Elements of trust are nearly ubiquitous in software development, spanning from security concerns to trustworthiness and reliability. Current projects address the question of trust in many aspects.

Red Hat Research and its university partners focus strategically on projects with the most promise to shape the future of how we use technology. Each quarter, RHRQ will publish an overview of our research in a specific area, such as edge computing, hybrid cloud, and security. In this issue, we focus on projects related to trust.

Several projects at Red Hat Research pertain to the notion of trust. There are multiple views of trust, however: it naturally arises in security (trust put by users in data confidentiality, integrity, and provenance) but manifests itself in quality assurance as well (users expecting reliable, bug-free, trustworthy software). 

There seems to be a huge gap in the level and maturity of these aspects of trust in the wild. While most large companies heavily invest in reliability and security across their portfolios, many organizations are only at the beginning of their journey to make their products secure and trustworthy.

Although the market is full of trust-related tools addressing individual issues, these are just small, discrete blocks. Building a comprehensive, trustworthy solution from them is usually rather challenging, and the result is often fragile. Although to build a full solution, one must start by creating the product or service blocks, it’s essential to also bind them into a coherent end-to-end design for deployment once all the blocks are ready. This is especially critical because the weakest link determines the overall trust level.

Below, we’ll look at the midterm outlook for five trust-related research collaborations between Red Hat Research and universities in Boston, Massachusetts, and Brno, Czechia. While some projects represent very specialized blocks addressing a particular trust issue, others attempt to integrate multiple pieces and span a wider part of the ecosystem.

Security

The Sec-certs project, a cooperation with Masaryk University, Czechia, looks at the ecosystem of security certifications (e.g., Common Criteria, FIPS 140. FedRAMP). By analyzing the available metadata, parsing the available PDF documentation for each certification, and cross-referencing other datasets (e.g., CPEs, CVEs, CWEs), Sec-certs attempts to piece together multiple existing blocks in the domain. The outlook for 2024 includes creating a dashboard showing ecosystem statistics in real time, stabilizing the codebase, and showcasing the tool to the community at multiple global certifications events. Another open direction is involving sophisticated natural language processing tools to enrich the dataset even more.

Another open direction is involving sophisticated natural language processing tools to enrich the dataset even more.

Two projects in the Red Hat Collaboratory at Boston University consider the security aspects of trust. The CoFHE project prepares for a future with seamless encrypted computing in the cloud by building a compiler to make fully homomorphic encryption (FHE) more accessible for use cases like data science. Although speeds of FHE move into the feasible range when using hardware acceleration, designing the corresponding code still remains a specialized task for security engineers. CoFHE proposes a comprehensive FHE compiler framework to automate the process of generating implementations using the Cheon-Kim-Kim-Sing (CKKS) scheme. It targets machine learning applications due to their current pervasiveness in the cloud. During 2024, the authors plan to do both the necessary background modeling work and develop an initial design for the compiler framework.

The second Collaboratory project, the HySe project investigates hypervisor security through component-wise fuzzing. Considering the complicated building structure of today’s hypervisors, HySe proposes to identify less usual interfaces between the hypervisor and its guest VMs (e.g., VM migration interface of disk modification interface). By applying fuzzing techniques even in these less exposed places, HySe will help strengthen the crucial isolation guarantees the hypervisor should provide. Throughout 2024, the project team plans to, first, identify existing interfaces and conduct the appropriate threat modeling on them. Second, they will design, implement, and evaluate program analysis techniques to preemptively identify bugs and vulnerabilities in the individual hypervisor components that form the exposed interface surface.

Quality assurance

The Lock ’n Load project, also a part of the Red Hat Collaboratory, sets out to address an underrated specialized issue: the inability to detect deadlocks in binary-only kernel modules. For cases where source code is available, an existing Lockdep tool can be used for this task. However, Lockdep’s detection mechanisms fall short for binary-only kernel modules such as proprietary drivers. Over 2024, the project aims to decouple metadata from locking data structures, automatically configure and build a suitable kernel, and evaluate Lock ‘n Load’s deadlock detection ability.

Last but not least, Project Perun, a cooperation with Brno University of Technology, Czechia, combines multiple blocks of software development and quality engineering to increase software trustworthiness, aiming to help reliably identify root causes of performance degradations. Perun binds code performance profiles to the project’s version control system, thus allowing QE engineers to identify offending commits and functions quickly. Since early 2024, the researchers have been intensely cooperating with the kernel performance team at Red Hat to pilot test the tool in reliability and performance testing of kernel versions for an upcoming RHEL 10 release.

Explore these and other security-related projects in the research directory of the Red Hat Research website.