all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

MOAT: Towards Safe BPF Kernel Extension. (arXiv:2301.13421v1 [cs.CR])

Add to bookmarks
Feb. 1, 2023, 2:10 a.m. | Hongyi Lu, Shuai Wang, Yechang Wu, Wanning He, Fengwei Zhang

cs.CR updates on arXiv.org arxiv.org

The Linux kernel makes considerable use of Berkeley Packet Filter (BPF) to
allow user-written BPF applications to execute in the kernel space. BPF employs
a verifier to statically check the security of user-supplied BPF code. Recent
attacks show that BPF programs can evade security checks and gain unauthorized
access to kernel memory, indicating that the verification process is not
flawless. In this paper, we present MOAT, a system that isolates potentially
malicious BPF programs using Intel Memory Protection Keys (MPK). …

access applications attacks berkeley packet filter bpf check code evade extension filter kernel linux linux kernel malicious memory packet process safe security space system unauthorized access verification

Visit resource

More from arxiv.org / cs.CR updates on arXiv.org

Differentially private Bayesian tests 1 day, 2 hours ago | arxiv.org
arxiv confidential cornerstone cs.cr +16
On the Learnability of Watermarks for Language Models 1 day, 2 hours ago | arxiv.org
arxiv ask can cs.cl +12
Intriguing Properties of Diffusion Models: An Empirical Study of the Natural Attack Capability in Text-to-Image … 1 day, 2 hours ago | arxiv.org
applications arxiv attack cs.cr +14
On the Reliability of Watermarks for Large Language Models 1 day, 2 hours ago | arxiv.org
arxiv bots cs.cl cs.cr +23
A Watermark for Large Language Models 1 day, 2 hours ago | arxiv.org
arxiv can cs.cl cs.cr +13
Asymmetric Distributed Trust 1 day, 2 hours ago | arxiv.org
abstraction algorithms arxiv can +12
Read Disturbance in High Bandwidth Memory: A Detailed Experimental Study on HBM2 DRAM Chips 1 day, 2 hours ago | arxiv.org
arxiv bandwidth chips cs.ar +5
ABACuS: All-Bank Activation Counters for Scalable and Low Overhead RowHammer Mitigation 1 day, 2 hours ago | arxiv.org
access address area arxiv +17
A Case Study of Large Language Models (ChatGPT and CodeBERT) for Security-Oriented Code Analysis 1 day, 2 hours ago | arxiv.org
analysis arxiv can capabilities +17

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Security Specialist

@ Nestlé | St. Louis, MO, US, 63164
View on infosec-jobs.com

Cybersecurity Analyst

@ Dana Incorporated | Pune, MH, IN, 411057
View on infosec-jobs.com

Sr. Application Security Engineer

@ CyberCube | United States
View on infosec-jobs.com

Linux DevSecOps Administrator (Remote)

@ Accenture Federal Services | Arlington, VA
View on infosec-jobs.com

Cyber Security Intern or Co-op

@ Langan | Parsippany, NJ, US, 07054-2172
View on infosec-jobs.com

Security Advocate - Application Security

@ Datadog | New York, USA, Remote
View on infosec-jobs.com
View more jobs