Overview
Explore the concept of Kernel Runtime Security Instrumentation (KRSI) in this informative conference talk by KP Singh from Google. Learn about the limitations of existing Linux Security Modules and how KRSI aims to provide an extensible solution using eBPF programs. Discover the benefits of attaching userspace programs to security hooks without kernel modifications. Gain insights into representative use cases, comparisons with alternatives like Landlock and kprobes+eBPF, and understand the proposed design and interfaces. Watch a live demonstration and explore the potential impact of KRSI on security and auditing software development. Delve into the introduction, motivation, eBPF, detections, future plans, and conclusion of this groundbreaking approach to kernel security.
Syllabus
Introduction
Motivation
EBPF
Detections
Future plans
Conclusion
Taught by
Linux Foundation