In 2016, Alexander Popov was a Linux kernel developer who had contributed 14 patches into the mainline kernel.
Alexander wanted to become a more effective open source contributor in the future, so he applied for and was awarded a Linux Foundation Training (LiFT) Scholarship in the Kernel Guru category.
We followed up with Alexander recently to hear what he’s been up to since completing his Linux Foundation training.
Linux Foundation: What training did you take with your scholarship?
Alexander Popov: I attended Linux Kernel Internals and Development (LFD420).
LF: What was the most useful thing you learned through this training?
AP: That course gave me a nice overview of Linux kernel development. It helped me to review my skills and knowledge during the course. I found the kernel development areas that I needed to learn better and I gained confidence in my skills.
LF: Has your job changed since receiving the scholarship? What did you do before, and what are you doing now?
After receiving the scholarship, I managed to achieve my dream and become a Linux kernel security researcher. Now I have a lot of fun working on the Linux kernel vulnerabilities, exploitation techniques and defensive technologies.
LF: Are you contributing to any open source projects? Which ones?
AP: Yes, I’m working in that direction, including making several dozens commits in the mainline Linux kernel:
Some of them are fixes of exploitable vulnerabilities, and some are about Linux kernel self-protection.
I also work on two open source projects that I started in 2018.
First one is the Linux Kernel Defence Map (https://github.com/a13xp0p0v/linux-kernel-defence-map). That is a graphical representation of the current state of Linux kernel security. That map shows the relationships between vulnerability classes, exploitation techniques, bug detection mechanisms and defence technologies.
My second project is kconfig-hardened-check (https://github.com/a13xp0p0v/kconfig-hardened-check). That tool checks the Linux kernel Kconfig option list against the security hardening preferences. I know that several Linux distributions use that project, a fact that cheers me up.
LF: Have you shared the knowledge you gained with others? How so?
Yes, in late 2019 I gave a lecture course myself. It was a free practical course about Linux kernel security for university students in Moscow. Sometimes when I finish an interesting research, I speak about it at technical conferences and describe the research results in my blog at https://a13xp0p0v.github.io/.
2020 LiFT scholarship applications have closed, and winners will be announced in late June.