SlideShare a Scribd company logo
In-kernel Analytics and
Tracing with eBPF for
OpenStack Clouds
October 2016
Brenden Blanco
PLUMgrid
Ali Khayam
PLUMgrid
Thank You to Sponsoring Members
2
IO Visor Project, What is in it?
• A set of development tools, IO Visor Dev
Tools
• A set of IO Visor Tools for management
and operations of the IO Visor Engine
• A set of Applications, Tools and open IO
Modules build on top of the IO Visor
framework
• A set of possible use cases & applications
like Networking, Security, Tracing &
others
3
The promise of Microservices: Better cloud app lifecycle
…… but what about security?
4
Shared kernel Larger attack surface?
Self service Developer = Security Expert?
Shared Infrastructure Insider threats?
Fast Development & Iteration Compromised zero trust?
Where should microservices security be implemented?
All layers…. but from the app cloud provider’s perspective:
best to trust what you build/operate/control
=> “Security-as-a-Service” in the cloud
infrastructure
Infrastructure
Operator
Application
Developer
An ideal Security-as-a-Service offering
Transparent: Application shouldn’t be aware of this layer
No new software installation/configuration
Generically applicable: Should be able to characterize microservice
security profiles for diverse applications, without having visibility into
service behavior
Efficient: No compromises on performance or scalability
What features can characterize a Microservice Security
Profile?
API
API call, payload len
Traffic
bytes tx/rx, packets rx/rx
Disk I/O
Disk I/O rx/tx
Tenants
# of active tenants
…. how to get these features without
compromising transparency and
efficiency
How to extract features for Microservice Security Profiles?
Objectives: Transparency, Seamlessness,
Efficiency
IO Visor instrumented infra to extract
features for service security profiles:
▪ already present in Linux kernels
▪ capture API calls and resource usage
▪ system-call level insight
▪ real-time monitoring
▪ without efficiency degradation
8
Automation
Developers
IOVisor framework
Advanced Monitoring
Security
Automation / Operations
Machine Learning
Infrastructure
Monitor
Ops/Automation
Maintain
Plugging features into an ML model to learn Microservice
security profiles
9
ComputeNode
UserSpaceKernelSpace
API / Traffic Data Disk/Memory Data
Microservice Collector
Machine
Learning
API Traffic
(Ingress / Egress)
Microservice
Security Profiles
IO Visor Code Snippet (Userspace)
IO Visor Code Snippet (Kernel)
www.iovisor.org
Preliminary Evaluation
1) OpenStack Controller Services as
Microservices
12
OpenStack Controller Services as Microservices
IO Visor instrumentation is used to build security profiles of all controller services
nova, neutron, keystone, cinder, etc.
API calls learned as they arrive on the services’ veth interface
no pre-training of API calls
IO Visor hooks to monitor vfs_{read/write} accesses from each service
separated based on PIDs for each container
ML algorithm builds security profiles based on initial (training) data
then security profile deviations are used for attack detection on run-time data
Attack: Bruteforce password cracking on keystone
Lots of Background (benign) Traffic:
Continuous CRUD APIs from a real-world app cloud use case
All API calls (incl. service-to-service) must get auth_token from keystone
first
Attack Traffic:
2-4 password attempts per second
Attack continued for a sustained period of time
Results of brute-force password attack on keystone
Attack Detection Rate False Positive Rate
97% 0%
• Results obtained from an ROC curve by tuning the detection threshold
• API and Traffic features are the main contributors to these results
Preliminary Evaluation
2) Database container using MySQL
16
MySQL Microservice instrumentation
MySQL Docker image (MySQL version 5.7, docker 1.12 )
SQL queries (TCP packets) intercepted by IOVisor hooks on veth pairs
handshakes, teardown and acks ignored
IOVisor hooks for vfs_{read/write} for queries into a large DB (180Mb)
separated on PID and TID for docker
17
Attack: First order SQL injection
Benign traffic consisted of
Simulated SQL queries
Generated randomly and continuously
Attack results in extracting large segments of the DB
Segment size varying
In parallel to benign traffic on the microservice
18
Results of brute-force password attack on keystone
Attack Detection Rate False Positive Rate
93.5% 3.5%
• Results obtained from an ROC curve by tuning the detection threshold
• Correlating Traffic and disk access was essential for detection
Dashboard
Conclusion:
Meeting the requirements of an ideal Security-as-a-
Service offering
21
Transparency
Application shouldn’t be aware of this layer
IO Visor works on eBPF constructs that are present in >4.x upstream kernels
IO Visor instrumentation runs in kernel and is not visible to the developer
The only non-standard dependency is github.com/iovisor/bcc python library
Generic Applicability
Should be able to characterize microservice security profiles for diverse applications,
without having visibility into service behavior
Trained/Tested on SQL
Trained/Tested on OpenStack services
Future Work:
Train/Test for DNS attacks
Train/Test for ransomware attacks
Efficiency
No compromises on performance or scalability
eBPF counting is done inside the kernel with little or no overhead
Main overhead is kernel to userspace interaction
Data polled by userspace every 1 minute
All data structures are reset after polling; data cannot grow
indefinitely
Data is exported by the userspace application to a collector node
Machine learning and classification is applied on the collector node
i.e. no impact to performance on computes
Efficiency
No compromises on performance or scalability
Data structures have low overhead:
vfs_read (BFP_HASH):
size at time ti = Ni x 3, where:
Ni = # of read process at ti
the map has: {key: pid, value1: # of reads, value2: aggregate size of all reads
vfs_write (BFP_HASH): has the the same structure as vfs_read
traffic (BFP_HASH):
size at time ti = Fi x 7, where:
Fi = # of active TCP flows at ti
the map’s key is a 5-tuple flow id, and values are the same as vfs_{read/write}
http_traffic (BPF_HISTOGRAM):
size at time ti = Si x LSi x 7, where:
key is a 5-tuple flow id of http packets
Si = # of active HTTP session at ti
LSi = # of HTTP packets with unique lengths received on session Si
How to Contribute
github.com/akhayam/conmon (this presentation)
www.iovisor.org
github.com/iovisor
#iovisor at irc.oftc.net
lists.iovisor.org/mailman/listinfo/iovisor-dev
26
Questions?

