Name: Kernel Runtime Security Instrumentation - KP Singh, Google *
Start: 2019-08-19T11:35:00-0700
End: 2019-08-19T12:15:00-0700

Kernel Runtime Security Instrumentation - KP Singh, Google *

Feedback form is now closed.

Kernel Runtime Security Instrumentation (KRSI) [1] aims to provide an extensible Linux Security Module (LSM) by allowing userspace programs and system owners to attach eBPF (extended Berkeley Packet Filter) programs to security hooks. This makes the LSM framework extensible without needing to rebuild/re-write and enables a new class of security and auditing software.

The talk discusses the need for such an LSM (with representative use cases) and compares it to some existing alternatives, such as Landlock, a separate custom LSM, kprobes+eBPF etc. The second half of the talk outlines the proposed design and interfaces, and includes a live demo.

[1] https://github.com/sinkap/linux-krsi

Speakers

KP Singh

Staff Software Engineer, Google

KP Singh is the author and maintainer of the mainline eBPF LSM (a.k.a KRSI) for flexible security audit and policy enforcement on Linux. At Google, he leads the effort to build telemetry and detection software deployed on Google's corp, prod and cloud endpoints spanning different... Read More →

Kernel Runtime Security Instrumentation pdf

Monday August 19, 2019 11:35am - 12:15pm PDT
Sapphire D

Refereed Presentation

Session Slides Included Yes

Linux Security Summit North America 2019

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

KP Singh