Preventing Unintended Data Access: Information Flow Control in eBPF
Files
TR Number
Date
2025-04-14
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Virginia Tech
Abstract
We: 1) Identify the balance between allowing access to sensitive data and preventing leakages in kernel extensions. 2) Design techniques to assign sensitivity labels and policies to inputs/outputs of kernel extensions, propagating them during execution. 3) Implement a system that distinguishes between safe and malicious kernel extensions that access sensitive data.
Description
Keywords
Computer Science