Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Using Seccomp to Limit the Kernel Attack Surface

NDC Conferences via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the intricacies of Seccomp (secure computing) in this comprehensive 52-minute conference talk by Michael Kerrisk at NDC Conferences. Dive deep into the Linux kernel's system call filtering mechanism, understanding how to limit and control program interactions with the kernel. Learn about the BPF virtual machine, its role in examining system call numbers and arguments, and how to write effective filter programs. Discover practical examples of restricting permitted system calls, productivity aids for BPF filter creation, and important considerations for implementation. Gain valuable insights into this widely-used tool employed by Docker, LXC, web browsers, systemd, Flatpak, and Firejail. From Seccomp's history and filter modes to BPF instructions and system call conventions, acquire a solid foundation in enhancing Linux system security through precise system call management.

Syllabus

Intro
What is Seccomp
System calls
Seccomp history
Filter mode
System call limitation
Seccomp
Second Filtering
BPF
Virtual Machine
Conditional Jump Instructions
Relative Offsets
System Call Structure
BPF Statement
BPF Jump
BPF Return
ADD
Architecture
System Call Numbers
System Call Conventions
Filter Program
Example
Performance Cost
Which System Causes My Application Make
What About That
System Call Filtering
Lubeset Comp
Seccomp Context
BPF Compiler
JIT Compiler
Applications
Further Information
Questions

Taught by

NDC Conferences

Reviews

Start your review of Using Seccomp to Limit the Kernel Attack Surface

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.