-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Islet Mentorship: Strengthening Security through Fuzz Testing #398
Comments
interested on contributing towards this project. |
I am excited about the prospect of helping to make Islet's security even stronger using full-fledged fuzz testing. My method will rely on Cargo Fuzz and use it to systematically stress-test the RMM interfaces (RMI and RSI) in a focused manner of producing edge-case inputs to possibly expose weaknesses in ARM CCA implementation. The RMM interface has potential attack surfaces within its boundaries. We need to develop comprehensive test cases that cover both expected and unexpected input scenarios and seamlessly integrate these fuzz tests into Islet's existing CI pipeline I have been analysing islet codebase to understand it better and I look forward to deepening my understanding under the guidance of experienced mentors. |
Hi @Shruti78 and @ksachin7, If you have any questions, feel free to reach out anytime. |
Hi @bokdeuk-jeong getting following error
Caused by: after running : cargo build --target aarch64-apple-darwin My setup : islet % rustup show Default host: aarch64-apple-darwin installed toolchainsstable-aarch64-apple-darwin (default) installed targets for active toolchainaarch64-apple-darwin active toolchainnightly-aarch64-apple-darwin (directory override for '/Users/sachin/downloads/islet') |
I also want to work on this project, I liked the project and wish to contribute. |
First, thank you for your interest in our project. Since Additionally, the current tests are conducted in a Linux environment. If you are using a Mac, I recommend using a VM or Docker to test in a Linux environment. The way to setup the development on linux is here. Furthermore, it might be easier to approach the following tests before working on rsi-test:
|
Hi @bokdeuk-jeong and @bitboom, I am really excited about the opportunity to contribute to this project, as it aligns perfectly with my background in Rust programming, testing, and systems-level development. Here’s a brief overview of my relevant experience: Google Summer of Code Mentee — DatenLord Summer of Bitcoin Intern — Validating Lightning Signer Code for GovTech Intern — Dhiway EMG-Controlled Prosthetic Hand Could you please guide me on where to begin, any prerequisites to learn, and potential first issues to solve? Could you also recommend any specific Rust libraries, tools, or techniques that would be essential for integrating fuzz testing with Islet’s CI pipeline, and how best to familiarize myself with ARM’s RMM specification for testing the RMI and RSI interfaces? Best Regards, |
Hi @Harsh1s, Thank you so much for expressing interest in the Islet project! We're especially excited to hear from someone with strong exprience in Rust and system testing. To formally apply, please submit your application through the official mentorship program platfrom at https://mentorship.lfx.linuxfoundation.org/project/fbd406ee-5d76-4d8b-939d-c37d42643fa8. This ensures that all applicants are properly tracked and reviewed as part of the program. Looking forward to seeing your application there! Feel free to reach out if you have any questions about the process. |
|
Hi @drvcodenta, |
Thank you everyone for your interest in this Mentorship opportunity. As @bokdeuk-jeong mentioned earlier, interested applicants can apply on the LFX Mentorship portal here: For those who've already applied, we expect the mentors to reach out and start the interviews shortly. For any application or logistics-related question around the mentorship, and to hear about additional mentorship opportunities for CCC projects in 2025, please join the #mentorship_program channel on the CCC slack: slack.confidentialcomputing.io |
Hi @bokdeuk-jeong, I am really excited and willing to contribute to this project. I am willing to put all my efforts to this as it seems really exciting. |
Islet Mentorship: Strengthening Security through Fuzz Testing
This issue provides a brief description of the Linux Foundation Mentorship opportunity for Islet. This Issue is for potential mentees and project mentors to review and discuss.
Description:
Enhance Islet’s security by identifying vulnerabilities early using fuzz testing. This project integrates Cargo Fuzz tools with Islet’s CI pipeline, focusing on testing RMM interfaces (RMI and RSI) based on ARM’s RMM specification.
Expected Outcome: Deliver a set of robust fuzz tests integrated into Islet’s CI, improving security and compliance with ARM standards.
Recommended Skills: Knowledge of Rust programming and fuzz testing. Familiarity with confidential computing, virtualization, and ARM architecture is helpful but not required.
Mentor(s):
Bokdeuk Jeong (@bokdeuk-jeong, [email protected])
Sangwan Kwon (@bitboom, [email protected])
The text was updated successfully, but these errors were encountered: