A Practical, Lightweight, and Flexible Confinement Framework in eBPF
Public Deposited- Resource Type
- Creator
- Abstract
In this thesis, we present the design and implementation of two novel confinement solutions based on eBPF, BPFBox and its successor, BPFContain. We discuss issues in the Linux confinement space that motivated the creation of BPFBox and BPFContain, discuss policy examples, and present the results of a performance evaluation and informal security analysis. Results from this research indicate that BPFBox and BPFContain incur modest overhead despite their increased flexibility over existing Linux security solutions. We also find that there may be significant opportunities to improve BPFBox and BPFContain and to introduce future security mechanisms based on eBPF.
- Subject
- Language
- Publisher
- Thesis Degree Level
- Thesis Degree Name
- Thesis Degree Discipline
- Identifier
- Rights Notes
Copyright © 2021 the author(s). Theses may be used for non-commercial research, educational, or related academic purposes only. Such uses include personal study, research, scholarship, and teaching. Theses may only be shared by linking to Carleton University Institutional Repository and no part may be used without proper attribution to the author. No part may be used for commercial purposes directly or indirectly via a for-profit platform; no adaptation or derivative works are permitted without consent from the copyright owner.
- Date Created
- 2021
Relations
- In Collection:
Items
Thumbnail | Title | Date Uploaded | Visibility | Actions |
---|---|---|---|---|
findlay-apracticallightweightandflexibleconfinement.pdf | 2023-05-05 | Public | Download |