January 1, 2022, marked the official start of a new three-year research collaboration between Red Hat Research and Karlstad University around eBPF and security in the Linux kernel. eBPF is a technology that supports running sandboxed code in the running Linux kernel without having to change the source code of the kernel itself. PhD student Bolaji Gbadamosi will be working on this project with joint supervision from Red Hat and from Karlstad University’s Dr. Per Hurtig and Dr. Tobias Pulls.
With the introduction of eBPF into the Linux kernel, we are seeing a sea change in the traditional application model. With eBPF, it is now possible to execute parts of the application logic in kernel space, leading to a novel hybrid userspace/ kernel model. This is an exciting development that brings with it many opportunities but also some challenges, especially in the area of security.
The goal of the new project is to assess the various security issues that arise with eBPF technology, as well as possible mitigations for any issues identified. Possible topics for exploration include resource allocation and constraints, memory safety, eBPF in safety-critical applications, and using cryptographic signatures for eBPF programs. These topics are likely to evolve as the work continues.
The project builds on the existing research collaboration between Red Hat and Karlstad University around the topic of programmable networking using eBPF. The research team seeks to draw on both Red Hat’s expertise in Linux kernel and eBPF development and Karlstad University’s expertise in academic security research. Project results will be available as open access, open source software, and open data, so stay tuned for more news to come.