees, helping them develop the skills and knowledge they need to succeed in the open source community. Mentees, on the other hand, can learn from experienced professionals, gaining valuable insights and advice that they can use to advance their careers.

In addition to the intrinsic value of mentorship programs, there are also significant economic benefits. Open source projects rely on the contributions of a wide range of individuals, from developers to designers and testers. By providing mentorship opportunities, organizations can help attract and retain talented individuals, which can help ensure the project’s long-term success. This is particularly important for open source projects that rely on community contributions, as these projects need to attract and retain a steady stream of contributors to be successful.

Here are a few more examples of why mentorship programs are important for the both the participants and the open source communities: 

  • Hands-on experience: Open source mentorship programs allow individuals to work on real-world projects, which can help them gain practical skills and experience.
  • Networking opportunities: Participants in open source mentorship programs can interact and collaborate with experienced developers and other professionals in the field. This can lead to valuable networking opportunities and potential job leads.
  • Flexibility: Participating in mentorship programs can be flexible, allowing individuals to work on projects at their own pace and in their own time. This allows for a better work-life balance and allows individuals to continue working on other projects or responsibilities. An example of flexibility is having training sessions recorded so that participants can access them at more convenient times.
  • Learning from experts: Having access to open source project maintainers with deep experience in coding is one of the key benefits of mentorship programs. Participants can learn from their mentors and benefit from their knowledge and experience.
  • Building a portfolio: Participating in mentorship programs provides the opportunity to build a portfolio of work, which can demonstrate to potential employers the skills and experience that an individual has gained.
  • Building a community: Running mentorship programs helps to build a community of developers and professionals who can provide support, guidance, and mentorship to others. This can be a valuable resource for career advancement.

Challenges faced by mentorship programs

One of the challenges mentorship programs face is the lack of funding and support. Many mentorship programs are run by volunteers, who may not have the resources or support to mentor mentees effectively. This can make it difficult for mentees to get the support and guidance they need, leading to frustration and disengagement.

Another challenge faced by mentorship programs is the lack of structure and support. Many mentorship programs are informal, with mentors and mentees often left to figure out how to work together best. This can make it difficult for mentees to get the support and guidance they need, leading to frustration and disengagement.

The LFX Mentorship program, sponsored by the Linux Foundation, aims to address these challenges by providing mentees with the support and guidance they need to be successful in the open source community. The program provides mentees access to a wide range of resources and support, including training and development opportunities, mentoring and coaching, and networking opportunities. The program also provides mentors with the support and guidance they need to be effective mentors, including training and development opportunities, mentoring and coaching, and networking opportunities.

Insights from the report

Here are a few highlights of valuable insights gained from the mentorship study:

  • Improving Diversity: Mentorship creates opportunities for a healthy succession of open source project contributions and leadership.
  • Career Advancement Opportunities: 69% of mentees have seen their career advance because of mentorship, with 47% saying that the program helped them get a job.
  • Increased Income: 67% of employed mentees report increased income after program participation.
  • Improved Contributions: 85% of mentees are or are willing to contribute to the project they were involved in after mentorship.

Who should read the report?

One of the report’s primary audiences is developers interested in open source mentorship. The report provides detailed information on the types of mentorship programs available and the skills and experience typically required for mentors and mentees. Developers interested in becoming a mentor or mentees in open source can use the report to understand the process better and what is involved.

Another important audience for the report is managers and leaders within open source communities. The report provides valuable insights into the challenges and opportunities of mentorship in open source and can help managers and leaders identify areas where they can improve their mentorship programs. Additionally, the report guides how to design and implement mentorship programs that are effective and sustainable.

Conclusion

The Linux Foundation’s report on mentorship in open source is an important resource for many individuals and organizations involved in open source software development. In partnership with CNCF, ELISA Project, Hyperledger, Open Mainframe Project and OpenSSF, the report provides valuable insights into the current state of mentorship in open source and best practices for mentorship programs. Developers, managers, community leaders, educators and trainers, and researchers can all benefit from reading the report and using the information it contains to improve their own mentorship programs and contribute to the overall success of the open source community.

My ELISA Mentorship

By Blog, ELISA Summit, Mentorship

Shefali Sharma, a senior student at the Meerut Institute of Engineering and Technology in India, was a mentee of the ELISA Project starting in March 2022. Her mentors were Shuah Khan, Linux Fellow and Kernel Maintainer at the Linux Foundation and Chair of the ELISA Technical Steering Committee at that time, and Milan Lakhani, Co-Chair of the ELISA Medical Devices Working Group and Software Engineer at Codethink. During her mentorship, Shefali learned a lot about the Linux kernel, Core C programming, and various tools and techniques for analyzing the kernel like strace, ftrace, cscope, perf. 

Shefali will be sharing her key learnings on Thursday, January 19 at 12:33-12:43 am ET at the LFX Mentorship Showcase, a virtual event that gives Linux Foundation mentees an opportunity to present their experience with their mentorship. This virtual event, which takes place on January 18-19, is free to attend and open to anyone who would like to learn more about the experiences of LF Mentorship Program mentees, find out more about some of the programs our projects are working on, recruit new talent, and support new developer contributions. Register for the free event here.

