admin/TripleCross
1
0
Fork 0
mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-17 15:43:08 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
8bc376e734ccd68f497551380f19b07c2c0d7dbd
TripleCross/docs/document.aux

383 lines
35 KiB
TeX
Raw Normal View History

Updating doc, adding makefile and preparing document
2022-04-27 21:56:37 -04:00
\relax
\providecommand\hyper@newdestlabel[2]{}
\providecommand\HyperFirstAtBeginDocument{\AtBeginDocument}
\HyperFirstAtBeginDocument{\ifx\hyper@anchor\@undefined
\global\let\oldcontentsline\contentsline
\gdef\contentsline#1#2#3#4{\oldcontentsline{#1}{#2}{#3}}
\global\let\oldnewlabel\newlabel
\gdef\newlabel#1#2{\newlabelxx{#1}#2}
\gdef\newlabelxx#1#2#3#4#5#6{\oldnewlabel{#1}{{#2}{#3}}}
\AtEndDocument{\ifx\hyper@anchor\@undefined
\let\contentsline\oldcontentsline
\let\newlabel\oldnewlabel
\fi}
\fi}
\global\let\hyper@last\relax
\gdef\HyperFirstAtBeginDocument#1{#1}
\providecommand\HyField@AuxAddToFields[1]{}
\providecommand\HyField@AuxAddToCoFields[2]{}
\providecommand\babel@aux[2]{}
\@nameuse{bbl@beforestart}
\@writefile{toc}{\boolfalse {citerequest}\boolfalse {citetracker}\boolfalse {pagetracker}\boolfalse {backtracker}\relax }
\@writefile{lof}{\boolfalse {citerequest}\boolfalse {citetracker}\boolfalse {pagetracker}\boolfalse {backtracker}\relax }
\@writefile{lot}{\boolfalse {citerequest}\boolfalse {citetracker}\boolfalse {pagetracker}\boolfalse {backtracker}\relax }
\abx@aux@refcontext{none/global//global/global}
\babel@aux{english}{}
Added partial motivation section
2022-05-20 21:20:24 -04:00
\abx@aux@cite{ransomware_pwc}
\abx@aux@segm{0}{0}{ransomware_pwc}
Updating doc, adding makefile and preparing document
2022-04-27 21:56:37 -04:00
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {1}Introduction}{1}{chapter.1}\protected@file@percent }
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {1.1}Motivation}{1}{section.1.1}\protected@file@percent }
Added partial motivation section
2022-05-20 21:20:24 -04:00
\abx@aux@cite{rootkit_ptsecurity}
\abx@aux@segm{0}{0}{rootkit_ptsecurity}
Completed motivation
2022-05-20 22:58:33 -04:00
\abx@aux@cite{ebpf_linux318}
\abx@aux@segm{0}{0}{ebpf_linux318}
\abx@aux@cite{bvp47_report}
\abx@aux@segm{0}{0}{bvp47_report}
\abx@aux@cite{bpfdoor_pwc}
\abx@aux@segm{0}{0}{bpfdoor_pwc}
\abx@aux@cite{ebpf_windows}
\abx@aux@segm{0}{0}{ebpf_windows}
\abx@aux@cite{ebpf_android}
\abx@aux@segm{0}{0}{ebpf_android}
Went on with the objectives section
2022-05-21 16:56:05 -04:00
\abx@aux@cite{evil_ebpf}
\abx@aux@segm{0}{0}{evil_ebpf}
\abx@aux@cite{bad_ebpf}
\abx@aux@segm{0}{0}{bad_ebpf}
\abx@aux@cite{ebpf_friends}
\abx@aux@segm{0}{0}{ebpf_friends}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {1.2}Project objectives}{3}{section.1.2}\protected@file@percent }
Completed the objectives section. Skipping the rest of the chapter
2022-05-21 19:43:51 -04:00
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {1.3}Regulatory framework}{4}{section.1.3}\protected@file@percent }
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {1.3.1}Social and economic environment}{4}{subsection.1.3.1}\protected@file@percent }
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {1.3.2}Budget}{4}{subsection.1.3.2}\protected@file@percent }
Continued with the state of the art section
2022-05-22 08:19:32 -04:00
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {1.4}Structure of the document}{4}{section.1.4}\protected@file@percent }
Continued with classic bpf explanations
2022-05-22 19:57:47 -04:00
\abx@aux@cite{ebpf_io}
\abx@aux@segm{0}{0}{ebpf_io}
Continued with the state of the art section
2022-05-22 08:19:32 -04:00
\abx@aux@cite{bpf_bsd_origin}
\abx@aux@segm{0}{0}{bpf_bsd_origin}
Continued with ebpf history
2022-05-22 10:04:16 -04:00
\abx@aux@cite{ebpf_history_opensource}
\abx@aux@segm{0}{0}{ebpf_history_opensource}
Included some comments on next work
2022-05-21 20:56:00 -04:00
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {2}State of the art}{5}{chapter.2}\protected@file@percent }
Updating doc, adding makefile and preparing document
2022-04-27 21:56:37 -04:00
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
Completed bpf in the history section
2022-05-23 07:08:46 -04:00
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {2.1}eBPF history - Classic BPF}{5}{section.2.1}\protected@file@percent }
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {2.1.1}Introduction to the BPF system}{5}{subsection.2.1.1}\protected@file@percent }
Continued with classic bpf explanations
2022-05-22 19:57:47 -04:00
\abx@aux@cite{bpf_bsd_origin_bpf_page1}
