Overview
Explore the concept of Kernel Runtime Security Instrumentation (KRSI) in this 33-minute conference talk by KP Singh from Google. Dive into the extensible Linux Security Module that allows userspace programs and system owners to attach eBPF programs to security hooks. Learn about the need for KRSI, its representative use cases, and how it compares to existing alternatives like Landlock, custom LSMs, and kprobes+eBPF. Examine the proposed design and interfaces, and witness a live demonstration of KRSI in action. Gain insights into signaling, mitigation strategies, and other relevant signals in kernel security. Understand the underlying structure of LSM and explore various alternatives through case studies and discussions.
Syllabus
Introduction
Signaling and Mitigation
Other Signals
Medications
How does it work
VNeck
LSM
Structure
Alternatives
Case Study
Discussion
Taught by
Linux Foundation