| 题名 | RingGuard: Guard io_uring with eBPF |
| 作者 | |
| 通讯作者 | Zhang, Fengwei; Wang, Shuai |
| DOI | |
| 发表日期 | 2023-09-10
|
| 会议名称 | 1st Workshop on eBPF and Kernel Extensions, eBPF 2023
|
| ISBN | 9798400702938
|
| 会议录名称 | |
| 页码 | 56-62
|
| 会议日期 | September 10, 2023
|
| 会议地点 | New York, NY, United states
|
| 会议录编者/会议主办者 | ACM SIGCOMM
|
| 出版地 | 1601 Broadway, 10th Floor, NEW YORK, NY, UNITED STATES
|
| 出版者 | |
| 摘要 | Io-uring offers a flexible yet efficient asynchronous I/O paradigm for Linux. Despite a significant performance improvement, it also brings many security concerns to the kernel. Not only does io-uring itself contain multiple vulnerabilities, but it can also be used to bypass existing security mechanisms such as seccomp. To address these problems, this paper proposes a security mechanism named RingGuard that safeguards io-uring with eBPF programs. RingGuard is carefully designed to reduce the overhead of I/O request submission and to ensure the security of inserted eBPF programs. Our evaluation shows that RingGuard provides encouraging security benefits with moderate overhead. For instance, the overhead of RingGuard in file I/O scenarios is merely 7.8%.
© 2023 ACM. |
| 关键词 | |
| 学校署名 | 第一
; 通讯
|
| 语种 | 英语
|
| 相关链接 | [来源记录] |
| 收录类别 | |
| 资助项目 | We would like to thank the anonymous reviewers for their insightful comments. This work is partly supported by the National Natural Science Foundation of China under Grant No. 62002151 and Shenzhen Science and Technology Program under Grant No. SGDX20201103095408029 and No. ZDSYS20210623092007023.
|
| WOS研究方向 | Computer Science
|
| WOS类目 | Computer Science, Hardware & Architecture
; Computer Science, Software Engineering
; Computer Science, Theory & Methods
|
| WOS记录号 | WOS:001302566100009
|
| EI入藏号 | 20234014832240
|
| 来源库 | EV Compendex
|
| 引用统计 | |
| 成果类型 | 会议论文 |
| 条目标识符 | http://sustech.caswiz.com/handle/2SGJ60CL/673802 |
| 专题 | 工学院_斯发基斯可信自主研究院 工学院_计算机科学与工程系 |
| 作者单位 | 1.Research Institute of Trustworthy Autonomous Systems, Southern University of Science and Technology, China 2.Department of Computer Science and Engineering, Southern University of Science and Technology, China 3.Shenzhen Key Laboratory of Safety and Security for Next Generation of Industrial Internet, Southern University of Science and Technology, China 4.Department of Computer Science and Engineering, Hong Kong University of Science and Technology, China |
| 第一作者单位 | 斯发基斯可信自主系统研究院; 计算机科学与工程系 |
| 通讯作者单位 | 斯发基斯可信自主系统研究院; 南方科技大学 |
| 第一作者的第一单位 | 斯发基斯可信自主系统研究院 |
| 推荐引用方式 GB/T 7714 |
He, Wanning,Lu, Hongyi,Zhang, Fengwei,et al. RingGuard: Guard io_uring with eBPF[C]//ACM SIGCOMM. 1601 Broadway, 10th Floor, NEW YORK, NY, UNITED STATES:Association for Computing Machinery, Inc,2023:56-62.
|
| 条目包含的文件 | ||||||
| 文件名称/大小 | 文献类型 | 版本类型 | 开放类型 | 使用许可 | 操作 | |
| 2023RingGuard.pdf(1260KB) | -- | -- | 开放获取 | -- | 浏览 | |
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
;
修改评论