EBPF-BASED HOT PATCH ENGINE DEVICE FOR PROTECTING KERNEL VULNERABILITIES, SYSTEM AND METHOD INCLUDING THE SAME

EBPF-BASED HOT PATCH ENGINE DEVICE FOR PROTECTING KERNEL VULNERABILITIES, SYSTEM AND METHOD INCLUDING THE SAME

Provided is an eBPF-based hot patch engine device for protecting kernel vulnerabilities. The eBPF-based hot patch engine device comprises a container-aware code generating unit for generating a container-aware code for identifying a target container, to which a hot patch is attached; and a hot patch...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: GWAK, Songi, DOAN, Thien-Phuc, JUNG, Souhwan
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Provided is an eBPF-based hot patch engine device for protecting kernel vulnerabilities. The eBPF-based hot patch engine device comprises a container-aware code generating unit for generating a container-aware code for identifying a target container, to which a hot patch is attached; and a hot patch configuring unit for configuring an eBPF-based hot patch code for attaching a hot patch to the target container based on the container-aware code. Accordingly, it is possible to prevent attacks based on CVEs, which are known vulnerabilities for container systems, by hot patching kernel-related CVEs at runtime without rebooting and freezing.