Understanding the Security of Linux eBPF Subsystem

Simple item page
dc.contributor.authorNoor Mohamed, Mohamed Husainen
dc.contributor.authorWang, Xiaoguangen
dc.contributor.authorRavindran, Binoyen
dc.date.accessioned2023-09-05T13:40:02Zen
dc.date.available2023-09-05T13:40:02Zen
dc.date.issued2023-08-24en
dc.date.updated2023-09-01T07:49:41Zen
dc.description.abstractLinux eBPF allows a userspace application to execute code inside the Linux kernel without modifying the kernel code or inserting a kernel module. An in-kernel eBPF verifier preverifies any untrusted eBPF bytecode before running it in kernel context. Currently, users trust the verifier to block malicious bytecode from being executed. This paper studied the potential security issues from existing eBPF-related CVEs. Next, we present a generation-based eBPF fuzzer that generates syntactically and semantically valid eBPF programs to find bugs in the verifier component of the Linux kernel eBPF subsystem. The fuzzer extends the Linux Kernel Library (LKL) project to run multiple lightweight Linux instances simultaneously, with inputs from the automatically generated eBPF instruction sequences. Using this fuzzer, we can outperform the bpf-fuzzer [10] from the iovisor GitHub repository regarding fuzzing speed and the success rate of passing the eBPF verifier (valid generated code). We also found two existing ALU range-tracking bugs that appeared in an older Linux kernel (v5.10).en
dc.description.versionPublished versionen
dc.format.mimetypeapplication/pdfen
dc.identifier.doihttps://doi.org/10.1145/3609510.3609822en
dc.identifier.urihttp://hdl.handle.net/10919/116208en
dc.language.isoenen
dc.publisherACMen
dc.rightsCreative Commons Attribution 4.0 Internationalen
dc.rights.holderThe author(s)en
dc.rights.urihttp://creativecommons.org/licenses/by/4.0/en
dc.titleUnderstanding the Security of Linux eBPF Subsystemen
dc.typeArticle - Refereeden
dc.type.dcmitypeTexten

Files

Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
3609510.3609822.pdf
Size:
686.92 KB
Format:
Adobe Portable Document Format
Description:
Published version
Download
License bundle
Now showing 1 - 1 of 1
Name:
license.txt
Size:
0 B
Format:
Item-specific license agreed upon to submission
Description:
Download

Collections

Journal Articles, Association for Computing Machinery (ACM)
Scholarly Works, Electrical and Computer Engineering