When eBPF Meets Machine Learning: On-the-fly OS Kernel Compartmentalization

• URL: http://arxiv.org/abs/2401.05641v1
• Date: Thu, 11 Jan 2024 03:30:50 GMT
• Title: When eBPF Meets Machine Learning: On-the-fly OS Kernel Compartmentalization
• Authors: Zicheng Wang, Tiejin Chen, Qinrun Dai, Yueqi Chen, Hua Wei, Qingkai Zeng
• Abstract summary: Compartmentalization effectively prevents initial corruption from turning into a successful attack. This paper presents O2C, a pioneering system designed to enforce OS kernel compartmentalization on the fly. O2C is empowered by the newest advancements of the eBPF ecosystem which allows to instrument eBPF programs that perform enforcement actions into the kernel at runtime.
• Score: 10.368811907720064
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Compartmentalization effectively prevents initial corruption from turning into a successful attack. This paper presents O2C, a pioneering system designed to enforce OS kernel compartmentalization on the fly. It not only provides immediate remediation for sudden threats but also maintains consistent system availability through the enforcement process. O2C is empowered by the newest advancements of the eBPF ecosystem which allows to instrument eBPF programs that perform enforcement actions into the kernel at runtime. O2C takes the lead in embedding a machine learning model into eBPF programs, addressing unique challenges in on-the-fly compartmentalization. Our comprehensive evaluation shows that O2C effectively confines damage within the compartment. Further, we validate that decision tree is optimally suited for O2C owing to its advantages in processing tabular data, its explainable nature, and its compliance with the eBPF ecosystem. Last but not least, O2C is lightweight, showing negligible overhead and excellent sacalability system-wide.

Related papers

• Offline Behavior Distillation [57.6900189406964]
  Massive reinforcement learning (RL) data are typically collected to train policies offline without the need for interactions. We formulate offline behavior distillation (OBD), which synthesizes limited expert behavioral data from sub-optimal RL data. We propose two naive OBD objectives, DBC and PBC, which measure distillation performance via the decision difference between policies trained on distilled data and either offline data or a near-expert policy.
  arXiv  Detail & Related papers  (2024-10-30T06:28:09Z)
• SafeBPF: Hardware-assisted Defense-in-depth for eBPF Kernel Extensions [1.0499611180329806]
  We introduce SafeBPF, a general design that isolates eBPF programs from the rest of the kernel to prevent memory safety vulnerabilities from being exploited. We show that SafeBPF incurs up to 4% overhead on macrobenchmarks while achieving desired security properties.
  arXiv  Detail & Related papers  (2024-09-11T13:58:51Z)
• Leakage-Resilient and Carbon-Neutral Aggregation Featuring the Federated AI-enabled Critical Infrastructure [42.688679691088204]
  We propose a leakage-resilient, communication-efficient, and carbon-neutral approach for ACI networks. We show that CDPA can reduce communication cost by half while preserving model utility. We highlight existing benchmarks that generate 2.6x to over 100x more carbon emissions than CDPA.
  arXiv  Detail & Related papers  (2024-05-24T06:35:09Z)
• KEN: Kernel Extensions using Natural Language [1.293634133244466]
  KEN is a framework that allows Kernel Extensions to be written in Natural language. It synthesizes an eBPF program given a user's English language prompt. We show that KEN produces correct eBPF programs on 80% which is an improvement of a factor of 2.67 compared to an LLM-empowered program synthesis baseline.
  arXiv  Detail & Related papers  (2023-12-09T10:45:54Z)
• Image Prior and Posterior Conditional Probability Representation for Efficient Damage Assessment [51.631659414455825]
  It is important to quantify Damage Assessment for Human Assistance and Disaster Response applications. In this paper, an image prior and posterior conditional probability (IP2CP) is developed as an effective computational imaging representation. The matching pre- and post-disaster images are effectively encoded into one image that is then processed using deep learning approaches to determine the damage levels.
  arXiv  Detail & Related papers  (2023-10-26T22:17:37Z)
• Secure Deep Learning-based Distributed Intelligence on Pocket-sized Drones [75.80952211739185]
  Palm-sized nano-drones are an appealing class of edge nodes, but their limited computational resources prevent running large deep-learning models onboard. Adopting an edge-fog computational paradigm, we can offload part of the computation to the fog; however, this poses security concerns if the fog node, or the communication link, can not be trusted. We propose a novel distributed edge-fog execution scheme that validates fog computation by redundantly executing a random subnetwork aboard our nano-drone.
  arXiv  Detail & Related papers  (2023-07-04T08:29:41Z)
• A Safe Genetic Algorithm Approach for Energy Efficient Federated Learning in Wireless Communication Networks [53.561797148529664]
  Federated Learning (FL) has emerged as a decentralized technique, where contrary to traditional centralized approaches, devices perform a model training in a collaborative manner. Despite the existing efforts made in FL, its environmental impact is still under investigation, since several critical challenges regarding its applicability to wireless networks have been identified. The current work proposes a Genetic Algorithm (GA) approach, targeting the minimization of both the overall energy consumption of an FL process and any unnecessary resource utilization.
  arXiv  Detail & Related papers  (2023-06-25T13:10:38Z)
• BRF: eBPF Runtime Fuzzer [3.895892630722353]
  This paper introduces the BPF Fuzzer (BRF), a fuzzer that can satisfy the semantics and dependencies required by the verifier and the eBPF subsystem. BRF achieves 101% higher code coverage. As a result, BRF has so far managed to find 4 vulnerabilities (some of them have been assigned runtime numbers) in the eBPF.
  arXiv  Detail & Related papers  (2023-05-15T16:42:51Z)
• MOAT: Towards Safe BPF Kernel Extension [10.303142268182116]
  The Linux kernel extensively uses the Berkeley Packet Filter (BPF) to allow user-written BPF applications to execute in the kernel space. Recent attacks show that BPF programs can evade security checks and gain unauthorized access to kernel memory. We present MOAT, a system that isolates potentially malicious BPF programs using Intel Memory Protection Keys (MPK)
  arXiv  Detail & Related papers  (2023-01-31T05:31:45Z)
• General Cutting Planes for Bound-Propagation-Based Neural Network Verification [144.7290035694459]
  We generalize the bound propagation procedure to allow the addition of arbitrary cutting plane constraints. We find that MIP solvers can generate high-quality cutting planes for strengthening bound-propagation-based verifiers. Our method is the first verifier that can completely solve the oval20 benchmark and verify twice as many instances on the oval21 benchmark.
  arXiv  Detail & Related papers  (2022-08-11T10:31:28Z)
• A Privacy-Preserving-Oriented DNN Pruning and Mobile Acceleration Framework [56.57225686288006]
  Weight pruning of deep neural networks (DNNs) has been proposed to satisfy the limited storage and computing capability of mobile edge devices. Previous pruning methods mainly focus on reducing the model size and/or improving performance without considering the privacy of user data. We propose a privacy-preserving-oriented pruning and mobile acceleration framework that does not require the private training dataset.
  arXiv  Detail & Related papers  (2020-03-13T23:52:03Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.