BPFflow - Preventing information leaks from eBPF

dc.contributor.authorDimobi, Chinecheremen
dc.contributor.authorTiwari, Rahulen
dc.contributor.authorJi, Zhengjieen
dc.contributor.authorWilliams, Danen
dc.date.accessioned2025-10-01T17:55:38Zen
dc.date.available2025-10-01T17:55:38Zen
dc.date.issued2025-09-08en
dc.date.updated2025-10-01T07:46:23Zen
dc.description.abstracteBPF has seen major industry adoption by enterprises to enhance observability, tracing, and monitoring by hooking at different points in the kernel. However, since the kernel is a critical resource, eBPF can also pose as a threat if misused, potentially leading to privilege escalation, information leaks and more. While effective to some extent, existing mitigation strategies like interface filtering are coarse-grained and often over-restrictive. We propose BPFflow, a flexible framework for the system administrator to define policies that specify sensitive data sources, trusted sinks and permitted flows between them. These policies are enforced by an Information Flow Control (IFC) system within the eBPF verifier to track the propagation of sensitive data to prevent unauthorized leakage to userspace or any other untrusted sinks without any runtime overhead.en
dc.description.versionPublished versionen
dc.format.mimetypeapplication/pdfen
dc.identifier.doihttps://doi.org/10.1145/3748355.3748374en
dc.identifier.urihttps://hdl.handle.net/10919/137880en
dc.language.isoenen
dc.publisherACMen
dc.rightsCreative Commons Attribution 4.0 Internationalen
dc.rights.holderThe author(s)en
dc.rights.urihttp://creativecommons.org/licenses/by/4.0/en
dc.titleBPFflow - Preventing information leaks from eBPFen
dc.typeArticle - Refereeden
dc.type.dcmitypeTexten

Files

Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
3748355.3748374.pdf
Size:
550.36 KB
Format:
Adobe Portable Document Format
Description:
Published version
License bundle
Now showing 1 - 1 of 1
Name:
license.txt
Size:
1.5 KB
Format:
Item-specific license agreed upon to submission
Description: