Exploring Static and Dynamic Safety for Safe, Expressive, and Fast Kernel Extensions
| dc.contributor.author | Lukiyanov, Egor Maximovich | en |
| dc.contributor.committeechair | Williams, Daniel John | en |
| dc.contributor.committeemember | Butt, Ali | en |
| dc.contributor.committeemember | Back, Godmar Volker | en |
| dc.contributor.department | Computer Science and#38; Applications | en |
| dc.date.accessioned | 2026-06-12T08:03:24Z | en |
| dc.date.available | 2026-06-12T08:03:24Z | en |
| dc.date.issued | 2026-06-11 | en |
| dc.description.abstract | Kernel extensions allow for flexibility in operating systems. The expressiveness of extensions that can be written is limited by requirements of safety and performance. In eBPF, a Linux kernel extension framework, an in-kernel verifier statically upholds extension safety, while a dynamically checked kernel interface enables expressiveness otherwise prohibited by the verifier. In this work, we explore the benefits and limitations of this hybrid safety model. We find that the eBPF interface has gaps in its safety and a lack of expressiveness. To address these limitations, we introduce termination to eBPF to guarantee a bound on program runtime safety, and we identify a fundamental language-verifier gap which compromises eBPF expressiveness. We evaluate the proposed termination mechanism and Rex's approach to closing the language-verifier gap, finding that both reflect different tradeoffs in safety, performance, and expressiveness while improving over the original eBPF framework. | en |
| dc.description.abstractgeneral | Operating systems manage computer resources such as memory, processors and storage. In server production environments, customizing the operating system is important for performance and observability. Kernel extensions allow dynamic customization of the operating system without needing to modify its code and restarting the system. Critically, systems such as eBPF, a Linux kernel extension framework, guarantee a dynamically loaded extensions cannot crash the operating system and will not slow won the machine. However, in this work we find that the eBPF interface has gaps in its safety and a lack of expressiveness. To address these problems, we explore two alternative designs. The first adds a termination mechanism to eBPF, which can stop programs that run for too long and guarantee their runtime safety. The second identifies a fundamental language-verifier gap in eBPF and shows how this gap limits expressiveness in the eBPF framework. The results have contributed to Rex, a larger project on Rust-based kernel extensions. We evaluate the proposed termination mechanism and Rex's approach to closing the language-verifier gap, finding that both reflect different tradeoffs among safety, performance, and expressiveness while improving over the original eBPF framework. | en |
| dc.description.degree | Master of Science | en |
| dc.format.medium | ETD | en |
| dc.identifier.other | vt_gsexam:47336 | en |
| dc.identifier.uri | https://hdl.handle.net/10919/143376 | en |
| dc.language.iso | en | en |
| dc.publisher | Virginia Tech | en |
| dc.rights | Creative Commons Attribution 4.0 International | en |
| dc.rights.uri | http://creativecommons.org/licenses/by/4.0/ | en |
| dc.subject | eBPF | en |
| dc.subject | Linux | en |
| dc.subject | Kernel Extensions | en |
| dc.subject | Expressiveness | en |
| dc.subject | Termination | en |
| dc.title | Exploring Static and Dynamic Safety for Safe, Expressive, and Fast Kernel Extensions | en |
| dc.type | Thesis | en |
| thesis.degree.discipline | Computer Science & Applications | en |
| thesis.degree.grantor | Virginia Polytechnic Institute and State University | en |
| thesis.degree.level | masters | en |
| thesis.degree.name | Master of Science | en |
Files
Original bundle
1 - 1 of 1