The extended Berkeley Packet Filter (eBPF) provides powerful and flexible kernel interfaces
to extend the kernel functions for user space programs via running bytecode directly in the …

The emergence of verified eBPF bytecode is ushering in a new era of safe kernel
extensions. In this paper, we argue that eBPF's verifier---the source of its safety guarantees …

This paper introduces state embedding, a novel and highly effective technique for validating
the correctness of the eBPF verifier, a critical component for Linux kernel security. To check …

This paper proposes an automated method to check the correctness of range analysis used
in the Linux kernel's eBPF verifier. We provide the specification of soundness for range …

This paper examines the security of eBPF and WebAssembly (Wasm), two technologies that
have gained widespread adoption in recent years, despite being designed for very different …

Rewriting and static analyses are mutually beneficial techniques: program transformations
change the intensional aspects of the program, and can thus improve analysis precision …

The eBPF framework enables execution of user-provided code in the Linux kernel. In the last
few years, a large ecosystem of cloud services has leveraged eBPF to enhance container …

Extended Berkeley Packet Filter (eBPF) is a runtime that enables users to load programs
into the operating system (OS) kernel, like Linux or Windows, and execute them safely and …

eBPF is a revolutionary technology that can run sandboxed programs in a privileged context
and has an extensive range of applications, such as network monitoring on Linux kernel …

The Linux kernel makes considerable use of Berkeley Packet Filter (BPF) to allow user-
written BPF applications to execute in the kernel space. BPF employs a verifier to statically …