Long-time Linux kernel maintainers Gustavo Silva and Nathan Chancellor to dedicate their focus to maintaining and improving Linux security for the long-term

SAN FRANCISCO, February 24, 2021 — Today, Google and the Linux Foundation announced they are prioritizing funds to underwrite two full-time maintainers for Linux kernel security development, Gustavo Silva and Nathan Chancellor.

Silva and Chancellor’s exclusive focus is to maintain and improve kernel security and associated initiatives in order to ensure the world’s most pervasive open source software project is sustainable for decades to come.

The Linux Foundation’s Open Source Security Foundation (OpenSSF) and the Laboratory for Innovation Science at Harvard (LISH) recently published an open source contributor survey report that identified a need for additional work on security in open source software, which includes the massively pervasive Linux operating system. Linux is fueled by more than 20,000 contributors and as of August 2020, one million commits. While there are thousands of Linux kernel developers, all of whom take security into consideration as the due course of their work, this contribution from Google to underwrite two full-time Linux security maintainers signals the importance of security in the ongoing sustainability of open source software.

“At Google, security is always top of mind and we understand the critical role it plays to the sustainability of open source software,” said Dan Lorenc, Staff Software Engineer, Google. “We’re honored to support the efforts of both Gustavo Silva and Nathan Chancellor as they work to enhance the security of the Linux kernel.”

Chancellor’s work will be focused on triaging and fixing all bugs found with Clang/LLVM compilers while working on establishing continuous integration systems to support this work ongoing. Once those aims are well-established, he plans to begin adding features and polish to the kernel using these compiler technologies. Chancellor has been working on the Linux kernel for four and a half years. Two years ago, Chancellor started contributing to mainline Linux under the ClangBuiltLinux project, which is a collaborative effort to get the Linux kernel building with Clang and LLVM compiler tools.

“I hope that more and more people will start to use the LLVM compiler infrastructure project and contribute fixes to it and the kernel – it will go a long way towards improving Linux security for everyone,” said Chancellor, Linux maintainer.

Gustavo Silva’s full-time Linux security work is currently dedicated to eliminating several classes of buffer overflows by transforming all instances of zero-length and one-element arrays into flexible-array members, which is the preferred and least error-prone mechanism to declare such variable-length types. Additionally, he is actively focusing on fixing bugs before they hit the mainline, while also proactively developing defense mechanisms that cut off whole classes of vulnerabilities. Silva sent his first kernel patch in 2010 and today is an active member of the Kernel Self Protection Project (KSPP). He is consistently one of the top five most active kernel developers since 2017 with more than 2,000 commits in mainline. Silva’s work has impacted 27 different stable trees, going all the way down to Linux v3.16.

“We are working towards building a high-quality kernel that is reliable, robust and more resistant to attack every time,” said Silva, Linux maintainer. “Through these efforts, we hope people, maintainers in particular, will recognize the importance of adopting changes that will make their code less prone to common errors.”

“Ensuring the security of the Linux kernel is extremely important as it’s a critical part of modern computing and infrastructure. It requires us all to assist in any way we can to ensure that it is sustainably secure,” said David A. Wheeler, the Linux Foundation. “We extend a special thanks to Google for underwriting Gustavo and Nathan’s Linux kernel security development work along with a thank you to all the maintainers, developers and organizations who have made the Linux kernel a collaborative global success.”

Funding Linux kernel security and development is a collaborative effort, supported by the world’s largest companies that depend on the Linux operating system. To support work like this, discussions are taking place in the Securing Critical Projects Working Group inside the OpenSSF.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contact

Jennifer Cloer
Story Changes Culture
503-867-2304
jennifer@storychangesculture.com

The post Google Funds Linux Kernel Developers to Focus Exclusively on Security appeared first on Linux Foundation.

By Matt Zand

Recap

In our previous article (Review of Five popular Hyperledger DLTs- Fabric, Besu, Sawtooth, Iroha and Indy), we discussed the following Hyperledger Distributed Ledger Technologies (DLTs).

1. Hyperledger Indy
2. Hyperledger Fabric
3. Hyperledger Iroha
4. Hyperledger Sawtooth
5. Hyperledger Besu

To continue our journey, in this article we discuss three Hyperledger tools (Hyperledger Caliper, Cello and Avalon) that act as great accessories for any of Hyperledger DLTs. It is worth mentioning that, as of this writing, all of three tools discussed in this article are at the incubation stage.

Hyperledger Caliper

Caliper is a benchmarking tool for measuring blockchain performance and is written in JavaScript. It utilizes the following four performance indicators: success rate, Transactions Per Second (or transaction throughput), transaction latency, and resource utilization. Specifically, it is designed to perform benchmarks on a deployed smart contract, enabling the analysis of said four indicators on a blockchain network while smart contract is being used.

