{"title":"When eBPF Meets Machine Learning: On-the-fly OS Kernel Compartmentalization","authors":"Zicheng Wang, Tiejin Chen, Qinrun Dai, Yueqi Chen, Hua Wei, Qingkai Zeng","doi":"arxiv-2401.05641","DOIUrl":null,"url":null,"abstract":"Compartmentalization effectively prevents initial corruption from turning\ninto a successful attack. This paper presents O2C, a pioneering system designed\nto enforce OS kernel compartmentalization on the fly. It not only provides\nimmediate remediation for sudden threats but also maintains consistent system\navailability through the enforcement process. O2C is empowered by the newest advancements of the eBPF ecosystem which\nallows to instrument eBPF programs that perform enforcement actions into the\nkernel at runtime. O2C takes the lead in embedding a machine learning model\ninto eBPF programs, addressing unique challenges in on-the-fly\ncompartmentalization. Our comprehensive evaluation shows that O2C effectively\nconfines damage within the compartment. Further, we validate that decision tree\nis optimally suited for O2C owing to its advantages in processing tabular data,\nits explainable nature, and its compliance with the eBPF ecosystem. Last but\nnot least, O2C is lightweight, showing negligible overhead and excellent\nsacalability system-wide.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"1 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-01-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Operating Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2401.05641","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Compartmentalization effectively prevents initial corruption from turning
into a successful attack. This paper presents O2C, a pioneering system designed
to enforce OS kernel compartmentalization on the fly. It not only provides
immediate remediation for sudden threats but also maintains consistent system
availability through the enforcement process. O2C is empowered by the newest advancements of the eBPF ecosystem which
allows to instrument eBPF programs that perform enforcement actions into the
kernel at runtime. O2C takes the lead in embedding a machine learning model
into eBPF programs, addressing unique challenges in on-the-fly
compartmentalization. Our comprehensive evaluation shows that O2C effectively
confines damage within the compartment. Further, we validate that decision tree
is optimally suited for O2C owing to its advantages in processing tabular data,
its explainable nature, and its compliance with the eBPF ecosystem. Last but
not least, O2C is lightweight, showing negligible overhead and excellent
sacalability system-wide.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
