Kernel Runtime Security Instrumentation

Explore the concept of Kernel Runtime Security Instrumentation (KRSI) in this informative conference talk by KP Singh from Google. Learn about the limitations of existing Linux Security Modules and how KRSI aims to provide an extensible solution using eBPF programs. Discover the benefits of attaching userspace programs to security hooks without kernel modifications. Gain insights into representative use cases, comparisons with alternatives like Landlock and kprobes+eBPF, and understand the proposed design and interfaces. Watch a live demonstration and explore the potential impact of KRSI on security and auditing software development. Delve into the introduction, motivation, eBPF, detections, future plans, and conclusion of this groundbreaking approach to kernel security.