islet
islet copied to clipboard
islet-project
Islet Mentorship: Strengthening Security through Fuzz Testing
Islet Mentorship: Strengthening Security through Fuzz Testing
This issue provides a brief description of the Linux Foundation Mentorship opportunity for Islet. This Issue is for potential mentees and project mentors to review and discuss.
Description:
Enhance Islet’s security by identifying vulnerabilities early using fuzz testing. This project integrates Cargo Fuzz tools with Islet’s CI pipeline, focusing on testing RMM interfaces (RMI and RSI) based on ARM’s RMM specification.
Expected Outcome: Deliver a set of robust fuzz tests integrated into Islet’s CI, improving security and compliance with ARM standards.
Recommended Skills: Knowledge of Rust programming and fuzz testing. Familiarity with confidential computing, virtualization, and ARM architecture is helpful but not required.
Mentor(s):
Bokdeuk Jeong (@bokdeuk-jeong, [email protected]) Sangwan Kwon (@bitboom, [email protected])
I am excited about the prospect of helping to make Islet's security even stronger using full-fledged fuzz testing. My method will rely on Cargo Fuzz and use it to systematically stress-test the RMM interfaces (RMI and RSI) in a focused manner of producing edge-case inputs to possibly expose weaknesses in ARM CCA implementation.
The RMM interface has potential attack surfaces within its boundaries. We need to develop comprehensive test cases that cover both expected and unexpected input scenarios and seamlessly integrate these fuzz tests into Islet's existing CI pipeline
I have been analysing islet codebase to understand it better and I look forward to deepening my understanding under the guidance of experienced mentors.
Hi @Shruti78 and @ksachin7, Thank you so much for showing interest in Islet and for expressing your willingness to participate! Here's the link to apply for the mentorship program. https://mentorship.lfx.linuxfoundation.org/project/fbd406ee-5d76-4d8b-939d-c37d42643fa8
If you have any questions, feel free to reach out anytime. Looking forward to working together on this exciting project!
Hi @bokdeuk-jeong getting following error
error: could not compile rsi-test` (bin "rsi-test"); 1 warning emitted
Caused by:
process didn't exit successfully: /Users/sachin/.rustup/toolchains/nightly-aarch64-apple-darwin/bin/rustc --crate-name rsi_test --edition=2021 realm/rsi-test/src/main.rs --error-format=json --json=diagnostic-rendered-ansi,artifacts,future-incompat --diagnostic-width=107 --crate-type bin --emit=dep-info,link -C panic=abort -C embed-bitcode=no -C debuginfo=2 -C split-debuginfo=unpacked --check-cfg 'cfg(docsrs)' --check-cfg 'cfg(feature, values())' -C metadata=ba4f7aa1ad74fffc -C extra-filename=-5c6e6e55fb55c39f --out-dir /Users/sachin/Downloads/LFX25/islet/out/aarch64-apple-darwin/debug/deps --target aarch64-apple-darwin -C incremental=/Users/sachin/Downloads/LFX25/islet/out/aarch64-apple-darwin/debug/incremental -L dependency=/Users/sachin/Downloads/LFX25/islet/out/aarch64-apple-darwin/debug/deps -L dependency=/Users/sachin/Downloads/LFX25/islet/out/debug/deps (exit status: 101)
warning: build failed, waiting for other jobs to finish...`
after running :
cargo build --target aarch64-apple-darwin
My setup :
islet % rustup show
Default host: aarch64-apple-darwin rustup home: /Users/sachin/.rustup
installed toolchains
stable-aarch64-apple-darwin (default) nightly-2024-04-21-aarch64-apple-darwin nightly-aarch64-apple-darwin 1.75.0-aarch64-apple-darwin 1.70-aarch64-apple-darwin
installed targets for active toolchain
aarch64-apple-darwin aarch64-unknown-none-softfloat wasm32-unknown-unknown
active toolchain
nightly-aarch64-apple-darwin (directory override for '/Users/sachin/downloads/islet') rustc 1.85.0-nightly (c26db435b 2024-12-15)
I also want to work on this project, I liked the project and wish to contribute.
Hi @bokdeuk-jeong getting following error
error: could not compilersi-test` (bin "rsi-test"); 1 warning emittedCaused by: process didn't exit successfully:
/Users/sachin/.rustup/toolchains/nightly-aarch64-apple-darwin/bin/rustc --crate-name rsi_test --edition=2021 realm/rsi-test/src/main.rs --error-format=json --json=diagnostic-rendered-ansi,artifacts,future-incompat --diagnostic-width=107 --crate-type bin --emit=dep-info,link -C panic=abort -C embed-bitcode=no -C debuginfo=2 -C split-debuginfo=unpacked --check-cfg 'cfg(docsrs)' --check-cfg 'cfg(feature, values())' -C metadata=ba4f7aa1ad74fffc -C extra-filename=-5c6e6e55fb55c39f --out-dir /Users/sachin/Downloads/LFX25/islet/out/aarch64-apple-darwin/debug/deps --target aarch64-apple-darwin -C incremental=/Users/sachin/Downloads/LFX25/islet/out/aarch64-apple-darwin/debug/incremental -L dependency=/Users/sachin/Downloads/LFX25/islet/out/aarch64-apple-darwin/debug/deps -L dependency=/Users/sachin/Downloads/LFX25/islet/out/debug/deps(exit status: 101) warning: build failed, waiting for other jobs to finish...`after running :
cargo build --target aarch64-apple-darwin
My setup :
islet % rustup show
Default host: aarch64-apple-darwin rustup home: /Users/sachin/.rustup
installed toolchains
stable-aarch64-apple-darwin (default) nightly-2024-04-21-aarch64-apple-darwin nightly-aarch64-apple-darwin 1.75.0-aarch64-apple-darwin 1.70-aarch64-apple-darwin
installed targets for active toolchain
aarch64-apple-darwin aarch64-unknown-none-softfloat wasm32-unknown-unknown
active toolchain
nightly-aarch64-apple-darwin (directory override for '/Users/sachin/downloads/islet') rustc 1.85.0-nightly (c26db435b 2024-12-15)
First, thank you for your interest in our project.
