EPF - Evil Packet Filter
Offered By: USENIX via YouTube
Course Description
Overview
Explore a cutting-edge security presentation from USENIX ATC '23 that delves into a novel method for bypassing kernel isolation techniques in Linux. Learn about EPF (Evil Packet Filter), which exploits the BPF infrastructure to mount privilege escalation attacks on both 32- and 64-bit x86 platforms. Discover two EPF instances, BPF-Reuse and BPF-ROP, and understand their implications for kernel security. Gain insights into the researchers' proposed defenses that enforce isolation between BPF instructions and benign kernel data, as well as maintain BPF program execution integrity. Understand how these protective measures effectively counter EPF-based attacks while incurring minimal overhead. This 20-minute talk by researchers from Brown University offers valuable knowledge for cybersecurity professionals, system administrators, and anyone interested in advanced OS kernel security strategies.
Syllabus
USENIX ATC '23 - EPF: Evil Packet Filter
Taught by
USENIX
Related Courses
Amazon DynamoDB - A Scalable, Predictably Performant, and Fully Managed NoSQL Database ServiceUSENIX via YouTube Faasm - Lightweight Isolation for Efficient Stateful Serverless Computing
USENIX via YouTube AC-Key - Adaptive Caching for LSM-based Key-Value Stores
USENIX via YouTube The Future of the Past - Challenges in Archival Storage
USENIX via YouTube A Decentralized Blockchain with High Throughput and Fast Confirmation
USENIX via YouTube