all InfoSec news
Programmable System Call Security with eBPF. (arXiv:2302.10366v1 [cs.OS])
cs.CR updates on arXiv.org arxiv.org
System call filtering is a widely used security mechanism for protecting a
shared OS kernel against untrusted user applications. However, existing system
call filtering techniques either are too expensive due to the context switch
overhead imposed by userspace agents, or lack sufficient programmability to
express advanced policies. Seccomp, Linux's system call filtering module, is
widely used by modern container technologies, mobile apps, and system
management services. Despite the adoption of the classic BPF language (cBPF),
security policies in Seccomp are …
adoption advanced applications apps call container context ebpf express kernel linux management mobile mobile apps policies protecting seccomp security services switch system system management techniques technologies untrusted