Comparing Security in eBPF and WebAssembly

Jules Dejaeghere, Bolaji Gbadamosi, Tobias Pulls, Florentin Rochet

Research output: Contribution in Book/Catalog/Report/Conference proceedingConference contribution

438 Downloads (Pure)

Abstract

This paper examines the security of eBPF and WebAssembly (Wasm), two technologies that have gained widespread adoption in recent years, despite being designed for very different use cases and environments. While eBPF is a technology primarily used within operating system kernels such as Linux, Wasm is a binary instruction format designed for a stack-based virtual machine with use cases extending beyond the web. Recognizing the growth and expanding ambitions of eBPF, Wasm may provide instructive insights, given its design around securely executing arbitrary untrusted programs in complex and hostile environments such as web browsers and clouds. We analyze the security goals, community evolution, memory models, and execution models of both technologies, and conduct a comparative security assessment, exploring memory safety, control flow integrity, API access, and side-channels. Our results show that eBPF has a history of focusing on performance first and security second, while Wasm puts more emphasis on security at the cost of some runtime overheads. Considering language-based restrictions for eBPF and a security model for API access are fruitful directions for future work.
Original languageEnglish
Title of host publicationeBPF 2023 - Proceedings of the ACM SIGCOMM 2023 Workshop on eBPF and Kernel Extensions
Place of PublicationNew York, NY, USA
PublisherACM Press
Pages35–41
Number of pages7
ISBN (Electronic)9798400702938
ISBN (Print)9798400702938
DOIs
Publication statusPublished - 10 Sept 2023

Publication series

NameeBPF 2023 - Proceedings of the ACM SIGCOMM 2023 Workshop on eBPF and Kernel Extensions

Keywords

  • eBPF
  • WebAssembly
  • Security Comparison
  • Threat Model
  • Memory Safety
  • Control Flow Integrity
  • API Access
  • Side-channels
  • webassembly
  • API access
  • threat model
  • side-channels
  • memory safety
  • control flow integrity
  • security comparison

Fingerprint

Dive into the research topics of 'Comparing Security in eBPF and WebAssembly'. Together they form a unique fingerprint.

Cite this