If you can’t make the LFX Mentorship Showcase, you can check out her findings in this video from the ELISA Summit (September 2022) about kernel tracing.

You can also learn more in Shefali’s Medium blog here.

What it takes to employ Linux in safety applications : An interview with Shuah Khan

By Blog, Industry Conference, Mentorship

During the Open Source Summit Europe 2022, Shuah Khan, Linux Kernel Fellow at the Linux Foundation and previously the Chair of the ELISA Project Technical Steering Committee, met with Mike Vizard, Chief Content Officer, Techstrong TV, to discuss what it takes to employ Linux in safety applications and why the open source community is still looking to train top-notch maintainers.

This interview narrates the fundamental details that you need to know if you are new to ELISA Project and planning to contribute or get involved in the LF Project or any open source projects under Linux Foundation. The theme of the questions spanned from the need of safety programs and how Linux is involved in safety critical applications to how gender diversity and STEM education plays a role in the open source community and contribution.

ELISA Project as you know is simply defined as Enabling Linux In Safety Applications. Shuah Khan explains how ELISA is involved in many uses like automotive, medical etc and how the community is bringing together the safety experts to maintain safety critical platforms. She also explains with an example on how the project works in an automotive use case. When it comes to safety certification, she explains how ELISA Project is helping with the resources for the community that are planning to certify their safety critical platforms running in Linux. The role of safety experts and the kernel experts are like bread and butter. While safety experts look at the safety angle of the product or platform, kernel experts bridge the gap between safety and kernel.

There are sometimes concerns in people’s minds that in the future the regulators might be asking tough questions about safety when they develop medical, automotive applications. There are also lots of costs involved for these certifications. Considering the economical situation now, how the ELISA project can help the community is worthwhile.

For those who are currently studying or looking to get involved in the ELISA Project to learn more about Kernel and safety certification process, starting from this part (06:00) of the interview is a must watch.

This part explains about the talent ELISA Project is looking for, how LFX mentorship program helps the newcomers to integrate into the open source community, to help the code in and make them an expert in their preferred field.

In many cases, some are often uninformed about the possibilities of learning or don’t know where to start with the open source contribution. What we want to convey is our project has structural programs, resources to work and kernel webinars to learn. At the end of the program, there is also a virtual mentee showcase where the mentees explain about what they have done during the program to the member company representatives which is a potential opportunity for further steps like job or research programs.

The interview also discusses the outreach programs to attract talents from various parts of the world and the STEM initiatives.

We invite you to watch this video to learn more and if it helped you to learn something new, then share it with your communities: https://techstrong.tv/videos/open-source-summit-europe-2022/shuah-khan-the-linux-foundation-open-source-summit-europe-2022.

Learn more about the ELISA Project here

ELISA Summit: Analysis of eBPF for Safety Use Case (Video)

By Blog, ELISA Summit, Mentorship

An estimated 185 people registered for the ELISA Summit, which took place virtually on September 7-8 to gather Linux community members and attendees from around the world. The event, which featured 15 sessions and 20 speakers, was open to anyone involved or interested in defining, using, or learning about common elements, processes, and tools that can be incorporated into Linux-based, safety-critical systems amenable to safety certification. Members of the ELISA Project community presented best practices and overviews on emerging trends and hot topics to using open source software in safety-critical applications and detailed working group updates.

We’ll be featuring event videos in blogs each week. Today, we focus on a session presented by Elana Copperman, Mobileye & Jules Irenge, Linux Foundation Mentee. They will be sharing their insights on the topic “eBPF for safety use cases”

Jules shares his experience of working as part of the LXF/ELISA Mentorship Program. The program is focused on ebpf and xdp.

On one hand, eBPF is a kernel mechanism that provides a sandboxed runtime environment in the Linux kernel without changing kernel source code or loading kernel modules.

eBPF programs can be attached to various kernel subsystems, including networking, tracing and Linux security modules (LSM).

On the other, eXpress Data Path (xdp) is a technology that enables high performance data communication, bypassing most of the operating system networking stack using eBPF.

Elana shares an analysis of eBPF for safety, focusing on xdp, and demonstrate how these can be used for safety.

In the process she showcase eBPF /xdp tools that do and count how many packets have been accepted, rejected or redirected and how this can be used for tracing.

The goal of this presentation is to guide system administrators and programmers to consider using this technology to improve on software safety.

To learn more, watch the video below.

For more details about the ELISA Project, visit the main website here.

ELISA Welcomes 3 Mentees!

By Blog, Mentorship, Working Group

The Linux Foundation has had a robust mentorship program for years that invests in new talent and diversity that helps the open source community – no matter what the focus or project – thrive as a whole. Since its formal launch in 2019, the LFX Mentorship has graduated more than 190 mentees and has hosted almost 100 mentorship programs. 

