English
Related papers

Related papers: Programmable System Call Security with eBPF

200 papers

The Linux kernel extensively uses the Berkeley Packet Filter (BPF) to allow user-written BPF applications to execute in the kernel space. The BPF employs a verifier to check the security of user-supplied BPF code statically. Recent attacks…

Cryptography and Security · Computer Science 2024-06-10 Hongyi Lu , Shuai Wang , Yechang Wu , Wanning He , Fengwei Zhang

In kernel-centric operations, the uprobe component of eBPF frequently encounters performance bottlenecks, largely attributed to the overheads borne by context switches. Transitioning eBPF operations to user space bypasses these hindrances,…

Operating Systems · Computer Science 2025-08-01 Yusheng Zheng , Tong Yu , Yiwei Yang , Yanpeng Hu , Xiaozheng Lai , Andrew Quinn

Performance in modern GPU-centric systems increasingly depends on resource management policies, including memory placement, scheduling, and observability. However, uniform policies typically yield suboptimal performance across diverse…

Operating Systems · Computer Science 2025-12-23 Yusheng Zheng , Tong Yu , Yiwei Yang , Minghui Jiang , Xiangyu Gao , Jianchang Su , Yanpeng Hu , Wenan Mao , Wei Zhang , Dan Williams , Andi Quinn

Safe kernel extensions have gained significant traction, evolving from simple packet filters to large, complex programs that customize storage, networking, and scheduling. Existing kernel extension mechanisms like eBPF rely on in-kernel…

The Transmission Control Protocol (TCP) is one of the most important protocols in today's Internet. Its specification and implementations have been refined for almost forty years. The Linux TCP stack is one of the most widely used TCP…

Networking and Internet Architecture · Computer Science 2019-05-23 Viet-Hoang Tran , Olivier Bonaventure

Extended Berkeley Packet Filter (eBPF) allows developers to extend Linux kernel functionality without modifying its source code. To ensure system safety, an in-kernel safety checker, the verifier, enforces strict safety constraints (for…

Software Engineering · Computer Science 2025-11-24 Qian Zhu , Yuxuan Liu , Ziyuan Zhu , Shangqing Liu , Lei Bu

Nowadays, many control systems are networked and embed communication and computation capabilities. Such control architectures are prone to cyber attacks on the cyberinfrastructure. Consequently, there is an impellent need to develop…

Systems and Control · Electrical Eng. & Systems 2025-05-19 Mohammad Bajelani , Mehran Attar , Walter Lucia , Klaske van Heusden

With rapid improvements in NVM storage devices, the performance bottleneck is gradually shifting to the network, thus giving rise to the notion of "data movement wall". To reduce the amount of data movement over the network, researchers…

Distributed, Parallel, and Cluster Computing · Computer Science 2020-02-27 Kornilios Kourtis , Animesh Trivedi , Nikolas Ioannou

Despite the wide usage of container-based cloud computing, container auditing for security analysis relies mostly on built-in host audit systems, which often lack the ability to capture high-fidelity container logs. State-of-the-art…

Cryptography and Security · Computer Science 2021-11-05 Soo Yee Lim , Bogdan Stelea , Xueyuan Han , Thomas Pasquier

The page cache is a central part of an OS. It reduces repeated accesses to storage by deciding which pages to retain in memory. As a result, the page cache has a significant impact on the performance of many applications. However, its…

Operating Systems · Computer Science 2025-02-06 Tal Zussman , Ioannis Zarkadas , Jeremy Carin , Andrew Cheng , Hubertus Franke , Jonas Pfefferle , Asaf Cidon

The cost of communication between the operating system kernel and user applications has long blocked improvements in software performance. Traditionally, operating systems encourage software developers to use the system call interface to…

Operating Systems · Computer Science 2025-07-01 Boming Kong , Zhizhou Zhang , Jonathan Balkind

With the advent of Software Defined Networks (SDN), Network Function Virtualisation (NFV) or Service Function Chaining (SFC), operators expect networks to support flexible services beyond the mere forwarding of packets. The network…

Networking and Internet Architecture · Computer Science 2018-10-25 Mathieu Xhonneux , Fabien Duchene , Olivier Bonaventure

Linux-based cloud environments have become lucrative targets for ransomware attacks, employing various encryption schemes at unprecedented speeds. Addressing the urgency for real-time ransomware protection, we propose leveraging the…

Cryptography and Security · Computer Science 2024-09-11 Adrian Brodzik , Tomasz Malec-Kruszyński , Wojciech Niewolski , Mikołaj Tkaczyk , Krzysztof Bocianiak , Sok-Yen Loui

Undefined behavior in C often causes devastating security vulnerabilities. One practical mitigation is compartmentalization, which allows developers to structure large programs into mutually distrustful compartments with clearly specified…

We leverage eBPF in order to implement custom policies in the Linux memory subsystem. Inspired by CBMM, we create a mechanism that provides the kernel with hints regarding the benefit of promoting a page to a specific size. We introduce a…

Operating Systems · Computer Science 2024-09-18 Konstantinos Mores , Stratos Psomadakis , Georgios Goumas

Security Enhanced Linux (SELinux) is a security architecture for Linux implementing mandatory access control. It has been used in numerous security-critical contexts ranging from servers to mobile devices. But this is challenging as SELinux…

Cryptography and Security · Computer Science 2022-06-01 Lorenzo Ceragioli , Letterio Galletta , Pierpaolo Degano , David Basin

The extended Berkeley Packet Filter (eBPF) is useful for faster packet processing and network monitoring in softwarized deployments. Similarly, softwarized deployments of 5G core network services adopted eBPF to meet the stringent latency…

Networking and Internet Architecture · Computer Science 2026-03-23 Yash Deshpande , Samaresh Bera

We present BPFroid -- a novel dynamic analysis framework for Android that uses the eBPF technology of the Linux kernel to continuously monitor events of user applications running on a real device. The monitored events are collected from…

Cryptography and Security · Computer Science 2021-06-01 Yaniv Agman , Danny Hendler

The Linux kernel is one of the most important Free/Libre Open Source Software (FLOSS) projects. It is installed on billions of devices all over the world, which process various sensitive, confidential or simply private data. It is crucial…

Software Engineering · Computer Science 2020-01-07 Denis Efremov , Ilya Shchepetkov

Protected user-level libraries have been proposed as a way to allow mutually distrusting applications to safely share kernel-bypass services. In this paper, we identify and solve several previously unaddressed obstacles to realizing this…

Operating Systems · Computer Science 2025-09-04 Alan Beadle , Michael L. Scott , John Criswell