Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore Meta's innovative approach to mandatory access control through this 32-minute conference talk from the Linux Plumbers Conference. Learn how BpfJailer leverages eBPF technology to address critical security challenges in AI workloads and user data protection at Meta scale. Discover the implementation of eBPF-based LSM (Linux Security Module) for jailing untrusted code execution in AI training and prompt processing environments, where microVMs operate within Meta's flat network architecture alongside sensitive workloads. Examine the sophisticated security mechanisms used to protect user data in Meta Private Processing through Confidential Virtual Machines (CVMs), including enforcement of signed binaries, command line argument validation, and prevention of tampering by root users through blocking debuggers and /proc access. Delve into the technical challenges of implementing jailing techniques with bpf LSM, protecting bpf LSM programs and agents from tampering, implementing binary and integrity checks, managing bpf LSM agents at scale, and integrating bpf-based enforcement into containerized workloads. Gain insights into both solved implementations and ongoing challenges in the eBPF security space from Meta's real-world deployment experience.
![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=40,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
