Export Citations
Save this search
Please login to be able to save your searches and receive alerts for new content matching your search criteria.
- research-articleSeptember 2023
Seeing the Invisible: Auditing eBPF Programs in Hypervisor with HyperBee
eBPF '23: Proceedings of the 1st Workshop on eBPF and Kernel ExtensionsPages 28–34https://doi.org/10.1145/3609021.3609305The flexibility of eBPF makes it widely used in performance, security, and monitoring. However, this flexibility is a double-edged sword, allowing attackers to use eBPF for malicious purposes. Security researchers have discovered multiple backdoors ...
- research-articleSeptember 2023
RingGuard: Guard io_uring with eBPF
eBPF '23: Proceedings of the 1st Workshop on eBPF and Kernel ExtensionsPages 56–62https://doi.org/10.1145/3609021.3609304io_uring offers a flexible yet efficient asynchronous I/O paradigm for Linux. Despite a significant performance improvement, it also brings many security concerns to the kernel. Not only does io_uring itself contain multiple vulnerabilities, but it can ...
- research-articleSeptember 2023
Unleashing Unprivileged eBPF Potential with Dynamic Sandboxing
eBPF '23: Proceedings of the 1st Workshop on eBPF and Kernel ExtensionsPages 42–48https://doi.org/10.1145/3609021.3609301For safety reasons, unprivileged users today have only limited ways to customize the kernel through the extended Berkeley Packet Filter (eBPF). This is unfortunate, especially since the eBPF framework itself has seen an increase in scope over the years. ...
- extended-abstractSeptember 2023
Practical and Flexible Kernel CFI Enforcement using eBPF
eBPF '23: Proceedings of the 1st Workshop on eBPF and Kernel ExtensionsPages 84–85https://doi.org/10.1145/3609021.3609293Enforcing control flow integrity (CFI) in the kernel (kCFI) can prevent control-flow hijack attacks. Unfortunately, current kCFI approaches have high overhead or are inflexible and cannot support complex context-sensitive policies. To overcome these ...