\abx@aux@segm{0}{0}{bpf_bsd_origin_bpf_page1}
\abx@aux@cite{index_register}
\abx@aux@segm{0}{0}{index_register}
Continued with architecture, finished JIT, remodelled the second section of sSOTA
2022-05-25 22:00:28 -04:00
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\contentsline {figure}{\numberline {2.1}{\ignorespaces Sketch of the functionality of classic BPF\relax }}{6}{figure.caption.7}\protected@file@percent }
\providecommand*\caption@xref[2]{\@setref\relax\@undefined{#1}}
\newlabel{fig:classif_bpf}{{2.1}{6}{Sketch of the functionality of classic BPF\relax }{figure.caption.7}{}}
Completed bpf in the history section
2022-05-23 07:08:46 -04:00
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {2.1.2}The BPF virtual machine}{6}{subsection.2.1.2}\protected@file@percent }
Finished core eBPF section
2022-05-26 15:21:00 -04:00
\newlabel{subsection:bpf_vm}{{2.1.2}{6}{The BPF virtual machine}{subsection.2.1.2}{}}
ALmost completed cbpf explantion
2022-05-23 06:17:21 -04:00
\abx@aux@cite{bpf_bsd_origin_bpf_page5}
\abx@aux@segm{0}{0}{bpf_bsd_origin_bpf_page5}
\abx@aux@cite{bpf_organicprogrammer_analysis}
\abx@aux@segm{0}{0}{bpf_organicprogrammer_analysis}
Continued with architecture, finished JIT, remodelled the second section of sSOTA
2022-05-25 22:00:28 -04:00
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {2.1.3}Analysis of a BPF filter program}{7}{subsection.2.1.3}\protected@file@percent }
Completed ebpf verifier
2022-05-26 08:39:45 -04:00
\newlabel{subsection:analysis_bpf_filter_prog}{{2.1.3}{7}{Analysis of a BPF filter program}{subsection.2.1.3}{}}
ALmost completed cbpf explantion
2022-05-23 06:17:21 -04:00
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\contentsline {figure}{\numberline {2.2}{\ignorespaces Execution of a BPF filter.\relax }}{7}{figure.caption.8}\protected@file@percent }
\newlabel{fig:cbpf_prog}{{2.2}{7}{Execution of a BPF filter.\relax }{figure.caption.8}{}}
\abx@aux@cite{bpf_bsd_origin_bpf_page7}
\abx@aux@segm{0}{0}{bpf_bsd_origin_bpf_page7}
\abx@aux@cite{bpf_bsd_origin_bpf_page8}
\abx@aux@segm{0}{0}{bpf_bsd_origin_bpf_page8}
Continued with architecture, finished JIT, remodelled the second section of sSOTA
2022-05-25 22:00:28 -04:00
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {2.1.4}BPF bytecode instruction format}{8}{subsection.2.1.4}\protected@file@percent }
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\contentsline {table}{\numberline {2.1}{\ignorespaces Table showing BPF instruction format. It is a fixed-length 64 bit instruction, the number of bits used by each field are indicated.\relax }}{8}{table.caption.9}\protected@file@percent }
\newlabel{table:bpf_inst_format}{{2.1}{8}{Table showing BPF instruction format. It is a fixed-length 64 bit instruction, the number of bits used by each field are indicated.\relax }{table.caption.9}{}}
ALmost completed cbpf explantion
2022-05-23 06:17:21 -04:00
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\contentsline {figure}{\numberline {2.3}{\ignorespaces Table of supported classic BPF instructions, as shown by McCanne and Jacobson\cite {bpf_bsd_origin_bpf_page7}\relax }}{8}{figure.caption.10}\protected@file@percent }
\newlabel{fig:bpf_instructions}{{2.3}{8}{Table of supported classic BPF instructions, as shown by McCanne and Jacobson\cite {bpf_bsd_origin_bpf_page7}\relax }{figure.caption.10}{}}
\abx@aux@cite{bpf_bsd_origin_bpf_page8}
\abx@aux@segm{0}{0}{bpf_bsd_origin_bpf_page8}
Completed bpf in the history section
2022-05-23 07:08:46 -04:00
\abx@aux@cite{bpf_bsd_origin_bpf_page1}
\abx@aux@segm{0}{0}{bpf_bsd_origin_bpf_page1}
Fixed some diagrams
2022-05-23 08:47:39 -04:00
\abx@aux@cite{tcpdump_page}
\abx@aux@segm{0}{0}{tcpdump_page}
ALmost completed cbpf explantion
2022-05-23 06:17:21 -04:00
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\contentsline {figure}{\numberline {2.4}{\ignorespaces Table explaining the column address modes in Figure\ref {fig:bpf_instructions}, as shown by McCanne and Jacobson\cite {bpf_bsd_origin_bpf_page8}\relax }}{9}{figure.caption.11}\protected@file@percent }
\newlabel{fig:bpf_address_mode}{{2.4}{9}{Table explaining the column address modes in Figure\ref {fig:bpf_instructions}, as shown by McCanne and Jacobson\cite {bpf_bsd_origin_bpf_page8}\relax }{figure.caption.11}{}}
Finished core eBPF section
2022-05-26 15:21:00 -04:00
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {2.1.5}An example of BPF filter with tcpdump}{10}{subsection.2.1.5}\protected@file@percent }
Completed bpf in the history section
2022-05-23 07:08:46 -04:00
