Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a conference talk demonstrating Meta's kernel-first security approach that eliminates telemetry noise at the source through eBPF-powered filtering and dynamic process sandboxing. Learn how to compile regex patterns into deterministic finite automata (DFAs) for in-kernel execution at Linux Security Module (LSM) and fentry attach points, enabling "no-emit" security that prevents irrelevant events from ever reaching user space. Discover the BpfJailer enforcement framework for dynamically sandboxing processes, including AI agents, through certificate lockdown, executable constraints, and privilege boundary enforcement. Examine DNS-aware enforcement techniques using in-kernel DNS inspection and network hooks to constrain name resolution, detect suspicious domains, and prevent unauthorized egress in agentic workflows. Follow the complete engineering pipeline from regex to AST to DFA compilation for kernel-friendly execution, including layered filtering, dynamic configuration, and MetArmor's orchestration system with BpfHandler, map updaters, and event buffers for fleet-scale deployments. Understand response mechanisms including file and process quarantine, targeted network blocks, and isolation controls across developer workstations, containerized batch jobs, and CI environments. Review operational challenges and solutions around verifier limits, DFA memory optimization, path normalization across filesystems, uniform filtering semantics, false positive management, and standardizing kernel-first controls for AI agent security.