More Related Content

What's hot

SDN Scale-out Testing at OpenStack Innovation Center (OSIC)
SDN Scale-out Testing at OpenStack Innovation Center (OSIC)SDN Scale-out Testing at OpenStack Innovation Center (OSIC)
SDN Scale-out Testing at OpenStack Innovation Center (OSIC)
PLUMgrid
 
Crossing the river by feeling the stones from legacy to cloud native applica...
Crossing the river by feeling the stones  from legacy to cloud native applica...Crossing the river by feeling the stones  from legacy to cloud native applica...
Crossing the river by feeling the stones from legacy to cloud native applica...
OPNFV
 
Intel® RDT Hands-on Lab
Intel® RDT Hands-on LabIntel® RDT Hands-on Lab
Intel® RDT Hands-on Lab
Michelle Holley
 
DPDK IPSec performance benchmark ~ Georgii Tkachuk
DPDK IPSec performance benchmark ~ Georgii TkachukDPDK IPSec performance benchmark ~ Georgii Tkachuk
DPDK IPSec performance benchmark ~ Georgii Tkachuk
Intel
 
Opensource approach to design and deployment of Microservices based VNF
Opensource approach to design and deployment of Microservices based VNFOpensource approach to design and deployment of Microservices based VNF
Opensource approach to design and deployment of Microservices based VNF
Michelle Holley
 
OpenStack & OpenContrail in Production
OpenStack & OpenContrail in ProductionOpenStack & OpenContrail in Production
OpenStack & OpenContrail in Production
Edgar Magana
 
LF_DPDK17_Abstract APIs for DPDK and ODP
LF_DPDK17_Abstract APIs for DPDK and ODPLF_DPDK17_Abstract APIs for DPDK and ODP
LF_DPDK17_Abstract APIs for DPDK and ODP
LF_DPDK
 
Platform Independent Packet Processing with ODL
Platform Independent Packet Processing with ODLPlatform Independent Packet Processing with ODL
Platform Independent Packet Processing with ODL
OPNFV
 
