September 13-16, 2022
Dublin, Ireland + Virtual
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit Europe 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Irish Standard Time (UTC +1). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Back To Schedule
Friday, September 16 • 10:50 - 11:30
Implementing Container Privilege Escalation Detection using eBPF for Cloud Native Security - Inhyeok Jang & Sungjin Kim, The Affiliated Institute of ETRI

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
In a container environment based on a shared kernel, privilege escalation due to vulnerabilities and misconfigurations is one of the most critical security issues. Many existing studies detect and defend against privilege escalation by observing sensitive kernel data. However, these methods are difficult to apply to the operating cloud environment because most require modifying the kernel code or inserting a kernel module. In this talk, Inhyeok Jang and Sungjin Kim address how to utilize eBPF, a built-in kernel superpower, to respond to privilege escalation. In particular, they show the implementation results in various forms such as off-the-shelf open-source eBPF based tools, bpftrace, BCC, and BPF-CORE. In addition, they explore a practical way to use it in a cloud native environment by adding privilege escalation detection capability to an open-source Kubernetes monitoring tool. Hopefully, this talk will allow listeners to learn how to use eBPF for container security in a real-world setting and will be helpful to developers and administrators interested in extending security visibility into Linux systems in operation and defending containers.


Inhyeok Jang

Senior Researcher, The Affiliated Institute of ETRI
Inhyeok Jang is a senior security researcher at the Affiliated Institute of Electronics and Telecommunications Research Institute. He has a particular interest in container runtime security, currently focusing on kernel instrumentation using eBPF.

Sungjin Kim

Senior Researcher, The Affiliated Institute of ETRI
Sungjin Kim is a senior researcher at the Affiliated Institute of Electronics and Telecommunications Research Institute. He is interested in cloud computing security and has been a presenter at several conferences, including the IEEE International Conference on Cloud Computing 2021... Read More →

Friday September 16, 2022 10:50 - 11:30 IST
Wicklow Hall 1 (Level 2)
  ContainerCon, Security/Authentication