docs/document.out

\BOOKMARK [0][-]{chapter.1}{Introduction}{}% 1
\BOOKMARK [1][-]{section.1.1}{Motivation}{chapter.1}% 2
\BOOKMARK [1][-]{section.1.2}{Project\040objectives}{chapter.1}% 3
\BOOKMARK [1][-]{section.1.3}{Regulatory\040framework}{chapter.1}% 4
\BOOKMARK [2][-]{subsection.1.3.1}{Social\040and\040economic\040environment}{section.1.3}% 5
\BOOKMARK [2][-]{subsection.1.3.2}{Budget}{section.1.3}% 6
\BOOKMARK [1][-]{section.1.4}{Structure\040of\040the\040document}{chapter.1}% 7
\BOOKMARK [0][-]{chapter.2}{State\040of\040the\040art}{}% 8
\BOOKMARK [1][-]{section.2.1}{eBPF\040history\040-\040Classic\040BPF}{chapter.2}% 9
\BOOKMARK [2][-]{subsection.2.1.1}{Introduction\040to\040the\040BPF\040system}{section.2.1}% 10
\BOOKMARK [2][-]{subsection.2.1.2}{The\040BPF\040virtual\040machine}{section.2.1}% 11
\BOOKMARK [2][-]{subsection.2.1.3}{Analysis\040of\040a\040BPF\040filter\040program}{section.2.1}% 12
\BOOKMARK [2][-]{subsection.2.1.4}{BPF\040bytecode\040instruction\040format}{section.2.1}% 13
\BOOKMARK [2][-]{subsection.2.1.5}{An\040example\040of\040BPF\040filter\040with\040tcpdump}{section.2.1}% 14
\BOOKMARK [1][-]{section.2.2}{Analysis\040of\040modern\040eBPF}{chapter.2}% 15
\BOOKMARK [2][-]{subsection.2.2.1}{eBPF\040instruction\040set}{section.2.2}% 16
\BOOKMARK [2][-]{subsection.2.2.2}{JIT\040compilation}{section.2.2}% 17
\BOOKMARK [2][-]{subsection.2.2.3}{The\040eBPF\040verifier}{section.2.2}% 18
\BOOKMARK [2][-]{subsection.2.2.4}{eBPF\040maps}{section.2.2}% 19
\BOOKMARK [2][-]{subsection.2.2.5}{The\040eBPF\040ring\040buffer}{section.2.2}% 20
\BOOKMARK [2][-]{subsection.2.2.6}{The\040bpf\(\)\040syscall}{section.2.2}% 21
\BOOKMARK [2][-]{subsection.2.2.7}{eBPF\040helpers}{section.2.2}% 22
\BOOKMARK [1][-]{section.2.3}{eBPF\040program\040types}{chapter.2}% 23
\BOOKMARK [2][-]{subsection.2.3.1}{XDP}{section.2.3}% 24
\BOOKMARK [2][-]{subsection.2.3.2}{Traffic\040Control}{section.2.3}% 25
\BOOKMARK [2][-]{subsection.2.3.3}{Tracepoints}{section.2.3}% 26
\BOOKMARK [2][-]{subsection.2.3.4}{Kprobes}{section.2.3}% 27
\BOOKMARK [2][-]{subsection.2.3.5}{Uprobes}{section.2.3}% 28
\BOOKMARK [1][-]{section.2.4}{Developing\040eBPF\040programs}{chapter.2}% 29
\BOOKMARK [2][-]{subsection.2.4.1}{BCC}{section.2.4}% 30
\BOOKMARK [2][-]{subsection.2.4.2}{Bpftool}{section.2.4}% 31
\BOOKMARK [2][-]{subsection.2.4.3}{Libbpf}{section.2.4}% 32
\BOOKMARK [0][-]{chapter.3}{Analysis\040of\040offensive\040capabilities}{}% 33
\BOOKMARK [1][-]{section.3.1}{Security\040features\040in\040eBPF}{chapter.3}% 34
\BOOKMARK [2][-]{subsection.3.1.1}{Access\040control}{section.3.1}% 35
\BOOKMARK [2][-]{subsection.3.1.2}{eBPF\040maps\040security}{section.3.1}% 36
\BOOKMARK [1][-]{section.3.2}{Abusing\040tracing\040programs}{chapter.3}% 37
\BOOKMARK [2][-]{subsection.3.2.1}{Access\040to\040function\040arguments}{section.3.2}% 38
