BPF_LSM and fsverity for Binary Authorization
Offered By: Linux Plumbers Conference via YouTube
Course Description
Overview
Explore a flexible and low-overhead solution for binary authorization using BPF_LSM and fsverity in this Linux Plumbers Conference talk. Learn about a security approach that allows only securely authorized binaries to perform risky operations, such as binding specific ports or writing to critical raw block devices. Discover how this method combines fs-verity for file integrity checksums, a secure binary signing service, xattrs for storing fs-verity root hash signatures, and BPF_LSM for enforcing access control. Understand the design components, including the user space daemon for managing keyrings and BPF_LSM programs. Gain insights into the required kernel work, including new kfuncs like bpf_fsverity_get_digest() and bpf_vfs_getxattr(). Hear about the upcoming patchset and proof of concept for this innovative security solution that aims to provide fine-grained control with minimal overhead.
Syllabus
BPF_LSM + fsverity for Binary Authorization - Song Liu, Boris Burkov
Taught by
Linux Plumbers Conference
Related Courses
Cybersecurity and Its Ten DomainsUniversity System of Georgia via Coursera Bases de données relationnelles : Comprendre pour maîtriser
Inria (French Institute for Research in Computer Science and Automation) via France Université Numerique Desarrollo de Aplicaciones Web: Seguridad
University of New Mexico via Coursera Web Application Development: Security
University of New Mexico via Coursera Computing, Storage and Security with Google Cloud Platform
Google via Coursera