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\contentsline {figure}{\numberline {2.5}{\ignorespaces BPF bytecode tcpdump needs to set a filter to display packets directed to port 80.\relax }}{10}{figure.caption.12}\protected@file@percent }
\newlabel{fig:bpf_tcpdump_example}{{2.5}{10}{BPF bytecode tcpdump needs to set a filter to display packets directed to port 80.\relax }{figure.caption.12}{}}
Elaborated on ebpf architecture. Incoming explanation of JIT compiling
2022-05-24 20:53:00 -04:00
\abx@aux@cite{ebpf_funcs_by_ver}
\abx@aux@segm{0}{0}{ebpf_funcs_by_ver}
\abx@aux@cite{ebpf_funcs_by_ver}
\abx@aux@segm{0}{0}{ebpf_funcs_by_ver}
Continued with architecture, finished JIT, remodelled the second section of sSOTA
2022-05-25 22:00:28 -04:00
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\contentsline {figure}{\numberline {2.6}{\ignorespaces Shortest path in the CFG described in the example of figure \ref {fig:bpf_tcpdump_example} that a packet needs to follow to be accepted by the BPF filter set with \textit {tcpdump}.\relax }}{11}{figure.caption.13}\protected@file@percent }
\newlabel{fig:tcpdump_ex_sol}{{2.6}{11}{Shortest path in the CFG described in the example of figure \ref {fig:bpf_tcpdump_example} that a packet needs to follow to be accepted by the BPF filter set with \textit {tcpdump}.\relax }{figure.caption.13}{}}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {2.2}Analysis of modern eBPF}{11}{section.2.2}\protected@file@percent }
Almost finished with SotA section. libbpf remains too get llvm and some functionality explained.
2022-05-27 20:56:36 -04:00
\newlabel{section:modern_ebpf}{{2.2}{11}{Analysis of modern eBPF}{section.2.2}{}}
Continued with architecture, finished JIT, remodelled the second section of sSOTA
2022-05-25 22:00:28 -04:00
\abx@aux@cite{brendan_gregg_bpf_book}
\abx@aux@segm{0}{0}{brendan_gregg_bpf_book}
Elaborated on ebpf architecture. Incoming explanation of JIT compiling
2022-05-24 20:53:00 -04:00
\abx@aux@cite{brendan_gregg_bpf_book}
\abx@aux@segm{0}{0}{brendan_gregg_bpf_book}
Continued with architecture, finished JIT, remodelled the second section of sSOTA
2022-05-25 22:00:28 -04:00
\abx@aux@cite{ebpf_io_arch}
\abx@aux@segm{0}{0}{ebpf_io_arch}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\contentsline {table}{\numberline {2.2}{\ignorespaces Table showing relevant eBPF updates. Note that only those relevant for our research objectives are shown. This is a selection of the official complete table at \cite {ebpf_funcs_by_ver}.\relax }}{12}{table.caption.14}\protected@file@percent }
\newlabel{table:ebpf_history}{{2.2}{12}{Table showing relevant eBPF updates. Note that only those relevant for our research objectives are shown. This is a selection of the official complete table at \cite {ebpf_funcs_by_ver}.\relax }{table.caption.14}{}}
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\contentsline {figure}{\numberline {2.7}{\ignorespaces Figure showing overall eBPF architecture in the Linux kernel and the process of loading an eBPF program. Based on\cite {brendan_gregg_bpf_book} and \cite {ebpf_io_arch}.\relax }}{12}{figure.caption.15}\protected@file@percent }
\newlabel{fig:ebpf_architecture}{{2.7}{12}{Figure showing overall eBPF architecture in the Linux kernel and the process of loading an eBPF program. Based on\cite {brendan_gregg_bpf_book} and \cite {ebpf_io_arch}.\relax }{figure.caption.15}{}}
Elaborated on ebpf architecture. Incoming explanation of JIT compiling
2022-05-24 20:53:00 -04:00
\abx@aux@cite{ebpf_inst_set}
\abx@aux@segm{0}{0}{ebpf_inst_set}
\abx@aux@cite{8664_inst_set_specs}
\abx@aux@segm{0}{0}{8664_inst_set_specs}
\abx@aux@cite{ebpf_inst_set}
\abx@aux@segm{0}{0}{ebpf_inst_set}
Continued with architecture, finished JIT, remodelled the second section of sSOTA
2022-05-25 22:00:28 -04:00
\abx@aux@cite{ebpf_inst_set}
\abx@aux@segm{0}{0}{ebpf_inst_set}
Elaborated on ebpf architecture. Incoming explanation of JIT compiling
2022-05-24 20:53:00 -04:00
\abx@aux@cite{ebpf_starovo_slides}
\abx@aux@segm{0}{0}{ebpf_starovo_slides}
\abx@aux@cite{ebpf_inst_set}
\abx@aux@segm{0}{0}{ebpf_inst_set}
\abx@aux@cite{ebpf_starovo_slides}
\abx@aux@segm{0}{0}{ebpf_starovo_slides}
Continued with architecture, finished JIT, remodelled the second section of sSOTA
2022-05-25 22:00:28 -04:00
\abx@aux@cite{ebpf_JIT}
\abx@aux@segm{0}{0}{ebpf_JIT}
\abx@aux@cite{ebpf_JIT_demystify_page13}
\abx@aux@segm{0}{0}{ebpf_JIT_demystify_page13}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {2.2.1}eBPF instruction set}{13}{subsection.2.2.1}\protected@file@percent }