Caliper is a unique general tool and has become a useful reference for enterprises to measure the performance of their distributed ledgers. The Caliper project will be one of the most important tools to use along with other Hyperledger projects (even in Quorum or Ethereum projects since it also supports those types of blockchains). It offers different connectors to various blockchains, which gives it greater power and usability. Likewise, based on its documentation, Caliper is ideal for:

• Application developers interested in running performance tests for their smart contracts
• System architects interested in investigating resource constraints during test loads

To better understand how Caliper works, one should start with its architecture. Specifically, to use it, a user should start with defining the following configuration files:

• A benchmark file defining the arguments of a benchmark workload
• A blockchain file specifying the necessary information, which helps to interact with the system being tested
• Smart contracts defining what contracts are going to be deployed

The above configuration files act as inputs for the Caliper CLI, which creates an admin client (acts as a superuser) and factory (being responsible for running test loads). Based on a chosen benchmark file, a client could be transacting with the system by adding or querying assets.

While testing is in progress, all transactions are saved. The statistics of these transactions are logged and stored. Further, a resource monitor logs the consumption of resources. All of this data is eventually aggregated into a single report. For more detailed discussion on its implementation, visit the link provided in the References section.

Hyperledger Cello

As blockchain applications eventually deployed at the enterprise level, developers had to do a lot of manual work when deploying/managing a blockchain. This job does not get any easier if multiple tenants need to access separate chains simultaneously. For instance, interacting with Hyperledger Fabric requires manual installation of each peer node on different servers, as well as setting up scripts (e.g., Docker-Composer) to start a Fabric network. Thus, to address said challenges while automating the process for developers, Hyperledger Cello got incubated. Cello brings the on-demand deployment model to blockchains and is written in the Go language. Cello is an automated application for deploying and managing blockchains in the form of plug-and-play, particularly for enterprises looking to integrate distributed ledger technologies.

Cello also provides a real-time dashboard for blockchain statuses, system utilization, chain code performance, and the configuration of blockchains. It currently supports Hyperledger Fabric. According to its documentation, Cello allows for:

• Provisioning customized blockchains instantly
• Maintaining a pool of running blockchains healthy without any need for manual operation
• Checking the system’s status, scaling the chain numbers, changing resources, etc. through a dashboard

Likewise, according to its documentation, the major Cello’s features are:

• Management of multiple blockchains (e.g., create, delete, and maintain health automatically)
• Almost instant response, even with hundreds of chains or nodes
• Support for customized blockchains request (e.g., size, consensus) — currently, there is support for Hyperledger Fabric
• Support for a native Docker host or a Swarm host as the compute nodes
• Support for heterogeneous architecture (e.g., z Systems, Power Systems, and x86) from bare-metal servers to virtual machines
• Extensible with monitoring, logging, and health features through employing additional components

According to its developers, Cello’s architecture follows the principles of the microservices, fault resilience, and scalability. In particular, Cello has three functional layers:

• The access layer, which also includes web UI dashboards operated by users
• The orchestration layer, which on receiving the request from the access layer, makes a call to the agents to operate the blockchain resources
• The agent layer, which embodies real workers that interact with underlying infrastructures like Docker, Swarm, or Kubernetes

According to its documentation, each layer should maintain stable APIs for upper layers to achieve pluggability without changing the upper-layer code. For more detailed discussion on its implementation, visit the link provided in the References section.

Hyperledger Avalon

To boost the performance of blockchain networks, developers decided to store non-essential data into off-the-chain databases. While this approach improved blockchain scalability, it led to some confidentiality issues. So, the community was in search of an approach that can achieve scalability and confidentiality goals at once; thus, it led to the incubation of Avalon. Hyperledger Avalon (formerly Trusted Compute Framework) enables privacy in blockchain transactions, shifting heavy processing from a main blockchain to trusted off-chain computational resources in order to improve scalability and latency, and to support attested Oracles.

The Trusted Compute Specification was designed to assist developers gain the benefits of computational trust and to overcome its drawbacks. In the case of the Avalon, a blockchain is used to enforce execution policies and ensure transaction auditability, while associated off-chain trusted computational resources execute transactions. By utilizing trusted off-chain computational resources, a developer can accelerate throughput and improve data privacy. By using Hyperledger Avalon in a distributed ledger, we can:

• Maintain a registry of the trusted workers (including their attestation info)
• Provide a mechanism for submitting work orders from a client(s) to a worker
• Preserve a log of work order receipts and acknowledgments

To put it simply, the off-chain parts related to the main-network are  executing the transactions with the help of trusted compute resources. What guarantees the enforcement of confidentiality along with the integrity of execution is the Trusted Compute option with the following features:

• Trusted Execution Environment (TEE)
• MultiParty Commute (MPC)
• Zero-Knowledge Proofs (ZKP)

By means of Trusted Execution Environments, a developer can enhance the integrity of the link in the off-chain and on-chain execution. Intel’s SGX play is a known example of TEEs, which have capabilities such as code verification, attestation verification, and execution isolation which allows the creation of a trustworthy link between main-chain and off-chain compute resources. For more detailed discussion on its implementation, visit the link provided in the References section.

Note- Hyperledger Explorer Tool (deprecated)

Hyperledger Explorer, in a nutshell, provides a dashboard for peering into block details which are primarily written in JavaScript. Hyperledger Explorer is known to all developers and system admins that have done work in Hyperledger in past few years. In spite of its great features and popularity, Hyperledger announced last year that they no longer maintain it. So this tool is deprecated.

