conferences | speakers | series

Kernel Runtime Security Instrumentation

home

Kernel Runtime Security Instrumentation
FOSDEM 2020

KRSI (Kernel Runtime Security Instrumentation) is an ongoing effort at Google to upstream an LSM (Linux Security Module) instrumentable using eBPF (extended Berkeley Packet Filter) to the Linux kernel.

KRSI allows system owners to dynamically attach eBPF programs to security hooks and write MAC and audit policies without having to reboot or patch the kernel thereby enabling a new class of system security and auditing software.

This talk presents the main concepts behind KRSI: it introduces the technologies leveraged and presents the API exposed to users.

Speakers: Florent Revest