\newlabel{subsection:ebpf_inst_set}{{2.2.1}{13}{eBPF instruction set}{subsection.2.2.1}{}}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\contentsline {table}{\numberline {2.3}{\ignorespaces Table showing eBPF instruction format. It is a fixed-length 64 bit instruction, the number of bits used by each field are indicated.\relax }}{13}{table.caption.16}\protected@file@percent }
\newlabel{table:ebpf_inst_format}{{2.3}{13}{Table showing eBPF instruction format. It is a fixed-length 64 bit instruction, the number of bits used by each field are indicated.\relax }{table.caption.16}{}}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\contentsline {table}{\numberline {2.4}{\ignorespaces Table showing eBPF registers and their purpose in the BPF VM.\cite {ebpf_inst_set}\cite {ebpf_starovo_slides}.\relax }}{13}{table.caption.17}\protected@file@percent }
\newlabel{table:ebpf_regs}{{2.4}{13}{Table showing eBPF registers and their purpose in the BPF VM.\cite {ebpf_inst_set}\cite {ebpf_starovo_slides}.\relax }{table.caption.17}{}}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {2.2.2}JIT compilation}{13}{subsection.2.2.2}\protected@file@percent }
\abx@aux@cite{ebpf_JIT_demystify_page14}
\abx@aux@segm{0}{0}{ebpf_JIT_demystify_page14}
\abx@aux@cite{jit_enable_setting}
\abx@aux@segm{0}{0}{jit_enable_setting}
\abx@aux@cite{ebpf_starovo_slides_page23}
\abx@aux@segm{0}{0}{ebpf_starovo_slides_page23}
\abx@aux@cite{brendan_gregg_bpf_book_bpf_vm}
\abx@aux@segm{0}{0}{brendan_gregg_bpf_book_bpf_vm}
Completed ebpf verifier
2022-05-26 08:39:45 -04:00
\abx@aux@cite{ebpf_verifier_kerneldocs}
\abx@aux@segm{0}{0}{ebpf_verifier_kerneldocs}
\abx@aux@cite{ebpf_JIT_demystify_page17-22}
\abx@aux@segm{0}{0}{ebpf_JIT_demystify_page17-22}
\abx@aux@cite{ebpf_bounded_loops}
\abx@aux@segm{0}{0}{ebpf_bounded_loops}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {2.2.3}The eBPF verifier}{14}{subsection.2.2.3}\protected@file@percent }
Finished core eBPF section
2022-05-26 15:21:00 -04:00
\abx@aux@cite{ebpf_maps_kernel}
\abx@aux@segm{0}{0}{ebpf_maps_kernel}
\abx@aux@cite{bpf_syscall}
\abx@aux@segm{0}{0}{bpf_syscall}
\abx@aux@cite{bpf_syscall}
\abx@aux@segm{0}{0}{bpf_syscall}
\abx@aux@cite{bpf_syscall}
\abx@aux@segm{0}{0}{bpf_syscall}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {2.2.4}eBPF maps}{15}{subsection.2.2.4}\protected@file@percent }
Continued with offensive capabilities, incorporated security features and started with tracing program features
2022-06-02 19:00:10 -04:00
\newlabel{subsection:ebpf_maps}{{2.2.4}{15}{eBPF maps}{subsection.2.2.4}{}}
Finished core eBPF section
2022-05-26 15:21:00 -04:00
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\contentsline {table}{\numberline {2.5}{\ignorespaces Table showing common fields for creating an eBPF map.\relax }}{15}{table.caption.18}\protected@file@percent }
\newlabel{table:ebpf_map_struct}{{2.5}{15}{Table showing common fields for creating an eBPF map.\relax }{table.caption.18}{}}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\contentsline {table}{\numberline {2.6}{\ignorespaces Table showing types of eBPF maps. Only those used in our rootkit are displayed, the full list can be consulted in the man page \cite {bpf_syscall}\relax }}{15}{table.caption.19}\protected@file@percent }
\newlabel{table:ebpf_map_types}{{2.6}{15}{Table showing types of eBPF maps. Only those used in our rootkit are displayed, the full list can be consulted in the man page \cite {bpf_syscall}\relax }{table.caption.19}{}}
\abx@aux@cite{bpf_syscall}
\abx@aux@segm{0}{0}{bpf_syscall}
\abx@aux@cite{bpf_syscall}
\abx@aux@segm{0}{0}{bpf_syscall}
\abx@aux@cite{bpf_syscall}
\abx@aux@segm{0}{0}{bpf_syscall}
\abx@aux@cite{bpf_syscall}
\abx@aux@segm{0}{0}{bpf_syscall}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {2.2.5}The eBPF ring buffer}{16}{subsection.2.2.5}\protected@file@percent }
\newlabel{subsection:bpf_ring_buf}{{2.2.5}{16}{The eBPF ring buffer}{subsection.2.2.5}{}}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {2.2.6}The bpf() syscall}{16}{subsection.2.2.6}\protected@file@percent }
Continued with eBPF program types
2022-05-26 21:47:28 -04:00
\newlabel{subsection:bpf_syscall}{{2.2.6}{16}{The bpf() syscall}{subsection.2.2.6}{}}
Finished core eBPF section
2022-05-26 15:21:00 -04:00
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\contentsline {table}{\numberline {2.7}{\ignorespaces Table showing types of syscall actions. Only those relevant to our research are shown the full list and attribute details can be consulted in the man page \cite {bpf_syscall}\relax }}{16}{table.caption.20}\protected@file@percent }
