Results 11 to 20 of about 605 (159)

Comparing Security in eBPF and WebAssembly [PDF]

Proceedings of the 1st Workshop on eBPF and Kernel Extensions, 2023
This paper examines the security of eBPF and WebAssembly (Wasm), two technologies that have gained widespread adoption in recent years, despite being designed for very different use cases and environments. While eBPF is a technology primarily used within operating system kernels such as Linux, Wasm is a binary instruction format designed for a stack ...
Jules Dejaeghere, Bolaji Gbadamosi, Tobias Pulls, Florentin Rochet   +3 more
openaire   +4 more sources

Understanding the Security of Linux eBPF Subsystem

Proceedings of the 14th ACM SIGOPS Asia-Pacific Workshop on Systems, 2023
Published ...
Mohamed Husain Noor Mohamed, Xiaoguang Wang 0003, Binoy Ravindran   +2 more
openaire   +3 more sources

RingGuard: Guard io_uring with eBPF

Proceedings of the 1st Workshop on eBPF and Kernel Extensions, 2023
Io-uring offers a flexible yet efficient asynchronous I/O paradigm for Linux. Despite a significant performance improvement, it also brings many security concerns to the kernel.
Wanning He, Hongyi Lu, Fengwei Zhang, Shuai Wang 0011   +3 more
openaire   +2 more sources

Honey for the Ice Bear - Dynamic eBPF in P4

Proceedings of the SIGCOMM Workshop on eBPF and Kernel Extensions
Software updates typically require system reboots, leading to service downtimes. We aim to solve this problem for network components allowing updates while avoiding service degradation. In this paper, we explore the integration of eBPF into the P4 pipeline for efficient packet processing. This way, we combine the flexibility and dynamic adaptability of
Simon, Manuel, Stubbe, Henning, Gallenmüller, Sebastian, Carle, Georg   +3 more
openaire   +3 more sources

Survey on the scheme evaluation, opportunities and challenges of software defined‐information centric network

IET Communications, Volume 17, Issue 20, Page 2237-2274, December 2023., 2023
This paper adequately summarizes and systematically classifies the studies related to the SD‐ICN network, which provides a forward‐looking review and development direction for scholars and engineers. Abstract As a promising architecture of next‐generation network, software defined‐information centric network (SD‐ICN) inherits the advantages of software
Zhengyang Ai, Ming Zhang, Weiting Zhang, Jiawen Kang, Lingling Tong, Yunqiang Duan   +5 more
wiley   +1 more source

BRF: eBPF Runtime Fuzzer

CoRR, 2023
The eBPF technology in the Linux kernel has been widely adopted for different applications, such as networking, tracing, and security, thanks to the programmability it provides. By allowing user-supplied eBPF programs to be executed directly in the kernel, it greatly increases the flexibility and efficiency of deploying customized logic.
Hsin-Wei Hung, Ardalan Amiri Sani
openaire   +2 more sources

Photonic‐assisted one‐third microwave frequency divider

Electronics Letters, Volume 58, Issue 16, Page 627-629, August 2022., 2022
Abstract A microwave photonic frequency divider to produce a frequency‐divided microwave signal with its frequency that is one‐third the frequency of the input microwave signal is proposed and experimentally demonstrated. The key novelty of the approach is that the phase control, a condition to realise the frequency division operation, is implemented ...
Yu Zhang, Ruiqi Zheng, Erwin Hoi Wing Chan, Xudong Wang, Xinhuan Feng, Bai‐Ou Guan, Jianping Yao   +6 more
wiley   +1 more source

Practical and Flexible Kernel CFI Enforcement using eBPF

, 2023
Enforcing control flow integrity (CFI) in the kernel (kCFI) can prevent control-flow hijack attacks. Unfortunately, current kCFI approaches have high overhead or are inflexible and cannot support complex context-sensitive policies.
Williams, Dan, Jia, Jinghao, Jamjoom, Hani, Le, Michael V., Ahmed, Salman   +4 more
core   +1 more source

Programmable System Call Security with eBPF

CoRR, 2023
System call filtering is a widely used security mechanism for protecting a shared OS kernel against untrusted user applications. However, existing system call filtering techniques either are too expensive due to the context switch overhead imposed by userspace agents, or lack sufficient programmability to express advanced policies.
Jinghao Jia, YiFei Zhu, Dan Williams 0001, Andrea Arcangeli, Claudio Canella, Hubertus Franke, Tobin Feldman-Fitzthum, Dimitrios Skarlatos 0002, Daniel Gruss, Tianyin Xu   +9 more
openaire   +2 more sources

Accelerating Linux Security with eBPF iptables [PDF]

Proceedings of the ACM SIGCOMM 2018 Conference on Posters and Demos, 2018
Nowadays, the traditional security features of a Linux system are centered in iptables, which has been the most used packet filtering mechanism in the Linux kernel for almost 20+ years. However the increase in network speed and the transformation of the type of applications running in a Linuz server has led to the consciousness that the current ...
Matteo Bertrone, Sebastiano Miano, Fulvio Risso, Massimo Tumolo   +3 more
openaire   +4 more sources