Explore a comprehensive conference talk on Sysarmor, Meta's eBPF-based security detection and enforcement tool. Delve into the tool's deployment in high-threat environments, including collocated hosts, Meta Network Appliances, development servers, Meta cloud gaming, and public cloud platforms. Discover Sysarmor's unique approach of evaluating rules within the BPF program, enabling BPF-LSM enforcement. Learn about its 40+ BPF-based detections covering networking, privilege escalation, hardware attacks, rootkits, unknown executables, container creation, and container escape. Gain insights into challenging areas addressed by the Sysarmor team, such as efficient process information gathering, container information association with kernel data, effective use of uprobes in system executables, and leveraging BPF iterators for context recreation after service restarts.
Overview
Syllabus
Sysarmor Metas eBPF Security Detection and Enforcement Tool- Liam Wisehart, Shankaran Gnanashanmugam
Taught by
Linux Plumbers Conference
Related Courses
-
Real-Time Security: Using eBPF for Preventing Attacks
-
Implementing Container Privilege Escalation Detection Using eBPF for Cloud Native Security
-
Secure the Linux Kernel with eBPF Linux Security Module
-
Lessons from Building Scalable Network Policy Enforcement with eBPF
-
Getting Started with eBPF - Tutorial
-
Validating the eBPF Verifier via State Embedding