\BOOKMARK [2][-]{subsection.3.2.2}{Reading\040memory\040out\040of\040bounds}{section.3.2}% 39
\BOOKMARK [2][-]{subsection.3.2.3}{Overriding\040function\040return\040values}{section.3.2}% 40
\BOOKMARK [2][-]{subsection.3.2.4}{Sending\040signals\040to\040user\040programs}{section.3.2}% 41
\BOOKMARK [2][-]{subsection.3.2.5}{Conclusion}{section.3.2}% 42
\BOOKMARK [1][-]{section.3.3}{Memory\040corruption}{chapter.3}% 43
\BOOKMARK [2][-]{subsection.3.3.1}{Accessing\040user\040memory}{section.3.3}% 44
\BOOKMARK [0][-]{chapter.4}{Methods??}{}% 45
\BOOKMARK [0][-]{chapter.5}{Results}{}% 46
\BOOKMARK [0][-]{chapter.6}{Conclusion\040and\040future\040work}{}% 47
\BOOKMARK [0][-]{chapter.6}{Bibliography}{}% 48
Updating doc, adding makefile and preparing document 2022-04-27 21:56:37 -04:00			`\BOOKMARK [0][-]{chapter.1}{Introduction}{}% 1`
			`\BOOKMARK [1][-]{section.1.1}{Motivation}{chapter.1}% 2`
Went on with the objectives section 2022-05-21 16:56:05 -04:00			`\BOOKMARK [1][-]{section.1.2}{Project\040objectives}{chapter.1}% 3`
Updating doc, adding makefile and preparing document 2022-04-27 21:56:37 -04:00			`\BOOKMARK [1][-]{section.1.3}{Regulatory\040framework}{chapter.1}% 4`
			`\BOOKMARK [2][-]{subsection.1.3.1}{Social\040and\040economic\040environment}{section.1.3}% 5`
			`\BOOKMARK [2][-]{subsection.1.3.2}{Budget}{section.1.3}% 6`
Continued with the state of the art section 2022-05-22 08:19:32 -04:00			`\BOOKMARK [1][-]{section.1.4}{Structure\040of\040the\040document}{chapter.1}% 7`
Included some comments on next work 2022-05-21 20:56:00 -04:00			`\BOOKMARK [0][-]{chapter.2}{State\040of\040the\040art}{}% 8`
Completed bpf in the history section 2022-05-23 07:08:46 -04:00			`\BOOKMARK [1][-]{section.2.1}{eBPF\040history\040-\040Classic\040BPF}{chapter.2}% 9`
			`\BOOKMARK [2][-]{subsection.2.1.1}{Introduction\040to\040the\040BPF\040system}{section.2.1}% 10`
			`\BOOKMARK [2][-]{subsection.2.1.2}{The\040BPF\040virtual\040machine}{section.2.1}% 11`
			`\BOOKMARK [2][-]{subsection.2.1.3}{Analysis\040of\040a\040BPF\040filter\040program}{section.2.1}% 12`
			`\BOOKMARK [2][-]{subsection.2.1.4}{BPF\040bytecode\040instruction\040format}{section.2.1}% 13`
Finished core eBPF section 2022-05-26 15:21:00 -04:00			`\BOOKMARK [2][-]{subsection.2.1.5}{An\040example\040of\040BPF\040filter\040with\040tcpdump}{section.2.1}% 14`
Fixed some diagrams 2022-05-23 08:47:39 -04:00			`\BOOKMARK [1][-]{section.2.2}{Analysis\040of\040modern\040eBPF}{chapter.2}% 15`
Continued with architecture, finished JIT, remodelled the second section of sSOTA 2022-05-25 22:00:28 -04:00			`\BOOKMARK [2][-]{subsection.2.2.1}{eBPF\040instruction\040set}{section.2.2}% 16`
Elaborated on ebpf architecture. Incoming explanation of JIT compiling 2022-05-24 20:53:00 -04:00			`\BOOKMARK [2][-]{subsection.2.2.2}{JIT\040compilation}{section.2.2}% 17`
Completed ebpf verifier 2022-05-26 08:39:45 -04:00			`\BOOKMARK [2][-]{subsection.2.2.3}{The\040eBPF\040verifier}{section.2.2}% 18`
