Towards Secure Kernel Extensibility with eBPF

Incessant discoveries of vulnerabilities have shown that the eBPF verifier can be bypassed, allowing attackers to inject malicious eBPF programs into the kernel. Prior work formally verified parts of the eBPF verifier to improve security, but formally verifying the entire eBPF verifier is untenable. A major overhaul of completely retiring the current verifier and using instead a memory-safe language like Rust only shifts the problem from the verifier to the external Rust toolchain. Instead, we sandbox eBPF programs by leveraging software-based and hardware-assisted isolation techniques, thereby preventing memory safety vulnerabilities from being exploited at runtime. Our solution achieves minimal overhead (up to 4%) on macrobenchmarks while achieving desired security properties.

Sep 11, 2024 12:25 PM — 12:30 PM