Deployment of Juniper Contrail in AVG Technologies
Deployment of Juniper Contrail in AVG TechnologiesDeployment of Juniper Contrail in AVG Technologies
Deployment of Juniper Contrail in AVG Technologies
MarketingArrowECS_CZ
 
Summit 16: Service Function Chaining: Demo and Usage
Summit 16: Service Function Chaining: Demo and UsageSummit 16: Service Function Chaining: Demo and Usage
Summit 16: Service Function Chaining: Demo and Usage
OPNFV
 
NFV & Openstack
NFV & OpenstackNFV & Openstack
NFV & Openstack
Marie-Paule Odini
 
Delivering Composable NFV Services for Business, Residential and Mobile Edge
Delivering Composable NFV Services for Business, Residential and Mobile EdgeDelivering Composable NFV Services for Business, Residential and Mobile Edge
Delivering Composable NFV Services for Business, Residential and Mobile Edge
PLUMgrid
 
Summit 16: Deploying Virtualized Mobile Infrastructures on Openstack
Summit 16: Deploying Virtualized Mobile Infrastructures on OpenstackSummit 16: Deploying Virtualized Mobile Infrastructures on Openstack
Summit 16: Deploying Virtualized Mobile Infrastructures on Openstack
OPNFV
 
Summit 16: OPNFV on ARM - Hardware Freedom of Choice Has Arrived!
Summit 16: OPNFV on ARM - Hardware Freedom of Choice Has Arrived!Summit 16: OPNFV on ARM - Hardware Freedom of Choice Has Arrived!
Summit 16: OPNFV on ARM - Hardware Freedom of Choice Has Arrived!
OPNFV
 
Scaling the Container Dataplane
Scaling the Container Dataplane Scaling the Container Dataplane
Scaling the Container Dataplane
Michelle Holley
 
OpenContrail SDN for Kubernetes
OpenContrail SDN for KubernetesOpenContrail SDN for Kubernetes
OpenContrail SDN for Kubernetes
Michelle Holley
 
Dpdk Validation - Liu, Yong
Dpdk Validation - Liu, YongDpdk Validation - Liu, Yong
Dpdk Validation - Liu, Yong
harryvanhaaren
 
Naveen nimmu sdn future of networking
Naveen nimmu sdn   future of networkingNaveen nimmu sdn   future of networking
Naveen nimmu sdn future of networkingsuniltomar04
 
如何用k8s打造國產5G NFV平臺? 剖析經濟部5G核網技術的關鍵
如何用k8s打造國產5G NFV平臺?剖析經濟部5G核網技術的關鍵如何用k8s打造國產5G NFV平臺?剖析經濟部5G核網技術的關鍵
如何用k8s打造國產5G NFV平臺? 剖析經濟部5G核網技術的關鍵
Jace Liang
 
OPNFV: Road to Next-Generation Network
OPNFV: Road to Next-Generation NetworkOPNFV: Road to Next-Generation Network
OPNFV: Road to Next-Generation Network
OPNFV
 

What's hot (20)

SDN Scale-out Testing at OpenStack Innovation Center (OSIC)
SDN Scale-out Testing at OpenStack Innovation Center (OSIC)SDN Scale-out Testing at OpenStack Innovation Center (OSIC)
SDN Scale-out Testing at OpenStack Innovation Center (OSIC)
 
Crossing the river by feeling the stones from legacy to cloud native applica...
Crossing the river by feeling the stones  from legacy to cloud native applica...Crossing the river by feeling the stones  from legacy to cloud native applica...
Crossing the river by feeling the stones from legacy to cloud native applica...
 