\newlabel{table:ebpf_syscall}{{2.7}{16}{Table showing types of syscall actions. Only those relevant to our research are shown the full list and attribute details can be consulted in the man page \cite {bpf_syscall}\relax }{table.caption.20}{}}
\abx@aux@cite{ebpf_helpers}
\abx@aux@segm{0}{0}{ebpf_helpers}
\abx@aux@cite{ebpf_helpers}
\abx@aux@segm{0}{0}{ebpf_helpers}
\abx@aux@cite{ebpf_helpers}
\abx@aux@segm{0}{0}{ebpf_helpers}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\contentsline {table}{\numberline {2.8}{\ignorespaces Table showing types of eBPF programs. Only those relevant to our research are shown. The full list and attribute details can be consulted in the man page \cite {bpf_syscall}.\relax }}{17}{table.caption.21}\protected@file@percent }
\newlabel{table:ebpf_prog_types}{{2.8}{17}{Table showing types of eBPF programs. Only those relevant to our research are shown. The full list and attribute details can be consulted in the man page \cite {bpf_syscall}.\relax }{table.caption.21}{}}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {2.2.7}eBPF helpers}{17}{subsection.2.2.7}\protected@file@percent }
Continued with offensive capabilities, incorporated security features and started with tracing program features
2022-06-02 19:00:10 -04:00
\newlabel{subsection:ebpf_helpers}{{2.2.7}{17}{eBPF helpers}{subsection.2.2.7}{}}
Continued with eBPF program types
2022-05-26 21:47:28 -04:00
\abx@aux@cite{xdp_gentle_intro}
\abx@aux@segm{0}{0}{xdp_gentle_intro}
Finished core eBPF section
2022-05-26 15:21:00 -04:00
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\contentsline {table}{\numberline {2.9}{\ignorespaces Table showing common eBPF helpers. Only those relevant to our research are shown. Those helpers exclusive to an specific program type are not listed. The full list and attribute details can be consulted in the man page \cite {ebpf_helpers}.\relax }}{18}{table.caption.22}\protected@file@percent }
\newlabel{table:ebpf_helpers}{{2.9}{18}{Table showing common eBPF helpers. Only those relevant to our research are shown. Those helpers exclusive to an specific program type are not listed. The full list and attribute details can be consulted in the man page \cite {ebpf_helpers}.\relax }{table.caption.22}{}}
Continued with eBPF program types
2022-05-26 21:47:28 -04:00
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {2.3}eBPF program types}{18}{section.2.3}\protected@file@percent }
Continued with offensive capabilities, incorporated security features and started with tracing program features
2022-06-02 19:00:10 -04:00
\newlabel{section:ebpf_prog_types}{{2.3}{18}{eBPF program types}{section.2.3}{}}
Continued with eBPF program types
2022-05-26 21:47:28 -04:00
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {2.3.1}XDP}{18}{subsection.2.3.1}\protected@file@percent }
\abx@aux@cite{xdp_manual}
\abx@aux@segm{0}{0}{xdp_manual}
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\contentsline {figure}{\numberline {2.8}{\ignorespaces Figure showing how the eBPF XDP and TC modules are integrated in the network processing in the Linux kernel.\relax }}{19}{figure.caption.23}\protected@file@percent }
\newlabel{fig:xdp_diag}{{2.8}{19}{Figure showing how the eBPF XDP and TC modules are integrated in the network processing in the Linux kernel.\relax }{figure.caption.23}{}}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\contentsline {table}{\numberline {2.10}{\ignorespaces Table showing XDP relevant return values.\relax }}{19}{table.caption.24}\protected@file@percent }
\newlabel{table:xdp_actions_av}{{2.10}{19}{Table showing XDP relevant return values.\relax }{table.caption.24}{}}
\abx@aux@cite{tc_differences}
\abx@aux@segm{0}{0}{tc_differences}
\abx@aux@cite{tc_docs_complete}
\abx@aux@segm{0}{0}{tc_docs_complete}
\abx@aux@cite{tc_direct_action}
\abx@aux@segm{0}{0}{tc_direct_action}
\abx@aux@cite{tc_ret_list_complete}
\abx@aux@segm{0}{0}{tc_ret_list_complete}
\abx@aux@cite{tc_ret_list_complete}
\abx@aux@segm{0}{0}{tc_ret_list_complete}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\contentsline {table}{\numberline {2.11}{\ignorespaces Table showing relevant XDP-exclusive eBPF helpers.\relax }}{20}{table.caption.25}\protected@file@percent }
\newlabel{table:xdp_helpers}{{2.11}{20}{Table showing relevant XDP-exclusive eBPF helpers.\relax }{table.caption.25}{}}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {2.3.2}Traffic Control}{20}{subsection.2.3.2}\protected@file@percent }
Almost finished with SotA section. libbpf remains too get llvm and some functionality explained.
