Towards Secure Kernel Extensibility with eBPF

Name: Towards Secure Kernel Extensibility with eBPF
Start: 2024-09-11T12:25:00Z
End: 2024-09-11T12:30:00Z
Location: Virtual

Sep 11, 2024·

Soo Yee Lim

· 0 min read

Slides Video

Abstract

Incessant discoveries of vulnerabilities have shown that the eBPF verifier can be bypassed, allowing attackers to inject malicious eBPF programs into the kernel. Prior work formally verified parts of the eBPF verifier to improve security, but formally verifying the entire eBPF verifier is untenable. A major overhaul of completely retiring the current verifier and using instead a memory-safe language like Rust only shifts the problem from the verifier to the external Rust toolchain. Instead, we sandbox eBPF programs by leveraging software-based and hardware-assisted isolation techniques, thereby preventing memory safety vulnerabilities from being exploited at runtime. Our solution achieves minimal overhead (up to 4%) on macrobenchmarks while achieving desired security properties.

Date

Sep 11, 2024 12:25 PM — 12:30 PM

Event

eBPF Summit

Location

Virtual

Last updated on Sep 11, 2024

EBPF SFI MTE

Authors

Soo Yee Lim

PhD Candidate