Next Article

In our upcoming article, we move on covering the below four Hyperledger libraries:

1. Hyperledger Aries
2. Hyperledger Quilt
3. Hyperledger Ursa
4. Hyperledger Transact

Summary

To recap, we covered three Hyperledger tools (Caliper, Cello and Avalon) in this article. We started off by explaining that Hyperledger Caliper is designed to perform benchmarks on a deployed smart contract, enabling the analysis of four indicators (like success rate or transaction throughout) on a blockchain network while smart contract is being used. Next, we learned that Hyperledger Cello is an automated application for deploying and managing blockchains in the form of plug-and-play, particularly for enterprises looking to integrate distributed ledger technologies. At last, Hyperledger Avalon enables privacy in blockchain transactions, shifting heavy processing from a main blockchain to trusted off-chain computational resources in order to improve scalability and latency, and to support attested Oracles.

 References

For more references on all Hyperledger projects, libraries and tools, visit the below documentation links:

1. Hyperledger Indy Project
2. Hyperledger Fabric Project
3. Hyperledger Aries Library
4. Hyperledger Iroha Project
5. Hyperledger Sawtooth Project
6. Hyperledger Besu Project
7. Hyperledger Quilt Library
8. Hyperledger Ursa Library
9. Hyperledger Transact Library
10. Hyperledger Cactus Project
11. Hyperledger Caliper Tool
12. Hyperledger Cello Tool
13. Hyperledger Explorer Tool
14. Hyperledger Grid (Domain Specific)
15. Hyperledger Burrow Project
16. Hyperledger Avalon Tool

Resources

• Free Training Courses from The Linux Foundation & Hyperledger
  • Blockchain: Understanding Its Uses and Implications (LFS170)
  • Introduction to Hyperledger Blockchain Technologies (LFS171)
  • Introduction to Hyperledger Sovereign Identity Blockchain Solutions: Indy, Aries & Ursa (LFS172)
  • Becoming a Hyperledger Aries Developer (LFS173)
  • Hyperledger Sawtooth for Application Developers (LFS174)
• eLearning Courses from The Linux Foundation & Hyperledger
  • Hyperledger Fabric Administration (LFS272)
  • Hyperledger Fabric for Developers (LFD272)
• Certification Exams from The Linux Foundation & Hyperledger
  • Certified Hyperledger Fabric Administrator (CHFA)
  • Certified Hyperledger Fabric Developer (CHFD)
• Hands-On Smart Contract Development with Hyperledger Fabric V2 Book by Matt Zand and others.
• Essential Hyperledger Sawtooth Features for Enterprise Blockchain Developers
• Blockchain Developer Guide- How to Install Hyperledger Fabric on AWS
• Blockchain Developer Guide- How to Install and work with Hyperledger Sawtooth
• Intro to Blockchain Cybersecurity (Coding Bootcamps)
• Intro to Hyperledger Sawtooth for System Admins (Coding Bootcamps)
• Blockchain Developer Guide- How to Install Hyperledger Iroha on AWS
• Blockchain Developer Guide- How to Install Hyperledger Indy and Indy CLI on AWS
• Blockchain Developer Guide- How to Configure Hyperledger Sawtooth Validator and REST API on AWS
• Intro blockchain development with Hyperledger Fabric (Coding Bootcamps)
• How to build DApps with Hyperledger Fabric
• Blockchain Developer Guide- How to Build Transaction Processor as a Service and Python Egg for Hyperledger Sawtooth
• Blockchain Developer Guide- How to Create Cryptocurrency Using Hyperledger Iroha CLI
• Blockchain Developer Guide- How to Explore Hyperledger Indy Command Line Interface
• Blockchain Developer Guide- Comprehensive Blockchain Hyperledger Developer Guide from Beginner to Advance Level
• Blockchain Management in Hyperledger for System Admins
• Hyperledger Fabric for Developers (Coding Bootcamps)
• Free White Papers from Hyperledger
• Free Webinars from Hyperledger
• Hyperledger Wiki

About the Author

Matt Zand is a serial entrepreneur and the founder of 3 tech startups: DC Web Makers, Coding Bootcamps and High School Technology Services. He is a leading author of Hands-on Smart Contract Development with Hyperledger Fabric book by O’Reilly Media. He has written more than 100 technical articles and tutorials on blockchain development for Hyperledger, Ethereum and Corda R3 platforms at sites such as IBM, SAP, Alibaba Cloud, Hyperledger, The Linux Foundation, and more. As a public speaker, he has presented webinars at many Hyperledger communities across USA and Europe.. At DC Web Makers, he leads a team of blockchain experts for consulting and deploying enterprise decentralized applications. As chief architect, he has designed and developed blockchain courses and training programs for Coding Bootcamps. He has a master’s degree in business management from the University of Maryland. Prior to blockchain development and consulting, he worked as senior web and mobile App developer and consultant, angel investor, business advisor for a few startup companies. You can connect with him on LI: https://www.linkedin.com/in/matt-zand-64047871

The post Review of Three Hyperledger Tools – Caliper, Cello and Avalon appeared first on Linux Foundation – Training.