Intel® RDT Hands-on Lab
Intel® RDT Hands-on LabIntel® RDT Hands-on Lab
Intel® RDT Hands-on Lab
 
DPDK IPSec performance benchmark ~ Georgii Tkachuk
DPDK IPSec performance benchmark ~ Georgii TkachukDPDK IPSec performance benchmark ~ Georgii Tkachuk
DPDK IPSec performance benchmark ~ Georgii Tkachuk
 
Opensource approach to design and deployment of Microservices based VNF
Opensource approach to design and deployment of Microservices based VNFOpensource approach to design and deployment of Microservices based VNF
Opensource approach to design and deployment of Microservices based VNF
 
OpenStack & OpenContrail in Production
OpenStack & OpenContrail in ProductionOpenStack & OpenContrail in Production
OpenStack & OpenContrail in Production
 
LF_DPDK17_Abstract APIs for DPDK and ODP
LF_DPDK17_Abstract APIs for DPDK and ODPLF_DPDK17_Abstract APIs for DPDK and ODP
LF_DPDK17_Abstract APIs for DPDK and ODP
 
Platform Independent Packet Processing with ODL
Platform Independent Packet Processing with ODLPlatform Independent Packet Processing with ODL
Platform Independent Packet Processing with ODL
 
Deployment of Juniper Contrail in AVG Technologies
Deployment of Juniper Contrail in AVG TechnologiesDeployment of Juniper Contrail in AVG Technologies
Deployment of Juniper Contrail in AVG Technologies
 
Summit 16: Service Function Chaining: Demo and Usage
Summit 16: Service Function Chaining: Demo and UsageSummit 16: Service Function Chaining: Demo and Usage
Summit 16: Service Function Chaining: Demo and Usage
 
NFV & Openstack
NFV & OpenstackNFV & Openstack
NFV & Openstack
 
Delivering Composable NFV Services for Business, Residential and Mobile Edge
Delivering Composable NFV Services for Business, Residential and Mobile EdgeDelivering Composable NFV Services for Business, Residential and Mobile Edge
Delivering Composable NFV Services for Business, Residential and Mobile Edge
 
Summit 16: Deploying Virtualized Mobile Infrastructures on Openstack
Summit 16: Deploying Virtualized Mobile Infrastructures on OpenstackSummit 16: Deploying Virtualized Mobile Infrastructures on Openstack
Summit 16: Deploying Virtualized Mobile Infrastructures on Openstack
 
Summit 16: OPNFV on ARM - Hardware Freedom of Choice Has Arrived!
Summit 16: OPNFV on ARM - Hardware Freedom of Choice Has Arrived!Summit 16: OPNFV on ARM - Hardware Freedom of Choice Has Arrived!
Summit 16: OPNFV on ARM - Hardware Freedom of Choice Has Arrived!
 
Scaling the Container Dataplane
Scaling the Container Dataplane Scaling the Container Dataplane
Scaling the Container Dataplane
 
OpenContrail SDN for Kubernetes
OpenContrail SDN for KubernetesOpenContrail SDN for Kubernetes
OpenContrail SDN for Kubernetes
 
Dpdk Validation - Liu, Yong
Dpdk Validation - Liu, YongDpdk Validation - Liu, Yong
Dpdk Validation - Liu, Yong
 
Naveen nimmu sdn future of networking
Naveen nimmu sdn   future of networkingNaveen nimmu sdn   future of networking
Naveen nimmu sdn future of networking
 
如何用k8s打造國產5G NFV平臺? 剖析經濟部5G核網技術的關鍵
如何用k8s打造國產5G NFV平臺?剖析經濟部5G核網技術的關鍵如何用k8s打造國產5G NFV平臺?剖析經濟部5G核網技術的關鍵
如何用k8s打造國產5G NFV平臺? 剖析經濟部5G核網技術的關鍵
 
OPNFV: Road to Next-Generation Network
OPNFV: Road to Next-Generation NetworkOPNFV: Road to Next-Generation Network
OPNFV: Road to Next-Generation Network
 

Viewers also liked

EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux Networking
PLUMgrid
 
Lying, Cheating, and Winning with Containers in Networking
Lying, Cheating, and Winning with Containers in NetworkingLying, Cheating, and Winning with Containers in Networking
Lying, Cheating, and Winning with Containers in Networking
Sargun Dhillon
 
Linux BPF Superpowers
Linux BPF SuperpowersLinux BPF Superpowers
Linux BPF Superpowers
Brendan Gregg
 
BPF: Tracing and more
BPF: Tracing and moreBPF: Tracing and more
BPF: Tracing and more
Brendan Gregg
 