2022-05-27 20:56:36 -04:00
\abx@aux@cite{tp_kernel}
\abx@aux@segm{0}{0}{tp_kernel}
Continued with eBPF program types
2022-05-26 21:47:28 -04:00
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\contentsline {table}{\numberline {2.12}{\ignorespaces Table showing TC relevant return values. Full list can be consulted at \cite {tc_ret_list_complete}.\relax }}{21}{table.caption.26}\protected@file@percent }
\newlabel{table:tc_actions}{{2.12}{21}{Table showing TC relevant return values. Full list can be consulted at \cite {tc_ret_list_complete}.\relax }{table.caption.26}{}}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\contentsline {table}{\numberline {2.13}{\ignorespaces Table showing relevant TC-exclusive eBPF helpers.\relax }}{21}{table.caption.27}\protected@file@percent }
\newlabel{table:tc_helpers}{{2.13}{21}{Table showing relevant TC-exclusive eBPF helpers.\relax }{table.caption.27}{}}
Almost finished with SotA section. libbpf remains too get llvm and some functionality explained.
2022-05-27 20:56:36 -04:00
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {2.3.3}Tracepoints}{21}{subsection.2.3.3}\protected@file@percent }
Continued with offensive tracing capabilities
2022-06-02 21:07:42 -04:00
\newlabel{subsection:tracepoints}{{2.3.3}{21}{Tracepoints}{subsection.2.3.3}{}}
Almost finished with SotA section. libbpf remains too get llvm and some functionality explained.
2022-05-27 20:56:36 -04:00
\abx@aux@cite{kprobe_manual}
\abx@aux@segm{0}{0}{kprobe_manual}
\abx@aux@cite{kallsyms_kernel}
\abx@aux@segm{0}{0}{kallsyms_kernel}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {2.3.4}Kprobes}{22}{subsection.2.3.4}\protected@file@percent }
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {2.3.5}Uprobes}{22}{subsection.2.3.5}\protected@file@percent }
\abx@aux@cite{bcc_github}
\abx@aux@segm{0}{0}{bcc_github}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {2.4}Developing eBPF programs}{23}{section.2.4}\protected@file@percent }
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {2.4.1}BCC}{23}{subsection.2.4.1}\protected@file@percent }
Finished SotA
2022-05-28 09:23:41 -04:00
\abx@aux@cite{libbpf_github}
\abx@aux@segm{0}{0}{libbpf_github}
\abx@aux@cite{libbpf_upstream}
\abx@aux@segm{0}{0}{libbpf_upstream}
\abx@aux@cite{libbpf_core}
\abx@aux@segm{0}{0}{libbpf_core}
Continued with offensive capabilities, incorporated security features and started with tracing program features
2022-06-02 19:00:10 -04:00
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {2.4.2}Bpftool}{24}{subsection.2.4.2}\protected@file@percent }
Almost finished with SotA section. libbpf remains too get llvm and some functionality explained.
2022-05-27 20:56:36 -04:00
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {2.4.3}Libbpf}{24}{subsection.2.4.3}\protected@file@percent }
Finished SotA
2022-05-28 09:23:41 -04:00
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\contentsline {figure}{\numberline {2.9}{\ignorespaces Sketch of the compilation and loading process of a program developed with libbpf.\relax }}{25}{figure.caption.28}\protected@file@percent }
\newlabel{fig:libbpf}{{2.9}{25}{Sketch of the compilation and loading process of a program developed with libbpf.\relax }{figure.caption.28}{}}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\contentsline {table}{\numberline {2.14}{\ignorespaces Table showing BPF skeleton functions.\relax }}{25}{table.caption.29}\protected@file@percent }
\newlabel{table:libbpf_skel}{{2.14}{25}{Table showing BPF skeleton functions.\relax }{table.caption.29}{}}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {3}Analysis of offensive capabilities}{27}{chapter.3}\protected@file@percent }
Updating doc, adding makefile and preparing document
2022-04-27 21:56:37 -04:00
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
Continued with offensive capabilities, incorporated security features and started with tracing program features
2022-06-02 19:00:10 -04:00
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {3.1}Security features in eBPF}{27}{section.3.1}\protected@file@percent }
\abx@aux@cite{ubuntu_caps}
\abx@aux@segm{0}{0}{ubuntu_caps}
\abx@aux@cite{evil_ebpf_p9}
\abx@aux@segm{0}{0}{evil_ebpf_p9}
\abx@aux@cite{ebpf_caps_intro}
\abx@aux@segm{0}{0}{ebpf_caps_intro}
\abx@aux@cite{ebpf_caps_lwn}
\abx@aux@segm{0}{0}{ebpf_caps_lwn}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\contentsline {table}{\numberline {3.1}{\ignorespaces Kernel compilation flags for eBPF.\relax }}{28}{table.caption.30}\protected@file@percent }
\newlabel{table:ebpf_kernel_flags}{{3.1}{28}{Kernel compilation flags for eBPF.\relax }{table.caption.30}{}}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {3.1.1}Access control}{28}{subsection.3.1.1}\protected@file@percent }
\abx@aux@cite{unprivileged_ebpf}
\abx@aux@segm{0}{0}{unprivileged_ebpf}
\abx@aux@cite{cve_unpriv_ebpf}
\abx@aux@segm{0}{0}{cve_unpriv_ebpf}
\abx@aux@cite{unpriv_ebpf_ubuntu}
\abx@aux@segm{0}{0}{unpriv_ebpf_ubuntu}
\abx@aux@cite{unpriv_ebpf_suse}
\abx@aux@segm{0}{0}{unpriv_ebpf_suse}
\abx@aux@cite{unpriv_ebpf_redhat}
\abx@aux@segm{0}{0}{unpriv_ebpf_redhat}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\contentsline {table}{\numberline {3.2}{\ignorespaces Capabilities needed for eBPF.\relax }}{29}{table.caption.31}\protected@file@percent }
\newlabel{table:ebpf_caps_current}{{3.2}{29}{Capabilities needed for eBPF.\relax }{table.caption.31}{}}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\contentsline {table}{\numberline {3.3}{\ignorespaces Values for unprivileged eBPF kernel parameter.\relax }}{29}{table.caption.32}\protected@file@percent }
