Litcius/Paper detail

Understanding the Security of Linux eBPF Subsystem

Mohamed Husain Noor Mohamed, Xiaoguang Wang, Binoy Ravindran

202315 citationsDOIOpen Access PDF

Abstract

Linux eBPF allows a userspace application to execute code inside the Linux kernel without modifying the kernel code or inserting a kernel module. An in-kernel eBPF verifier pre-verifies any untrusted eBPF bytecode before running it in kernel context. Currently, users trust the verifier to block malicious bytecode from being executed.

Topics & Concepts

BytecodeComputer scienceConfigfsOperating systemKernel (algebra)Linux kernelsysfsCode (set theory)Context (archaeology)Programming languageEmbedded systemVirtual machineBiologyMathematicsCombinatoricsSet (abstract data type)PaleontologySecurity and Verification in ComputingAdvanced Data Storage TechnologiesAdvanced Malware Detection Techniques
Understanding the Security of Linux eBPF Subsystem | Litcius