logo
Dates

Author


Conferences

Tags

Sort by:  

Conference:  Black Hat Asia 2023
Authors: Simon Scannell, Valentina Palmiotti, Juan José López Jaimez
2023-05-11

Extended Berkeley Packet Filter (eBPF) is a technology that provides capabilities to programmers seeking to make use of kernel layer performance and functionality. Fundamentally, eBPF allows users to load programs into kernel space and attach them to hook points. This allows for loading kernel code at runtime without needing to modify the kernel source code itself or develop a kernel module. eBPF programs are written in a high-level language and then compiled into assembly-like bytecode. At load time, the bytecode is JIT-compiled into the native architecture which allows for the program to be kernel and architecture-independent. The instruction set is minimal but allows programmers to call outside kernel functions, read and store data in various data structures and perform pointer arithmetic and operations.Programs that run in the kernel must be carefully analyzed to ensure that these programs follow rules to guarantee the integrity and security of the kernel running the program. A single code flaw in any of the components involved in program parsing, analysis, optimization, and compilation may lead to a compromise of the kernel running an eBPF implementation.As eBPF becomes more prevalent, the goal of our talk is to share the history of eBPF vulnerabilities, bug classes, mitigations and provide an outlook for the future. We will also share our insights into automated vulnerability discovery. We will introduce listeners to advanced concepts of structured fuzzing such as designing and implementing an Intermediate Language. We will also discuss identifying roadblocks such as bug detection and give practical examples of how to overcome them. This will enable anyone to apply these concepts to their own fuzzing campaigns. The source code of our fuzzer will also be made available.
Authors: Raymond de Jong, Anna Kapuścińska
2023-04-21

tldr - powered by Generative AI

The presentation discusses the challenges of observability and security in distributed systems and how psyllium and Hubble can address these challenges.
  • Psyllium and Hubble can provide observability and security in distributed systems
  • Existing mechanisms such as traditional monitoring devices and VPC logs fall short in providing context and scalability
  • Psyllium uses identity-based observability and security based on labels to secure and monitor traffic
  • Hubble provides a surface mesh solution for monitoring workflows and exporting flows to other platforms
  • Ready-to-use dashboards are available in Grafana marketplace for monitoring cluster and application performance
Authors: Natalia Reka Ivanko, John Fastabend
2023-04-21

tldr - powered by Generative AI

The presentation discusses the implementation of encryption policies and observability in real-time with limited CPU and memory usage using the Tetragon framework.
  • The speaker wants to implement encryption policies and ensure observability in real-time with limited CPU and memory usage.
  • The Tetragon framework provides a way to hook into the kernel and filter data before aggregating it for export.
  • The framework allows for tracing of every process that runs in the system and provides a unique ID for each executable.
  • The unique ID and timestamp can be used to build a time series database for analysis.
  • Policies can be packaged with images and applied automatically upon deployment.
Authors: Sanjeev Rampal, Donald Hunter
2023-04-20

tldr - powered by Generative AI

The presentation provides guidelines for dev and ops teams to build and deploy production-ready cloud-native applications that use eBPF technology.
  • eBPF technologies are rapidly gaining use within the cloud-native technology stack
  • The presentation focuses on providing guidelines for building production-ready cloud-native eBPF software projects
  • The presentation covers available programming models, tool chains, understanding portability and maintainability, and designing for operational requirements
  • The presentation provides demos and code walkthroughs of sample eBPF programs that illustrate the use of best practice recommendations
  • The presentation also discusses challenges and solutions for using BPF programs in a Kubernetes environment
Authors: Natalie Serrino, Frederic Branczyk
2023-04-19

tldr - powered by Generative AI

The presentation discusses the use of BPF (Berkeley Packet Filter) in cybersecurity and DevOps, highlighting its benefits and future potential.
  • BPF is a powerful tool for network analysis, security, and observability in production environments.
  • BPF allows for zero-instrumentation profiling of entire production clusters.
  • BPF has some limitations, including performance issues and difficulty in interpreting raw data.
  • Future developments in BPF may address these limitations, including increased support for programming languages and improved interpretability through machine learning.
Authors: Zahari Dichev
2023-04-19

tldr - powered by Generative AI

The speaker argues that the sidecar model is the right model for the service mesh and provides advantages in resource consumption, maintenance, and security. They also suggest exploring the use of ebpf in cloud native networking.
  • Sidecars have advantages in resource consumption, maintenance, and security compared to multi-tenant proxies
  • Popular beliefs about sidecars wasting resources and introducing extra latency are not entirely true
  • The speaker suggests exploring the use of ebpf in cloud native networking
Authors: Jose Donizetti
2023-04-19

tldr - powered by Generative AI

The presentation discusses the use of Tracy, a tool for tracing and profiling software executions, to detect and prevent supply chain attacks in DevOps workflows.
  • Tracy is a tool for tracing and profiling software executions in DevOps workflows
  • The tool can be used to detect and prevent supply chain attacks
  • Tracy uses denial and allow lists to identify good and bad activity
  • The tool extends profiles to include user ID, arguments, and environment variables
  • Tracy can ignore certain system and environment variables to ensure consistency
  • The tool uses syscall to collect information on executed binaries
  • An anecdote is provided to illustrate how Tracy can detect a supply chain attack
Authors: Huamin Chen, Chen Wang
2022-10-27

tldr - powered by Generative AI

The presentation discusses the use of cloud-native patterns to improve cloud efficiency in sustainable architecture, with a focus on Project Kepler and its integration with Kubernetes ecosystems.
  • Cloud-native sustainability infrastructure can improve cloud efficiency in sustainable architecture
  • Project Kepler uses eBPF programs and system libraries to measure energy, performance, and resource usage
  • Kepler enables energy-relevant observability and sustainable management on clusters
  • Kepler can be used for research topics like energy-efficient workload scheduling and energy-aware autoscaling
  • The presentation includes a case study of a Kepler integration for building an advanced vertical autoscaler to improve energy performance objectives of Kubernetes applications
Authors: Daniel Borkmann, Nikolay Aleksandrov
2022-10-27

tldr - powered by Generative AI

The talk is about the possibility of IPv6-only clusters addressing scale and performance requirements in data center networks.
  • Psyllium experiment started in 2016 with IPv6-only container networking using EBPF and XDP
  • IPv6 adoption has progressed in Kubernetes and hyperscale environments
  • IPv6 offers more IPAM flexibility and larger cluster scale
  • IPv6-only clusters unlock new Linux kernel innovations in networking and EBPF for data intensive workloads
  • Cilium's networking data plane enables a low-latency architecture suitable for BIG TCP-based workloads requiring IPv6 for 100Gbit/s transfers and beyond for a single socket
  • Cilium developed a new veth driver replacement for the kernel to achieve host networking performance characteristics for Pods
  • With the resulting EBPF forwarding architecture, most unneeded parts of the stack are bypassed, drastically improving networking
Authors: Barun Acharya
2022-10-26

tldr - powered by Generative AI

Cube armor is a cloud native runtime security enforcement system that provides fine-grained access control on container entities, with a declarative way to manage policies for access control, inline policy enforcement, and Telemetry data with context.
  • Cube armor provides fine-grained access control on container entities
  • Cube armor offers a declarative way to manage policies for access control
  • Cube armor has inline policy enforcement
  • Cube armor provides Telemetry data with context