NOTE: The event will be held in Central Daylight Time (CDT), UTC -5.

View More Details for Open Source Summit + Embedded Linux Conference North America 2020
Registration Information.
Back To Schedule
Wednesday, July 1 • 12:55pm - 1:40pm
KRSI (BPF + LSM) - Updates and Progress - KP Singh, Google

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Kernel Runtime Security Instrumentation (KRSI) aims to provide an extensible LSM by allowing privileged users to attach eBPF programs to security hooks to dynamically implement MAC and Audit Policies.

KRSI was introduced in LSS-US 2019 and after an initial overhaul with BTF was presented again in LSS-Europe. It has since then had multiple interesting updates and triggered some meaningful discussions. The talk provides an update on:
  • Progress in the mainline kernel and the ongoing discussions.
  • New infrastructure merged into BPF to support the BPF LSM use-case.
  • Some optimizations that can improve the performance characteristics of the currently existing LSM framework which would not only benefit KRSI but also all other LSMs.

The talk showcases how the design has evolved over time and what trade-offs were considered and what's upcoming after the initial patches are merged.

avatar for KP Singh

KP Singh

Staff Software Engineer, Google
KP Singh is the author and maintainer of the mainline eBPF LSM (a.k.a KRSI) for flexible security audit and policy enforcement on Linux. At Google, he leads the effort to build telemetry and detection software deployed on Google's corp, prod and cloud endpoints spanning different... Read More →

Wednesday July 1, 2020 12:55pm - 1:40pm CDT
Linux Security Summit Theater