bpfbox

Findlay, William; Somayaji, Anil; Barrera, David

doi:10.1145/3411495.3421358

Search citation statements

Order By: Relevance

Paper Sections

Select...

Ebpf1

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2021

2024

Publication Types

Select...

Other5

Article1

Relationship

Self Cite0

Independent6

Authors

Journals

Cited by 11 publications

(1 citation statement)

References 6 publications

(7 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Researcher and developers have proposed and produced a wide range of innovative solutions based on eBPF. Examples include a sandboxing facility for containers [26],…”

Section: Ebpfmentioning

confidence: 99%

A System for Bounding the Execution Cost of Web Assembly Functions

Shortt¹

View full text Add to dashboard Cite

show abstract

“…Researcher and developers have proposed and produced a wide range of innovative solutions based on eBPF. Examples include a sandboxing facility for containers [26],…”

Section: Ebpfmentioning

confidence: 99%

A System for Bounding the Execution Cost of Web Assembly Functions

Shortt¹

View full text Add to dashboard Cite

show abstract

Zeta: Transparent Zero-Trust Security Add-on for RDMA

Chang,

Mukherjee

2024

IEEE INFOCOM 2024 - IEEE Conference on Computer Communications

View full text Add to dashboard Cite

Drootkit: Kernel-Level Rootkit Detection and Recovery Based on eBPF

hu,

Huang,

Xue

et al. 2023

J CIRCUIT SYST COMP

View full text Add to dashboard Cite

The concealment of rootkits makes them a significant security threat. Kernel-level rootkits can be extremely dangerous as they have high system privileges. A typical type of kernel-level rootkits is to hook system calls which are essential for overall system functionality. This paper presents drootkit, a tool to detect kernel-level rootkits that hook system calls. Additionally, drootkit can recover damaged systems. This tool utilizes eBPF technology, ensuring both flexibility and security. When installing new kernel modules, the virtual address range of the initial kernel code will not be affected. In light of this, drootkit conducts bounds checking on all system calls within the system. In the case of system calls being hooked, drootkit can detect and recover them while issuing warning messages. For testing purposes, this paper also implements a malicious kernel module that can hook system calls and run on the arm64 platform. We have conducted an experiment that confirms drootkit’s capability to detect rootkits while also effectively restoring the system. Moreover, drootkit has very low system overhead and does not significantly affect system performance, making it a reliable choice for a backend program that can run for an extended period of time.

show abstract

bpfbox

Cited by 11 publications

References 6 publications

A System for Bounding the Execution Cost of Web Assembly Functions

A System for Bounding the Execution Cost of Web Assembly Functions

Zeta: Transparent Zero-Trust Security Add-on for RDMA

Drootkit: Kernel-Level Rootkit Detection and Recovery Based on eBPF

Contact Info

Product

Resources

About