Due to the security features that Linux offers, like booting directly into a readonly filesystem, making filesystems readonly at runtime for apps and containers, some attacks have been using what is known as "fileless binary execution" to avoid such protections, and gain the ability to execute binaries …
At the eBPF Summit 2021, I gave a talk about how to take advantage of eBPF to try to bridge some cloud and IoT security features.
My Talk can be found here: BPF to bridge Cloud and IoT Linux Security on youtube
All eBPF Summit 2021 here: eBPF Summit 2021 Youtube Channel
The Userspace Linux Conference All Systems Go! 2017 videos and talks are now available online.
My talk "Modern Deployment for Embedded Linux and IoT" is available here:
Video - Slides
All video talks are here
TL;DR: In Linux kernel and as part of the Kernel Self Protection Project we are pushing for new lightweight security mechanisms. On top of that, in systemd we are implementing new lightweight container mechanisms that target Embedded Linux and IoT. Our goal is to make it easy to deploy Secure Embedded Linux and IoT …