Enabling eBPF on Embedded Systems Through Decoupled Verification

Simple item page
dc.contributor.authorCraun, Miloen
dc.contributor.authorOswald, Adamen
dc.contributor.authorWilliams, Danen
dc.date.accessioned2023-10-02T14:53:57Zen
dc.date.available2023-10-02T14:53:57Zen
dc.date.issued2023-09-10en
dc.date.updated2023-10-01T07:51:42Zen
dc.description.abstracteBPF (Extended Berkeley Packet Filter) is a Linux kernel subsystem that aims to allow developers to write safe and efficient kernel extensions by employing an in-kernel verifier and just-in-time compiler (JIT). We find that verification is prohibitively expensive for resource-constrained embedded systems. To solve this we describe a system that allows for verification to occur outside of the embedded kernel and before BPF program load time. The in-kernel verifier and JIT are coupled so they must be decoupled together. A designated verifier kernel accepts a BPF program, then verifies, compiles, and signs a native precompiled executable. The executable can then be loaded onto an embedded device without needing the verifier and JIT on the embedded device. Decoupling verification and JIT from load-time opens the door to much more than running BPF programs on embedded devices. It allows larger and more expressive BPF programs to be verified, provides a way for new approaches to verification to be used without extensive kernel modification and creates the possibility for BPF program verification as a service.en
dc.description.versionPublished versionen
dc.format.mimetypeapplication/pdfen
dc.identifier.doihttps://doi.org/10.1145/3609021.3609299en
dc.identifier.urihttp://hdl.handle.net/10919/116401en
dc.language.isoenen
dc.publisherACMen
dc.rightsCreative Commons Attribution 4.0 Internationalen
dc.rights.holderThe author(s)en
dc.rights.urihttp://creativecommons.org/licenses/by/4.0/en
dc.titleEnabling eBPF on Embedded Systems Through Decoupled Verificationen
dc.typeArticle - Refereeden
dc.type.dcmitypeTexten

Files

Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
3609021.3609299.pdf
Size:
4.45 MB
Format:
Adobe Portable Document Format
Description:
Published version
Download
License bundle
Now showing 1 - 1 of 1
Name:
license.txt
Size:
0 B
Format:
Item-specific license agreed upon to submission
Description:
Download

Collections

Journal Articles, Association for Computing Machinery (ACM)
Scholarly Works, Computer Science