eBPF really has a ton of potential and it's really powerful because you can access directly (almost) any code within the Linux kernel. It's insane that this technology has been in the Linux kernel starting from 1990s and still is not really commonly used. I'm a last year CS student and with one of my friend we are making a senior project this year that is a metrics collecting and monitoring program which displays all network packet details and all syscalls within a computer by using eBPF. I'm really happy to see eBPF getting known by more people and I think we will see that this technology will be commonly used within next years.
BPF has been there for a long time. eBPF is fairly new and in many ways different than the original BPF. In many ways, eBPF was designed from the ground up. So one should not be confused with the other
This is very useful because in Brazil hacking is not crime (since you dont roube any money) but if someone roube is really dificult to get the hacker, you face answer like 'don't have technology' etc... Then this kind of service is really helpful there to fell protected
I just want to have a screen dedicated to it (like the operators in the movie matrix see those screens with the green code) and have it just trace everything and flow (probably either by logging that if possible or screen capture it using a device between the pc and that monitor to capture the monitor on a SD) so that every time my system freezes or does something unexpected I can see what was going on/ what caused it, can you make a video about that?
"These verification steps ensure the program does not crash, harm the system, and always runs to completion" yeah, color me skeptical, since to do that you would literally have to solve the solve the halting problem which is provably not possible.
@@kaltwarraith5172 so, the halting problem only states that you can’t separate programs into stopping and non stopping, (in a generic fashion), not that you can’t decide if a particular program will stop or not. that is done with the help of variants, which are used in formal verification
@@leeroyjenkins0 certainly, and if you need to implement regex, some kind of non recursive grammar, or even a number of other boilerplate type of filter, i am sure it can be useful. What I am pointing out is that the video makes it seem like this is a robust alternative to dkms, and that it is secure because of the extra static analysis that it does. Those things can not both be true. Either it is more niche in terms of what it can support than he is letting on, or it is not as secure as he makes it seem
To be honest, SECCOP uses a very small C subset. It doesn't allow for example loops which are very difficult to formal verification. And yeah, the verifier uses formal verification, so it changes the code to logical statements and verify them. It is not a simple process (I don't fully understand either), but you can check their paper on this (google SECCOMP verifier logic)
The kernel first runs a verifier to make sure the programs finished and doesn't do anything weird. This verifier even uses formal verification, which is pretty solid. However there was 1 researcher that managed to tigger read and write on kernel. And others share the same worry, so you can disable unprivileged SECCOMP.
Finally, Grant. Please more deep topics like this. I can’t hear anymore about most secure VPN, etc. Thank you!
eBPF really has a ton of potential and it's really powerful because you can access directly (almost) any code within the Linux kernel. It's insane that this technology has been in the Linux kernel starting from 1990s and still is not really commonly used. I'm a last year CS student and with one of my friend we are making a senior project this year that is a metrics collecting and monitoring program which displays all network packet details and all syscalls within a computer by using eBPF. I'm really happy to see eBPF getting known by more people and I think we will see that this technology will be commonly used within next years.
BPF has been there for a long time. eBPF is fairly new and in many ways different than the original BPF. In many ways, eBPF was designed from the ground up. So one should not be confused with the other
Tbh, not even my Masters advisor who solely works with Linux knew about SECCOMP/cBPF
Great video, also pretty relevant with the recent crowdstrike incident
Into the eBPF content!
goat
Great Job!
Really nice👍
This is very useful because in Brazil hacking is not crime (since you dont roube any money) but if someone roube is really dificult to get the hacker, you face answer like 'don't have technology' etc... Then this kind of service is really helpful there to fell protected
What software do you use to make your videos?
I just want to have a screen dedicated to it (like the operators in the movie matrix see those screens with the green code) and have it just trace everything and flow (probably either by logging that if possible or screen capture it using a device between the pc and that monitor to capture the monitor on a SD) so that every time my system freezes or does something unexpected I can see what was going on/ what caused it, can you make a video about that?
What anti-virus do you use in your windows system?
how do you replace a battery in a smoke alarm in ash-pile which was your home?
bro got that anime eyes 💀
"These verification steps ensure the program does not crash, harm the system, and always runs to completion" yeah, color me skeptical, since to do that you would literally have to solve the solve the halting problem which is provably not possible.
It would be best to look into the concept of variants :)
@@carlospinto7690 got anything less cryptic?
@@kaltwarraith5172 so, the halting problem only states that you can’t separate programs into stopping and non stopping, (in a generic fashion), not that you can’t decide if a particular program will stop or not. that is done with the help of variants, which are used in formal verification
@@leeroyjenkins0 certainly, and if you need to implement regex, some kind of non recursive grammar, or even a number of other boilerplate type of filter, i am sure it can be useful. What I am pointing out is that the video makes it seem like this is a robust alternative to dkms, and that it is secure because of the extra static analysis that it does. Those things can not both be true. Either it is more niche in terms of what it can support than he is letting on, or it is not as secure as he makes it seem
To be honest, SECCOP uses a very small C subset. It doesn't allow for example loops which are very difficult to formal verification.
And yeah, the verifier uses formal verification, so it changes the code to logical statements and verify them. It is not a simple process (I don't fully understand either), but you can check their paper on this (google SECCOMP verifier logic)
"allows users or programs to execute custom bytecode within the Linux kernel" - sounds like the next 20 years of security vulnerabilities :)
The kernel first runs a verifier to make sure the programs finished and doesn't do anything weird. This verifier even uses formal verification, which is pretty solid.
However there was 1 researcher that managed to tigger read and write on kernel.
And others share the same worry, so you can disable unprivileged SECCOMP.
Hi
Hello 👋
Literally ZERO malware analysis takes place in this video.
Very basic intro to eBPF though.
hey buddy you look cool in beard && 👍👍👍👍👍👍👍👍💻💻💻💻🖥🖥🖥🖥👌👌👌👌👌👌💖💖💖💖💖💖