KAFE: Kernel Analysis Front-End for Software Assurance

KAFE is a tool for kernel inspection, navigation, iterative drill down and analysis with an easy to use interface for searching and sorting on kernel files, functions, types, variables, macros, and symbols. Although debuggers are geared towards run-time program analysis, the information they rely on offers a powerful basis for the static analysis of programs. The KAFE relational database is automatically gen-erated by analyzing the "Debug With Arbitrary Records Format" information. While we gain a great deal of insight into the workings of the Linux kernel and could hopefully recognize potentially problematic violations of data isolation and encapsulation, the scope of the KAFE tool goes behind kernel inspection and could be applied to program understanding in general. This paper shows how this approach differs from static source code analysis, run-time analysis or debuggers. The database generation and architecture are described and the interface is illustrated.