Tracing: The Bane of Security Folks - Understanding Kernel Tracing Techniques

Explore the complex relationship between tracing and security in this 34-minute conference talk by Steven Rostedt from VMware Inc. Delve into the conflicting goals of tracing and security in the Linux kernel, examining how tracing aims to provide maximum information while security strives to conceal it. Learn about the tactics employed by tracing mechanisms, including live text modification and call redirection, which mirror techniques used by rootkits. Gain insights into the challenges of balancing tracing functionality with security concerns, and understand why security professionals must be well-versed in tracing methodologies. Discover topics such as isolation, lockdown, function tracing, and FTrace, concluding with a Q&A session to address audience inquiries.

Intro
What is your goal
Isolation
Lockdown
Conflicting agendas
Security folks must know tracing
Live kernel patching
Function Tracing
Peters
FTrace
FTrace Direct
Conclusion
Questions