Overview
Explore container privilege escalation detection using eBPF for cloud native security in this informative conference talk. Learn how to leverage eBPF, a built-in kernel capability, to address privilege escalation issues in container environments without modifying kernel code or inserting kernel modules. Discover implementation results using various eBPF-based tools, including open-source options, bpftrace, BCC, and BPF-CORE. Gain insights into practical applications for Kubernetes environments by enhancing open-source monitoring tools with privilege escalation detection capabilities. Understand container escape scenarios, privilege escalation techniques, and defense mechanisms. Delve into monitoring container privilege changes and explore eBPF tools like traceebpf and bpftrace. Examine practical monitoring solutions such as Pixie. Acquire valuable knowledge on utilizing eBPF for container security in real-world settings, beneficial for developers and administrators seeking to enhance Linux system security visibility and container defense.
Syllabus
Introduction
Container Escape!
Privilege Escalation
Defense Mechanisms
Monitoring Container Privilege Changes
eBPF Tools: tracee
bpftrace
Practical Monitoring: Pixie
Taught by
Linux Foundation