\newlabel{table:unpriv_ebpf_values}{{3.3}{29}{Values for unprivileged eBPF kernel parameter.\relax }{table.caption.32}{}}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {3.1.2}eBPF maps security}{30}{subsection.3.1.2}\protected@file@percent }
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {3.2}Abusing tracing programs}{30}{section.3.2}\protected@file@percent }
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {3.2.1}Access to function arguments}{30}{subsection.3.2.1}\protected@file@percent }
\abx@aux@cite{8664_params_abi}
\abx@aux@segm{0}{0}{8664_params_abi}
Continued with offensive tracing capabilities
2022-06-02 21:07:42 -04:00
\newlabel{code:format_kprobe}{{3.1}{31}{Probe function for a kprobe on the kernel function vfs\_write}{lstlisting.3.1}{}}
\@writefile{lol}{\defcounter {refsection}{0}\relax }\@writefile{lol}{\contentsline {lstlisting}{\numberline {3.1}Probe function for a kprobe on the kernel function vfs\_write.}{31}{lstlisting.3.1}\protected@file@percent }
Continued with offensive capabilities, incorporated security features and started with tracing program features
2022-06-02 19:00:10 -04:00
\newlabel{code:format_uprobe}{{3.2}{31}{Probe function for an uprobe, execute\_command is defined from user space}{lstlisting.3.2}{}}
\@writefile{lol}{\defcounter {refsection}{0}\relax }\@writefile{lol}{\contentsline {lstlisting}{\numberline {3.2}Probe function for an uprobe, execute\_command is defined from user space.}{31}{lstlisting.3.2}\protected@file@percent }
\newlabel{code:format_tracepoint}{{3.3}{31}{Probe function for a tracepoint on the start of the syscall sys\_read}{lstlisting.3.3}{}}
\@writefile{lol}{\defcounter {refsection}{0}\relax }\@writefile{lol}{\contentsline {lstlisting}{\numberline {3.3}Probe function for a tracepoint on the start of the syscall sys\_read.}{31}{lstlisting.3.3}\protected@file@percent }
\newlabel{code:format_ptregs}{{3.4}{31}{Format of struct pt\_regs}{lstlisting.3.4}{}}
\@writefile{lol}{\defcounter {refsection}{0}\relax }\@writefile{lol}{\contentsline {lstlisting}{\numberline {3.4}Format of struct pt\_regs.}{31}{lstlisting.3.4}\protected@file@percent }
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\contentsline {table}{\numberline {3.4}{\ignorespaces Argument passing convention of registers for function calls in user and kernel space respectively.\relax }}{32}{table.caption.33}\protected@file@percent }
\newlabel{table:systemv_abi}{{3.4}{32}{Argument passing convention of registers for function calls in user and kernel space respectively.\relax }{table.caption.33}{}}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\contentsline {table}{\numberline {3.5}{\ignorespaces Other relevant registers in x86\_64 and their purpose.\relax }}{32}{table.caption.34}\protected@file@percent }
\newlabel{table:systemv_abi_other}{{3.5}{32}{Other relevant registers in x86\_64 and their purpose.\relax }{table.caption.34}{}}
Continued with offensive tracing capabilities
2022-06-02 21:07:42 -04:00
\newlabel{code:sys_enter_read_tp}{{3.5}{32}{Format of custom struct sys\_read\_enter\_ctx}{lstlisting.3.5}{}}
\@writefile{lol}{\defcounter {refsection}{0}\relax }\@writefile{lol}{\contentsline {lstlisting}{\numberline {3.5}Format of custom struct sys\_read\_enter\_ctx.}{32}{lstlisting.3.5}\protected@file@percent }
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {3.2.2}Reading memory out of bounds}{33}{subsection.3.2.2}\protected@file@percent }
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {3.3}Memory corruption}{34}{section.3.3}\protected@file@percent }
\newlabel{section:mem_corruption}{{3.3}{34}{Memory corruption}{section.3.3}{}}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {3.3.1}Accessing user memory}{34}{subsection.3.3.1}\protected@file@percent }
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {4}Methods??}{35}{chapter.4}\protected@file@percent }
Updating doc, adding makefile and preparing document
2022-04-27 21:56:37 -04:00
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
Continued with offensive tracing capabilities
2022-06-02 21:07:42 -04:00
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {5}Results}{36}{chapter.5}\protected@file@percent }
Updating doc, adding makefile and preparing document
2022-04-27 21:56:37 -04:00
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
Continued with offensive tracing capabilities
2022-06-02 21:07:42 -04:00
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {6}Conclusion and future work}{37}{chapter.6}\protected@file@percent }
Finished SotA
2022-05-28 09:23:41 -04:00
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
Continued with offensive tracing capabilities
2022-06-02 21:07:42 -04:00
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{Bibliography}{38}{chapter.6}\protected@file@percent }
Continued with offensive capabilities, incorporated security features and started with tracing program features
2022-06-02 19:00:10 -04:00
\newlabel{annex:bpftool_flags_kernel}{{6}{}{Appendix A - Bpftool commands}{chapter*.36}{}}
\abx@aux@read@bbl@mdfivesum{F47E3F72E57DA91BA8A2EEF65A74B9DA}
Added partial motivation section
2022-05-20 21:20:24 -04:00
\abx@aux@refcontextdefaultsdone
\abx@aux@defaultrefcontext{0}{ransomware_pwc}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{rootkit_ptsecurity}{none/global//global/global}
Completed motivation
2022-05-20 22:58:33 -04:00
\abx@aux@defaultrefcontext{0}{ebpf_linux318}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{bvp47_report}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{bpfdoor_pwc}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{ebpf_windows}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{ebpf_android}{none/global//global/global}
