Overview
This course teaches learners about Kernel Runtime Security Instrumentation (KRSI) and how it aims to provide an extensible Linux Security Module (LSM) by allowing userspace programs and system owners to attach eBPF programs to security hooks. The course covers the need for KRSI, compares it to existing alternatives, outlines the proposed design and interfaces, and includes a live demo. By the end of the course, learners will understand the concept of KRSI, its benefits, and how to implement it using eBPF programs. The course is suitable for system administrators, cybersecurity professionals, and anyone interested in Linux kernel security.
Syllabus
Introduction
Motivation
EBPF
Detections
Future plans
Conclusion
Taught by
Linux Foundation