Finished core eBPF section 2022-05-26 15:21:00 -04:00			`\BOOKMARK [2][-]{subsection.2.2.4}{eBPF\040maps}{section.2.2}% 19`
			`\BOOKMARK [2][-]{subsection.2.2.5}{The\040eBPF\040ring\040buffer}{section.2.2}% 20`
			`\BOOKMARK [2][-]{subsection.2.2.6}{The\040bpf\(\)\040syscall}{section.2.2}% 21`
			`\BOOKMARK [2][-]{subsection.2.2.7}{eBPF\040helpers}{section.2.2}% 22`
Continued with eBPF program types 2022-05-26 21:47:28 -04:00			`\BOOKMARK [1][-]{section.2.3}{eBPF\040program\040types}{chapter.2}% 23`
			`\BOOKMARK [2][-]{subsection.2.3.1}{XDP}{section.2.3}% 24`
			`\BOOKMARK [2][-]{subsection.2.3.2}{Traffic\040Control}{section.2.3}% 25`
Almost finished with SotA section. libbpf remains too get llvm and some functionality explained. 2022-05-27 20:56:36 -04:00			`\BOOKMARK [2][-]{subsection.2.3.3}{Tracepoints}{section.2.3}% 26`
			`\BOOKMARK [2][-]{subsection.2.3.4}{Kprobes}{section.2.3}% 27`
			`\BOOKMARK [2][-]{subsection.2.3.5}{Uprobes}{section.2.3}% 28`
			`\BOOKMARK [1][-]{section.2.4}{Developing\040eBPF\040programs}{chapter.2}% 29`
			`\BOOKMARK [2][-]{subsection.2.4.1}{BCC}{section.2.4}% 30`
			`\BOOKMARK [2][-]{subsection.2.4.2}{Bpftool}{section.2.4}% 31`
			`\BOOKMARK [2][-]{subsection.2.4.3}{Libbpf}{section.2.4}% 32`
Finished SotA 2022-05-28 09:23:41 -04:00			`\BOOKMARK [0][-]{chapter.3}{Analysis\040of\040offensive\040capabilities}{}% 33`
Continued with offensive capabilities, incorporated security features and started with tracing program features 2022-06-02 19:00:10 -04:00			`\BOOKMARK [1][-]{section.3.1}{Security\040features\040in\040eBPF}{chapter.3}% 34`
			`\BOOKMARK [2][-]{subsection.3.1.1}{Access\040control}{section.3.1}% 35`
			`\BOOKMARK [2][-]{subsection.3.1.2}{eBPF\040maps\040security}{section.3.1}% 36`
			`\BOOKMARK [1][-]{section.3.2}{Abusing\040tracing\040programs}{chapter.3}% 37`
			`\BOOKMARK [2][-]{subsection.3.2.1}{Access\040to\040function\040arguments}{section.3.2}% 38`
Continued with offensive tracing capabilities 2022-06-02 21:07:42 -04:00			`\BOOKMARK [2][-]{subsection.3.2.2}{Reading\040memory\040out\040of\040bounds}{section.3.2}% 39`
Finished tracing programs part 2022-06-03 21:47:00 -04:00			`\BOOKMARK [2][-]{subsection.3.2.3}{Overriding\040function\040return\040values}{section.3.2}% 40`
			`\BOOKMARK [2][-]{subsection.3.2.4}{Sending\040signals\040to\040user\040programs}{section.3.2}% 41`
			`\BOOKMARK [2][-]{subsection.3.2.5}{Conclusion}{section.3.2}% 42`
			`\BOOKMARK [1][-]{section.3.3}{Memory\040corruption}{chapter.3}% 43`
			`\BOOKMARK [2][-]{subsection.3.3.1}{Accessing\040user\040memory}{section.3.3}% 44`
			`\BOOKMARK [0][-]{chapter.4}{Methods??}{}% 45`
			`\BOOKMARK [0][-]{chapter.5}{Results}{}% 46`
			`\BOOKMARK [0][-]{chapter.6}{Conclusion\040and\040future\040work}{}% 47`
			`\BOOKMARK [0][-]{chapter.6}{Bibliography}{}% 48`