Efficient, portable and extensible packet inspection with eBPF [article]

Matteo Repetto, Marco Zuppelli, Alessandro Carrega
2021 Zenodo  
The availability of virtualization technologies and cloud models has made possible an effective decoupling of applications and services from the underlying infrastructure, which eventually allows far more flexibility in deployment and operation processes than in the past. However, this also means that hardware acceleration will be available ever more seldom, which may jeopardize the efficiency of computing-intensive tasks, including network monitoring and packet inspection in cyber- security
more » ... liances. In ASTRID, we investigated the usage of the extended Berkeley Packet Filter (eBPF) for effective and efficient packet inspection. Our goal is the implementation of a tool that provides similar information as existing cyber-security appliances but with a reduced execution footprint, in order to be easily integrated in cloud-native applications without any hardware or software dependency on the underlying infrastructure. In this paper, we discuss the main results of our work with respect to two challenging use cases, namely amplification attacks and network covert channels.
doi:10.5281/zenodo.5121392 fatcat:bfycrkiobjhq7cm65j6hl3keu4