Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a comprehensive conference talk presenting ePass, a novel framework designed to overcome the limitations of eBPF's static verifier while enhancing both flexibility and runtime safety of eBPF programs. Learn how the current eBPF static verifier's overly restrictive nature prevents many useful and valid programs from running in practice, and discover how it can miss safety violations under complex conditions. Understand the systematic approach ePass takes through verifier-cooperative runtime checking, featuring a novel Intermediate Representation (IR) that lifts eBPF bytecode into Static Single Assignment (SSA) form for systematic instrumentation of runtime checks. Examine the intuitive APIs that enable developers to easily implement diverse transformation passes while preserving existing safety rules and enhancing runtime safety. Discover the practical applications through 12 developed passes that address various verifier limitations and safety gaps, including instruction limit enforcement, memory sanitization, and helper function argument validation, most requiring under 100 lines of code. Review evaluation results demonstrating how ePass enables previously rejected real-world programs to execute safely, mitigates known vulnerabilities, and maintains low overhead performance, with the complete open-source toolchain available for implementation.
