Explore the concept of Kernel Runtime Security Instrumentation (KRSI) in this 33-minute conference talk by KP Singh from Google. Dive into the extensible Linux Security Module that allows userspace programs and system owners to attach eBPF programs to security hooks. Learn about the need for KRSI, its representative use cases, and how it compares to existing alternatives like Landlock, custom LSMs, and kprobes+eBPF. Examine the proposed design and interfaces, and witness a live demonstration of KRSI in action. Gain insights into signaling, mitigation strategies, and other relevant signals in kernel security. Understand the underlying structure of LSM and explore various alternatives through case studies and discussions.
Overview
Syllabus
Introduction
Signaling and Mitigation
Other Signals
Medications
How does it work
VNeck
LSM
Structure
Alternatives
Case Study
Discussion
Taught by
Linux Foundation
Tags
Related Courses
-
Kernel Runtime Security Instrumentation
-
Inside the Linux Security Modules
-
Kernel Tracing With EBPF
-
Deep Dive - Runtime Security With Falco in Userspace
-
Listen to Your Engine - Unearthing Security Signals from the Modern Linux Kernel
-
Deep Analysis of Exploitable Linux Kernel Vulnerabilities 2017-2019