Since rsi-test operates as a Realm, it must be built for the aarch64-unknown-linux-gnu target. Please refer to the Makefile
Additionally, the current tests are conducted in a Linux environment. If you are using a Mac, I recommend using a VM or Docker to test in a Linux environment. The way to setup the development on linux is here.
Furthermore, it might be easier to approach the following tests before working on rsi-test:
- Crates Test: Test cases for RMM functionality that can run in the std environment: scripts/tests/crates.sh
- MIRI Test: Tests executed using the MIRI tool: scripts/tests/miri.sh
- ACS Test: Comprehensive tests for RMM’s RMI and RSI functionalities: scripts/tests/acs.sh
Hi @bokdeuk-jeong and @bitboom,
I am really excited about the opportunity to contribute to this project, as it aligns perfectly with my background in Rust programming, testing, and systems-level development. Here’s a brief overview of my relevant experience:
Google Summer of Code Mentee — DatenLord Enhanced testing and reliability in distributed systems by integrating deterministic simulation tools with fault injection capabilities (e.g., network partitions, message loss) to simulate chaotic and failure-prone environments, ensuring system resilience and correctness. Technologies: Rust, Distributed Systems, Chaos Engineering, Deterministic Simulation, Testing
Summer of Bitcoin Intern — Validating Lightning Signer Developed a modular fund recovery framework for handling force closes, breaches, and various transaction types (e.g., commitment, 2nd level HTLCs, sweeps). Enhanced logging, testing, and fee management while ensuring compatibility with standard and no-std environments. Technologies: Rust, Cryptography, Blockchain, Fault Tolerance, Lightning Network
Code for GovTech Intern — Dhiway Developed the ‘UseOnce’ Substrate pallet for efficient runtime storage and transaction processing to mark statements as usable just once. Technologies: Rust, Substrate, Blockchain, TypeScript
EMG-Controlled Prosthetic Hand Designed and developed an EMG-driven prosthetic arm with precise joint control, signal processing, and fuzzy logic classification. Technologies: C++, fuzzylite
Could you please guide me on where to begin, any prerequisites to learn, and potential first issues to solve? Could you also recommend any specific Rust libraries, tools, or techniques that would be essential for integrating fuzz testing with Islet’s CI pipeline, and how best to familiarize myself with ARM’s RMM specification for testing the RMI and RSI interfaces?
Best Regards, Harsh Email: [email protected] LinkedIn: https://www.linkedin.com/in/harsh1s/
Hi @Harsh1s,
Thank you so much for expressing interest in the Islet project! We're especially excited to hear from someone with strong exprience in Rust and system testing.
To formally apply, please submit your application through the official mentorship program platfrom at https://mentorship.lfx.linuxfoundation.org/project/fbd406ee-5d76-4d8b-939d-c37d42643fa8. This ensures that all applicants are properly tracked and reviewed as part of the program.
Looking forward to seeing your application there! Feel free to reach out if you have any questions about the process.
Hi @bokdeuk-jeong, @bitboom
- I have a quick suggestion for a problem with setting up the project! while running
./scripts/init.shinside Ubuntu 24, it's failing to run thepip3 install tomlcommand(/scripts/deps/pkgs.sh) due to the errorexternally-managed-environment - this error arises particularly in ubuntu(or newer debian based distros), as new changes were introduced to prevent conflicts between system-managed and user-managed python packages. This link contains the detail about the changes
- to integrate the project further in future, I think it's necessary to prevent conflicts between globally managed and user managed python packages
- To solve this problem, currently I am using python env for creating a temporary environment for toml, and put venv folder inside the .gitignore
- Please suggest your views on this issue! If my method looks good for this problem, then I can go ahead and create a pr for review! But I am not sure whether using another environment for a dependency is a good idea or not!
Hi @drvcodenta, Thank you for bringing this to our attention. Creating a virtual environment for this seems like a good idea. Could you please prepare a PR for that? Please don't forget to sign off your commits.
Thank you everyone for your interest in this Mentorship opportunity.
As @bokdeuk-jeong mentioned earlier, interested applicants can apply on the LFX Mentorship portal here: https://mentorship.lfx.linuxfoundation.org/project/fbd406ee-5d76-4d8b-939d-c37d42643fa8
For those who've already applied, we expect the mentors to reach out and start the interviews shortly.
For any application or logistics-related question around the mentorship, and to hear about additional mentorship opportunities for CCC projects in 2025, please join the #mentorship_program channel on the CCC slack: slack.confidentialcomputing.io
Hi @bokdeuk-jeong, I am really excited and willing to contribute to this project. I am willing to put all my efforts to this as it seems really exciting.
