Speakers
Avery Blanchard
(Duke University)
George Almasi
(IBM)
Description
The Linux kernel uses non-repudiable logging to attest to system integrity. Non-repudiation ensures that the validity of the log cannot be disputed, even in the presence of an untrusted actor. We present an extensible interface for user-defined programs to leverage TPM-based non-repudiable logging of any kernel data accessible to eBPF programs. With the large variety eBPF hook locations, our approach allows system integrity to be verified with greater granularity than previously possible. We have used this technique to measure and store container image digests when they are run to verify and attest container integrity. The variety of use cases present an exciting future for eBPF in security and trust.
Primary author
Avery Blanchard
(Duke University)
