ETD

Archivio digitale delle tesi discusse presso l’Università di Pisa

Tesi etd-02262025-161924

Tipo di tesi

Tesi di laurea magistrale

URN

etd-02262025-161924

Titolo

A study on eBPF enhanced container security: Identifying and Addressing Data Visibility Vulnerabilities

Dipartimento

INGEGNERIA DELL'INFORMAZIONE

Corso di studi

COMPUTER ENGINEERING

Parole chiave

bpf
capabilities
cybersecurity
ebpf
kernel
linux
lsm
seccomp
toctou
virtualization
vulnerability

Data inizio appello

14/04/2025

Consultabilità

Completa

Riassunto (Inglese)

Riassunto (Italiano)

This thesis analyzes and addresses data visibility vulnerabilities among containers running on the same Linux kernel that utilize eBPF (Extended Berkeley Packet Filter). In multi-container environments, shared kernel access can weaken isolation and security, potentially exposing sensitive data to unauthorized containers. The study explores possible attack vectors that leverage eBPF and proposes prototype solutions to enhance container isolation and security while preserving the ability for users inside the containers to utilize BPF.

File

Nome file	Dimensione
FabioPir...isBPF.pdf	2.17 Mb
Contatta l’autore