Projects per year
Abstract
This paper examines the security of eBPF and WebAssembly (Wasm), two technologies that have gained widespread adoption in recent years, despite being designed for very different use cases and environments. While eBPF is a technology primarily used within operating system kernels such as Linux, Wasm is a binary instruction format designed for a stack-based virtual machine with use cases extending beyond the web. Recognizing the growth and expanding ambitions of eBPF, Wasm may provide instructive insights, given its design around securely executing arbitrary untrusted programs in complex and hostile environments such as web browsers and clouds. We analyze the security goals, community evolution, memory models, and execution models of both technologies, and conduct a comparative security assessment, exploring memory safety, control flow integrity, API access, and side-channels. Our results show that eBPF has a history of focusing on performance first and security second, while Wasm puts more emphasis on security at the cost of some runtime overheads. Considering language-based restrictions for eBPF and a security model for API access are fruitful directions for future work.
Original language | English |
---|---|
Title of host publication | eBPF 2023 - Proceedings of the ACM SIGCOMM 2023 Workshop on eBPF and Kernel Extensions |
Place of Publication | New York, NY, USA |
Publisher | ACM Press |
Pages | 35–41 |
Number of pages | 7 |
ISBN (Electronic) | 9798400702938 |
ISBN (Print) | 9798400702938 |
DOIs | |
Publication status | Published - 10 Sept 2023 |
Publication series
Name | eBPF 2023 - Proceedings of the ACM SIGCOMM 2023 Workshop on eBPF and Kernel Extensions |
---|
Keywords
- eBPF
- WebAssembly
- Security Comparison
- Threat Model
- Memory Safety
- Control Flow Integrity
- API Access
- Side-channels
- webassembly
- API access
- threat model
- side-channels
- memory safety
- control flow integrity
- security comparison
Fingerprint
Dive into the research topics of 'Comparing Security in eBPF and WebAssembly'. Together they form a unique fingerprint.Projects
- 1 Active
-
CYBEREXCELLENCE: The project of excellence in cyber security within the framework of the plan of the Walloon Region (CyberWal)
Colin, J.-N. (PI), Schobbens, P. Y. (CoI), Dejaeghere, J. (Researcher), Devroey, X. (CoI), Nguyen, G. (Researcher), Rochet, F. (CoI), Schumacher, L. (CoI), Knockaert, M. (Researcher), Jacquet, J.-M. (CoI), Linden, I. (PI), Elkoulak, H. (Researcher), Poeng, K. (Researcher), Ouardi, D. (Researcher), Goffaux, L. (Researcher) & Barkallah, M. (Researcher)
1/01/22 → 31/12/27
Project: Research
Activities
- 1 Participation in workshop, seminar, course
-
1st Workshop on eBPF and Kernel Extensions
Dejaeghere, J. (Speaker)
10 Sept 2023Activity: Participating in or organising an event types › Participation in workshop, seminar, course