Explore how eBPF can enhance non-repudiable logging in the Linux kernel to improve system integrity attestation. Learn about an extensible interface that allows user-defined programs to leverage TPM-based non-repudiable logging for any kernel data accessible to eBPF programs. Discover how this approach enables more granular system integrity verification through the wide variety of eBPF hook locations. Examine a practical application of this technique in measuring and storing container image digests to verify and attest container integrity. Gain insights into the exciting future of eBPF in security and trust, and its potential for various use cases.
Overview
Syllabus
Extending Non-Repudiable Logs with eBPF - Avery Blanchard, George Almasi
Taught by
Linux Plumbers Conference
Related Courses
-
Kernel Tracing Using eBPF - Mentorship Session
-
Advancing Kernel Control Flow Integrity with eBPF
-
Aya - Extending the Linux Kernel with eBPF and Rust
-
Verifying and Signing EBPF Programs with Inspektor Gadget
-
Getting Started with eBPF - Tutorial
-
eBPF-based Extensible Paravirtualization for High Performance Applications
