Brussels / 3 & 4 February 2024


How we almost secured our projects by writing more tests

Since its early days (Go 1.2 - 2013), Go has offered great support for code coverage. Recently, the community also introduced the same support for integration tests. This feature gives projects written in Go better visibility about test coverage, resulting in enhanced stability and more. ARMO's experiment consisted of providing the complete test coverage percentage as a metric for generated Seccomp profiles. During the automated tests we hooked the system calls, collecting them into a security profile, by using eBPF. This allowed us to measure the generated profile reliability that was created with the system calls used during this time. Unfortunately, not all the experiments succeed. This talk will give an introduction to the research we did and end what are the limitations that we encountered during our journey.


Photo of Alessio Greggi Alessio Greggi