Went on with the objectives section
2022-05-21 16:56:05 -04:00
\abx@aux@defaultrefcontext{0}{evil_ebpf}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{bad_ebpf}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{ebpf_friends}{none/global//global/global}
Continued with classic bpf explanations
2022-05-22 19:57:47 -04:00
\abx@aux@defaultrefcontext{0}{ebpf_io}{none/global//global/global}
Continued with the state of the art section
2022-05-22 08:19:32 -04:00
\abx@aux@defaultrefcontext{0}{bpf_bsd_origin}{none/global//global/global}
Continued with ebpf history
2022-05-22 10:04:16 -04:00
\abx@aux@defaultrefcontext{0}{ebpf_history_opensource}{none/global//global/global}
Continued with classic bpf explanations
2022-05-22 19:57:47 -04:00
\abx@aux@defaultrefcontext{0}{bpf_bsd_origin_bpf_page1}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{index_register}{none/global//global/global}
ALmost completed cbpf explantion
2022-05-23 06:17:21 -04:00
\abx@aux@defaultrefcontext{0}{bpf_bsd_origin_bpf_page5}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{bpf_organicprogrammer_analysis}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{bpf_bsd_origin_bpf_page7}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{bpf_bsd_origin_bpf_page8}{none/global//global/global}
Fixed some diagrams
2022-05-23 08:47:39 -04:00
\abx@aux@defaultrefcontext{0}{tcpdump_page}{none/global//global/global}
Elaborated on ebpf architecture. Incoming explanation of JIT compiling
2022-05-24 20:53:00 -04:00
\abx@aux@defaultrefcontext{0}{ebpf_funcs_by_ver}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{brendan_gregg_bpf_book}{none/global//global/global}
Continued with architecture, finished JIT, remodelled the second section of sSOTA
2022-05-25 22:00:28 -04:00
\abx@aux@defaultrefcontext{0}{ebpf_io_arch}{none/global//global/global}
Elaborated on ebpf architecture. Incoming explanation of JIT compiling
2022-05-24 20:53:00 -04:00
\abx@aux@defaultrefcontext{0}{ebpf_inst_set}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{8664_inst_set_specs}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{ebpf_starovo_slides}{none/global//global/global}
Continued with architecture, finished JIT, remodelled the second section of sSOTA
2022-05-25 22:00:28 -04:00
\abx@aux@defaultrefcontext{0}{ebpf_JIT}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{ebpf_JIT_demystify_page13}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{ebpf_JIT_demystify_page14}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{jit_enable_setting}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{ebpf_starovo_slides_page23}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{brendan_gregg_bpf_book_bpf_vm}{none/global//global/global}
Completed ebpf verifier
2022-05-26 08:39:45 -04:00
\abx@aux@defaultrefcontext{0}{ebpf_verifier_kerneldocs}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{ebpf_JIT_demystify_page17-22}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{ebpf_bounded_loops}{none/global//global/global}
Finished core eBPF section
2022-05-26 15:21:00 -04:00
\abx@aux@defaultrefcontext{0}{ebpf_maps_kernel}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{bpf_syscall}{none/global//global/global}
Continued with eBPF program types
2022-05-26 21:47:28 -04:00
\abx@aux@defaultrefcontext{0}{ebpf_helpers}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{xdp_gentle_intro}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{xdp_manual}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{tc_differences}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{tc_docs_complete}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{tc_direct_action}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{tc_ret_list_complete}{none/global//global/global}
Almost finished with SotA section. libbpf remains too get llvm and some functionality explained.
2022-05-27 20:56:36 -04:00
\abx@aux@defaultrefcontext{0}{tp_kernel}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{kprobe_manual}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{kallsyms_kernel}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{bcc_github}{none/global//global/global}
Finished SotA
2022-05-28 09:23:41 -04:00
\abx@aux@defaultrefcontext{0}{libbpf_github}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{libbpf_upstream}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{libbpf_core}{none/global//global/global}
Continued with offensive capabilities, incorporated security features and started with tracing program features
2022-06-02 19:00:10 -04:00
\abx@aux@defaultrefcontext{0}{ubuntu_caps}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{evil_ebpf_p9}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{ebpf_caps_intro}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{ebpf_caps_lwn}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{unprivileged_ebpf}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{cve_unpriv_ebpf}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{unpriv_ebpf_ubuntu}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{unpriv_ebpf_suse}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{unpriv_ebpf_redhat}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{8664_params_abi}{none/global//global/global}
Updating doc, adding makefile and preparing document
2022-04-27 21:56:37 -04:00
\ttl@finishall
Continued with offensive tracing capabilities
2022-06-02 21:07:42 -04:00
\gdef \@abspage@last{60}
Reference in New Issue Copy Permalink