docs/document.lot

\boolfalse {citerequest}\boolfalse {citetracker}\boolfalse {pagetracker}\boolfalse {backtracker}\relax 
\babel@toc {english}{}
\defcounter {refsection}{0}\relax 
\addvspace {10\p@ }
\defcounter {refsection}{0}\relax 
\addvspace {10\p@ }
\defcounter {refsection}{0}\relax 
\contentsline {table}{\numberline {2.1}{\ignorespaces Table showing BPF instruction format. It is a fixed-length 64 bit instruction, the number of bits used by each field are indicated.\relax }}{8}{table.caption.9}%
\defcounter {refsection}{0}\relax 
\contentsline {table}{\numberline {2.2}{\ignorespaces Table showing relevant eBPF updates. Note that only those relevant for our research objectives are shown. This is a selection of the official complete table at \cite {ebpf_funcs_by_ver}.\relax }}{12}{table.caption.14}%
\defcounter {refsection}{0}\relax 
\contentsline {table}{\numberline {2.3}{\ignorespaces Table showing eBPF instruction format. It is a fixed-length 64 bit instruction, the number of bits used by each field are indicated.\relax }}{13}{table.caption.16}%
\defcounter {refsection}{0}\relax 
\contentsline {table}{\numberline {2.4}{\ignorespaces Table showing eBPF registers and their purpose in the BPF VM.\cite {ebpf_inst_set}\cite {ebpf_starovo_slides}.\relax }}{13}{table.caption.17}%
\defcounter {refsection}{0}\relax 
\contentsline {table}{\numberline {2.5}{\ignorespaces Table showing common fields for creating an eBPF map.\relax }}{15}{table.caption.18}%
\defcounter {refsection}{0}\relax 
\contentsline {table}{\numberline {2.6}{\ignorespaces Table showing types of eBPF maps. Only those used in our rootkit are displayed, the full list can be consulted in the man page \cite {bpf_syscall}\relax }}{15}{table.caption.19}%
\defcounter {refsection}{0}\relax 
\contentsline {table}{\numberline {2.7}{\ignorespaces Table showing types of syscall actions. Only those relevant to our research are shown the full list and attribute details can be consulted in the man page \cite {bpf_syscall}\relax }}{16}{table.caption.20}%
\defcounter {refsection}{0}\relax 
\contentsline {table}{\numberline {2.8}{\ignorespaces Table showing types of eBPF programs. Only those relevant to our research are shown. The full list and attribute details can be consulted in the man page \cite {bpf_syscall}.\relax }}{17}{table.caption.21}%
\defcounter {refsection}{0}\relax 
\contentsline {table}{\numberline {2.9}{\ignorespaces Table showing common eBPF helpers. Only those relevant to our research are shown. Those helpers exclusive to an specific program type are not listed. The full list and attribute details can be consulted in the man page \cite {ebpf_helpers}.\relax }}{18}{table.caption.22}%
\defcounter {refsection}{0}\relax 
\addvspace {10\p@ }
\defcounter {refsection}{0}\relax 
\addvspace {10\p@ }
\defcounter {refsection}{0}\relax 
\addvspace {10\p@ }
\contentsfinish
Included uc3m template 2021-10-27 22:29:57 +02:00			`\boolfalse {citerequest}\boolfalse {citetracker}\boolfalse {pagetracker}\boolfalse {backtracker}\relax`
Updating doc, adding makefile and preparing document 2022-04-27 21:56:37 -04:00			`\babel@toc {english}{}`
Included uc3m template 2021-10-27 22:29:57 +02:00			`\defcounter {refsection}{0}\relax`
Updating doc, adding makefile and preparing document 2022-04-27 21:56:37 -04:00			`\addvspace {10\p@ }`
			`\defcounter {refsection}{0}\relax`
			`\addvspace {10\p@ }`
			`\defcounter {refsection}{0}\relax`