This Spring, the ELISA Project is hosting two mentorships that will help developers gain real-world knowledge in a hands-on learning experience with Linux and open source. It also provides a more defined path for ELISA to connect with the next generation to inject more talent into their developer base.

The Spring Mentorship session, which kicked off in March, paired mentees with leaders from Codethink, the Linux Foundation and Mobileye. The ELISA Project is excited to welcome  Irenge Jules Bashizi, Shefali Sharma and Wenhui Zhang as the newest mentees in the ELISA community. Please see below for more details about their mentorships and mentors. As they settle into their new roles, we hope to feature their mentorship journey in upcoming blog posts. 

Mentorship: Analysis of eBPF (extended Berkley Packet Filter) Verifier

To make eBPF programs “safe”, the Linux kernel validates all eBPF code before loading. However, the current validator has many known limitations, leading to rejection of working programs. 

Focus in this mentorship will be: 

  • In-depth analysis and review of the eBPF validator, and its use to validate eBPF programs.
  • Code enhancements to the validator to improve usability.
  • Identify use cases for kernel profiling in safety critical applications.
Elana Copperman

Mentor: Elana Copperman, Chair of the Linux Features for Safety-Critical Systems Working Group and System Safety Architect at Mobileye (part of Intel)

Elana provides support for designing safety features in Mobileye products, including system boot; drivers; and Linux infrastructure. Before working at Mobileye, she worked as a Security Architect for Cisco-Il (formerly NDS) and more recently as a security consultant for major European automotive concerns on behalf of various Israeli startups. Research interests focus on software engineering methodologies and security engineering.

In particular, focusing on expanding open source and Linux-based tools to support safety critical and life saving product development.

Irenge Jules Bashizi

Mentee: Irenge Jules Bashizi

Jules is a Computer science student at University of Manchester. He is a certified Linux System administrator.  Jules is interested in improving his skills in Kernel engineering by contributing to the Linux Kernel community by submitting patches. This internship offers him a unique opportunity tailored to improve and contribute.  As a hobby, Jules enjoys jogging..

Mentee: Wenhui Zhang

Mentorship: Discovering Linux kernel subsystems used by OpenAPS

OpenAPS is an open source Artificial Pancreas System designed to automatically adjust an insulin pump’s insulin delivery to keep Blood Glucose in a safe range at all times. It is an open and transparent effort to make safe and effective basic Automatic Pancreas System technology widely available to anyone with compatible medical devices who is willing to build their own system.

What happens when an OpenAPS workload runs on Linux? What are the subsystems and modules that are in active use when OpenAPS is running? What are the interactions between OpenAPS and the kernel when a user checks how much insulin is left in the insulin pump?

The ELISA Medical Devices Working Group set out to answer these questions. Understanding the kernel footprint necessary to run a workload helps us focus on the  subsystem and modules that make up the footprint for safety.

The mentee will:

  • Use Linux kernel tracing and strace tool to discover Linux kernel subsystems used by OpenAPS. 
  • Find Linux system calls supported on various architectures. 
  • Write a blog/whitepaper on the findings which will aid ELISA Medical Devices WG to focus on the  subsystem and modules that make up the footprint for safety.

Shefali Sharma has started working on the project to advance the work Shuah and Milna have shared in their recent blog here

Mentor: Milan Lakhani, Co-Chair of the Medical Devices Working Group and Systems and Software Engineer at Codethink

In open source, Milan’s contributions to Linux kernel are aimed at achieving ELISA project goals. Other than that, he has previously worked in the Trustable and community – mainly STPA analysis on design and writing requirements and tests and also some patches to help with making a webapp and porting. 

There are a lot of aspects and opportunities to really learn through experience and take responsibility to make an impact on a highly approved, tested and growing Closed Loop Open-Source insulin delivery system that is really helping to reduce issues of people with type 1 diabetes. There should also be some variety in the tasks and the approach that the mentee can do. Milan is excited to share his skills and knowledge with STPA (our method of safety analysis for the system), the OpenAPS system and codebase (OpenAPS is the medical device itself) and Linux kernel.

Shuah Khan

Mentor: Shuah Khan, ELISA Project TSC Chair and Linux Foundation Fellow

Shuah is an experienced Linux Kernel developer, maintainer, and contributor. She has extensive experience in open source development, actively working across Linux Kernel sub-systems.

She currently maintains the Kernel Selftest, USB over IP, and cpupower tools. She is an active contributor to the Linux media sub-system.

Shuah has a passion for mentoring and educating the next generation. She loves mentoring and training engineers new to open source and helping them become committers and reviewers.

Shefali Sharma

Mentee: Shefali Sharma

Shefali is a third year Computer Science Engineering student from Meerut Institute of Engineering and Technology, Meerut, India. She likes to explore new technical domains. She is very excited to work on the OpenAPS project as it will give her an opportunity to use her technical skills for the welfare of others and to get involved in the Linux kernel community. Apart from this she is also interested in DevOps and Machine Learning.