BPF - in-kernel virtual machine
BPF - in-kernel virtual machineBPF - in-kernel virtual machine
BPF - in-kernel virtual machine
Alexei Starovoitov
 
Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]
Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]
Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]
IO Visor Project
 
P4, EPBF, and Linux TC Offload
P4, EPBF, and Linux TC OffloadP4, EPBF, and Linux TC Offload
P4, EPBF, and Linux TC Offload
Open-NFP
 
BPF: Next Generation of Programmable Datapath
BPF: Next Generation of Programmable DatapathBPF: Next Generation of Programmable Datapath
BPF: Next Generation of Programmable Datapath
Thomas Graf
 
Cilium - BPF & XDP for containers
 Cilium - BPF & XDP for containers Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers
Docker, Inc.
 
Linux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old Secrets
Brendan Gregg
 
CETH for XDP [Linux Meetup Santa Clara | July 2016]
CETH for XDP [Linux Meetup Santa Clara | July 2016] CETH for XDP [Linux Meetup Santa Clara | July 2016]
CETH for XDP [Linux Meetup Santa Clara | July 2016]
IO Visor Project
 
Meet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingMeet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracing
Viller Hsiao
 
Linux Tracing Superpowers by Eugene Pirogov
Linux Tracing Superpowers by Eugene PirogovLinux Tracing Superpowers by Eugene Pirogov
Linux Tracing Superpowers by Eugene Pirogov
Pivorak MeetUp
 
Implementing vCPE with OpenStack and Software Defined Networks
Implementing vCPE with OpenStack and Software Defined NetworksImplementing vCPE with OpenStack and Software Defined Networks
Implementing vCPE with OpenStack and Software Defined Networks
PLUMgrid
 
Monitoring and observability
Monitoring and observabilityMonitoring and observability
Monitoring and observability
Theo Schlossnagle
 
ebpf and IO Visor: The What, how, and what next!
ebpf and IO Visor: The What, how, and what next!ebpf and IO Visor: The What, how, and what next!
ebpf and IO Visor: The What, how, and what next!
Affan Syed
 
Cilium - Fast IPv6 Container Networking with BPF and XDP
Cilium - Fast IPv6 Container Networking with BPF and XDPCilium - Fast IPv6 Container Networking with BPF and XDP
Cilium - Fast IPv6 Container Networking with BPF and XDP
Thomas Graf
 
Security Monitoring with eBPF
Security Monitoring with eBPFSecurity Monitoring with eBPF
Security Monitoring with eBPF
Alex Maestretti
 
OpenStack networking - Neutron deep dive with PLUMgrid
OpenStack networking - Neutron deep dive with PLUMgridOpenStack networking - Neutron deep dive with PLUMgrid
OpenStack networking - Neutron deep dive with PLUMgrid
Kamesh Pemmaraju
 
NFV management and orchestration framework architecture
NFV management and orchestration framework architectureNFV management and orchestration framework architecture
NFV management and orchestration framework architecture
sidneel
 

Viewers also liked (20)

EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux Networking
 
Lying, Cheating, and Winning with Containers in Networking
Lying, Cheating, and Winning with Containers in NetworkingLying, Cheating, and Winning with Containers in Networking
Lying, Cheating, and Winning with Containers in Networking
 
Linux BPF Superpowers
Linux BPF SuperpowersLinux BPF Superpowers
Linux BPF Superpowers
 
BPF: Tracing and more
BPF: Tracing and moreBPF: Tracing and more
BPF: Tracing and more
 
BPF - in-kernel virtual machine
BPF - in-kernel virtual machineBPF - in-kernel virtual machine
BPF - in-kernel virtual machine
 
Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]
Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]
Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]
 
P4, EPBF, and Linux TC Offload
P4, EPBF, and Linux TC OffloadP4, EPBF, and Linux TC Offload
P4, EPBF, and Linux TC Offload
 
BPF: Next Generation of Programmable Datapath
BPF: Next Generation of Programmable DatapathBPF: Next Generation of Programmable Datapath
BPF: Next Generation of Programmable Datapath
 
