English
Related papers

Related papers: Programmable System Call Security with eBPF

200 papers

Extended Berkeley Packet Filter (eBPF) is a runtime that enables users to load programs into the operating system (OS) kernel, like Linux or Windows, and execute them safely and efficiently at designated kernel hooks. Each program passes…

The eBPF framework enables execution of user-provided code in the Linux kernel. In the last few years, a large ecosystem of cloud services has leveraged eBPF to enhance container security, system observability, and network management.…

Cryptography and Security · Computer Science 2024-09-13 Soo Yee Lim , Tanya Prasad , Xueyuan Han , Thomas Pasquier

With the improvements in computing technologies, edge devices in the Internet-of-Things have become more complex. The enabler technology for these complex systems are powerful application core processors with operating system support, such…

Cryptography and Security · Computer Science 2023-01-13 Robert Schilling , Pascal Nasahl , Martin Unterguggenberger , Stefan Mangard

eBPF is a technology that allows developers to safely extend kernel functionality without modifying kernel source code or developing loadable kernel modules. Since the kernel governs critical system operations and enforces isolation…

Programming Languages · Computer Science 2025-07-15 Swarn Priya , Frédéric Besson , Connor Sughrue , Tim Steenvoorden , Jamie Fulford , Freek Verbeek , Binoy Ravindran

Operating systems rely on system calls to allow the controlled communication of isolated processes with the kernel and other processes. Every system call includes a processor mode switch from the unprivileged user mode to the privileged…

Cryptography and Security · Computer Science 2022-02-01 Luis Gerhorst , Benedict Herzog , Stefan Reif , Wolfgang Schröder-Preikschat , Timo Hönig

Extended Berkeley Packet Filter (BPF) has emerged as a powerful method to extend packet-processing functionality in the Linux operating system. BPF allows users to write code in high-level languages (like C or Rust) and execute them at…

Networking and Internet Architecture · Computer Science 2021-07-16 Qiongwen Xu , Michael D. Wong , Tanvi Wagle , Srinivas Narayana , Anirudh Sivaraman

For safety reasons, unprivileged users today have only limited ways to customize the kernel through the extended Berkeley Packet Filter (eBPF). This is unfortunate, especially since the eBPF framework itself has seen an increase in scope…

Operating Systems · Computer Science 2023-08-16 Soo Yee Lim , Xueyuan Han , Thomas Pasquier

Linux containers currently provide limited isolation guarantees. While containers separate namespaces and partition resources, the patchwork of mechanisms used to ensure separation cannot guarantee consistent security semantics. Even worse,…

Cryptography and Security · Computer Science 2021-02-16 William Findlay , David Barrera , Anil Somayaji

The ability to modify and extend an operating system is an important feature for improving a system's security, reliability, and performance. The extended Berkeley Packet Filters (eBPF) ecosystem has emerged as the standard mechanism for…

Artificial Intelligence · Computer Science 2023-12-12 Yusheng Zheng , Yiwei Yang , Maolin Chen , Andrew Quinn

Software vulnerabilities in applications undermine the security of applications. By blocking unused functionality, the impact of potential exploits can be reduced. While seccomp provides a solution for filtering syscalls, it requires manual…

Cryptography and Security · Computer Science 2020-12-07 Claudio Canella , Mario Werner , Daniel Gruss , Michael Schwarz

Restricting the system calls available to applications reduces the attack surface of the kernel and limits the functionality available to compromised applications. Recent approaches automatically identify the system calls required by…

Cryptography and Security · Computer Science 2023-09-28 Vidya Lakshmi Rajagopalan , Konstantinos Kleftogiorgos , Enes Göktaş , Jun Xu , Georgios Portokalidis

With the increasing use and adoption of cloud and cloud-native computing, the underlying technologies (i.e., containerization and virtualization) have become foundational. However, strict isolation and maintaining runtime security in these…

Cryptography and Security · Computer Science 2025-11-25 Sangam Ghimire , Nirjal Bhurtel , Roshan Sahani , Sudan Jha

With the development of Internet of Things (IoT), it is gaining a lot of attention. It is important to secure the embedded systems with low overhead. The Linux Seccomp is widely used by developers to secure the kernels by blocking the…

Cryptography and Security · Computer Science 2025-10-07 Dongyang Zhan , Zhaofeng Yu , Xiangzhan Yu , Hongli Zhang , Lin Ye , Likun Liu

Browsers, Library OSes, and system emulators rely on sandboxes and in-process isolation to emulate system resources and securely isolate untrusted components. All access to system resources like system calls (syscall) need to be securely…

Cryptography and Security · Computer Science 2024-06-12 Fangfei Yang , Anjo Vahldiek-Oberwagner , Chia-Che Tsai , Kelly Kaoudis , Nathan Dautenhahn

eBPF is a new technology which allows dynamically loading pieces of code into the Linux kernel. It can greatly speed up networking since it enables the kernel to process certain packets without the involvement of a userspace program. So far…

Cryptography and Security · Computer Science 2022-03-07 Maximilian Bachl , Joachim Fabini , Tanja Zseby

The eBPF technology in the Linux kernel has been widely adopted for different applications, such as networking, tracing, and security, thanks to the programmability it provides. By allowing user-supplied eBPF programs to be executed…

Cryptography and Security · Computer Science 2023-05-16 Hsin-Wei Hung , Ardalan Amiri Sani

The core component of an Industrial Control System (ICS) is often a Programmable Logic Controller (PLC) combined with various modules. In such systems, the communication between devices is mainly based on the Modbus protocol, which was…

Cryptography and Security · Computer Science 2023-12-12 Jia-Yi Jhan , Hung-Min Sun

Searchable Symmetric Encryption (SSE) allows users to search over encrypted data stored on untrusted servers, like cloud providers. While SSE hides the content of queries and documents, it still leaks patterns, such as how often a query is…

Cryptography and Security · Computer Science 2026-03-10 Chinecherem Dimobi

Growing code bases of modern applications have led to a steady increase in the number of vulnerabilities. Control-Flow Integrity (CFI) is one promising mitigation that is more and more widely deployed and prevents numerous exploits. CFI…

Cryptography and Security · Computer Science 2022-03-01 Claudio Canella , Sebastian Dorn , Daniel Gruss , Michael Schwarz

High-performance IO demands low-overhead communication between user- and kernel space. This demand can no longer be fulfilled by traditional system calls. Linux's extended Berkeley Packet Filter (BPF) avoids user-/kernel transitions by…

Cryptography and Security · Computer Science 2025-01-09 Luis Gerhorst , Henriette Herzog , Peter Wägemann , Maximilian Ott , Rüdiger Kapitza , Timo Hönig
‹ Prev 1 2 3 10 Next ›