Continued with architecture, finished JIT, remodelled the second section of sSOTA 2022-05-25 22:00:28 -04:00			`\contentsline {table}{\numberline {2.1}{\ignorespaces Table showing BPF instruction format. It is a fixed-length 64 bit instruction, the number of bits used by each field are indicated.\relax }}{8}{table.caption.9}%`
ALmost completed cbpf explantion 2022-05-23 06:17:21 -04:00			`\defcounter {refsection}{0}\relax`
Continued with architecture, finished JIT, remodelled the second section of sSOTA 2022-05-25 22:00:28 -04:00			`\contentsline {table}{\numberline {2.2}{\ignorespaces Table showing relevant eBPF updates. Note that only those relevant for our research objectives are shown. This is a selection of the official complete table at \cite {ebpf_funcs_by_ver}.\relax }}{12}{table.caption.14}%`
Elaborated on ebpf architecture. Incoming explanation of JIT compiling 2022-05-24 20:53:00 -04:00			`\defcounter {refsection}{0}\relax`
Continued with architecture, finished JIT, remodelled the second section of sSOTA 2022-05-25 22:00:28 -04:00			`\contentsline {table}{\numberline {2.3}{\ignorespaces Table showing eBPF instruction format. It is a fixed-length 64 bit instruction, the number of bits used by each field are indicated.\relax }}{13}{table.caption.16}%`
Elaborated on ebpf architecture. Incoming explanation of JIT compiling 2022-05-24 20:53:00 -04:00			`\defcounter {refsection}{0}\relax`
Continued with architecture, finished JIT, remodelled the second section of sSOTA 2022-05-25 22:00:28 -04:00			`\contentsline {table}{\numberline {2.4}{\ignorespaces Table showing eBPF registers and their purpose in the BPF VM.\cite {ebpf_inst_set}\cite {ebpf_starovo_slides}.\relax }}{13}{table.caption.17}%`
Elaborated on ebpf architecture. Incoming explanation of JIT compiling 2022-05-24 20:53:00 -04:00			`\defcounter {refsection}{0}\relax`
Finished core eBPF section 2022-05-26 15:21:00 -04:00			`\contentsline {table}{\numberline {2.5}{\ignorespaces Table showing common fields for creating an eBPF map.\relax }}{15}{table.caption.18}%`
			`\defcounter {refsection}{0}\relax`
			`\contentsline {table}{\numberline {2.6}{\ignorespaces Table showing types of eBPF maps. Only those used in our rootkit are displayed, the full list can be consulted in the man page \cite {bpf_syscall}\relax }}{15}{table.caption.19}%`
			`\defcounter {refsection}{0}\relax`
			`\contentsline {table}{\numberline {2.7}{\ignorespaces Table showing types of syscall actions. Only those relevant to our research are shown the full list and attribute details can be consulted in the man page \cite {bpf_syscall}\relax }}{16}{table.caption.20}%`
			`\defcounter {refsection}{0}\relax`
			`\contentsline {table}{\numberline {2.8}{\ignorespaces Table showing types of eBPF programs. Only those relevant to our research are shown. The full list and attribute details can be consulted in the man page \cite {bpf_syscall}.\relax }}{17}{table.caption.21}%`
			`\defcounter {refsection}{0}\relax`
			`\contentsline {table}{\numberline {2.9}{\ignorespaces Table showing common eBPF helpers. Only those relevant to our research are shown. Those helpers exclusive to an specific program type are not listed. The full list and attribute details can be consulted in the man page \cite {ebpf_helpers}.\relax }}{18}{table.caption.22}%`
			`\defcounter {refsection}{0}\relax`
Updating doc, adding makefile and preparing document 2022-04-27 21:56:37 -04:00			`\addvspace {10\p@ }`
			`\defcounter {refsection}{0}\relax`
			`\addvspace {10\p@ }`
Included uc3m template 2021-10-27 22:29:57 +02:00			`\defcounter {refsection}{0}\relax`
			`\addvspace {10\p@ }`
			`\contentsfinish`