Brussels / 1 & 2 February 2020

schedule

Kernel Runtime Security Instrumentation

LSM+BPF=KRSI


KRSI (Kernel Runtime Security Instrumentation) is an ongoing effort at Google to upstream an LSM (Linux Security Module) instrumentable using eBPF (extended Berkeley Packet Filter) to the Linux kernel.

KRSI allows system owners to dynamically attach eBPF programs to security hooks and write MAC and audit policies without having to reboot or patch the kernel thereby enabling a new class of system security and auditing software.

This talk presents the main concepts behind KRSI: it introduces the technologies leveraged and presents the API exposed to users.

Speakers

Photo of Florent Revest Florent Revest

Links