Cilium - BPF & XDP for containers
 Cilium - BPF & XDP for containers Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers
 
Linux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old Secrets
 
CETH for XDP [Linux Meetup Santa Clara | July 2016]
CETH for XDP [Linux Meetup Santa Clara | July 2016] CETH for XDP [Linux Meetup Santa Clara | July 2016]
CETH for XDP [Linux Meetup Santa Clara | July 2016]
 
Meet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingMeet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracing
 
Linux Tracing Superpowers by Eugene Pirogov
Linux Tracing Superpowers by Eugene PirogovLinux Tracing Superpowers by Eugene Pirogov
Linux Tracing Superpowers by Eugene Pirogov
 
Implementing vCPE with OpenStack and Software Defined Networks
Implementing vCPE with OpenStack and Software Defined NetworksImplementing vCPE with OpenStack and Software Defined Networks
Implementing vCPE with OpenStack and Software Defined Networks
 
Monitoring and observability
Monitoring and observabilityMonitoring and observability
Monitoring and observability
 
ebpf and IO Visor: The What, how, and what next!
ebpf and IO Visor: The What, how, and what next!ebpf and IO Visor: The What, how, and what next!
ebpf and IO Visor: The What, how, and what next!
 
Cilium - Fast IPv6 Container Networking with BPF and XDP
Cilium - Fast IPv6 Container Networking with BPF and XDPCilium - Fast IPv6 Container Networking with BPF and XDP
Cilium - Fast IPv6 Container Networking with BPF and XDP
 
Security Monitoring with eBPF
Security Monitoring with eBPFSecurity Monitoring with eBPF
Security Monitoring with eBPF
 
OpenStack networking - Neutron deep dive with PLUMgrid
OpenStack networking - Neutron deep dive with PLUMgridOpenStack networking - Neutron deep dive with PLUMgrid
OpenStack networking - Neutron deep dive with PLUMgrid
 
NFV management and orchestration framework architecture
NFV management and orchestration framework architectureNFV management and orchestration framework architecture
NFV management and orchestration framework architecture
 

Similar to In-kernel Analytics and Tracing with eBPF for OpenStack Clouds

Trend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationTrend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationGraeme Wood
 
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Amazon Web Services
 
7 Reasons Your Applications are Attractive to Adversaries
7 Reasons Your Applications are Attractive to Adversaries7 Reasons Your Applications are Attractive to Adversaries
7 Reasons Your Applications are Attractive to Adversaries
Derek E. Weeks
 
Using Modern Tools and Technologies to Improve Your Software Architecture
Using Modern Tools and Technologies to Improve Your Software ArchitectureUsing Modern Tools and Technologies to Improve Your Software Architecture
Using Modern Tools and Technologies to Improve Your Software Architecture
Eran Stiller
 
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated DesignCisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
Cisco Russia
 
Using Splunk for Information Security
Using Splunk for Information SecurityUsing Splunk for Information Security
Using Splunk for Information Security
Splunk
 
Using Splunk for Information Security
Using Splunk for Information SecurityUsing Splunk for Information Security
Using Splunk for Information Security
Shannon Cuthbertson
 
What are the best tools used in cybersecurity in 2023.pdf
What are the best tools used in cybersecurity in 2023.pdfWhat are the best tools used in cybersecurity in 2023.pdf
What are the best tools used in cybersecurity in 2023.pdf
tsaaroacademy
 
Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and WhyFilling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Black Duck by Synopsys
 
Web Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery PipelinesWeb Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery Pipelines
Avi Networks
 
Inherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsInherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV Deployments
OPNFV
 
Cloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New RealityCloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New Reality
Carlos Andrés García
 
Cloud-Native Security
Cloud-Native SecurityCloud-Native Security
Cloud-Native Security
VMware Tanzu
 
The Future of Embedded and IoT Security: Kaspersky Operating System
The Future of Embedded and IoT Security: Kaspersky Operating SystemThe Future of Embedded and IoT Security: Kaspersky Operating System
The Future of Embedded and IoT Security: Kaspersky Operating System
Kaspersky Lab
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
Spv Reddy
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
lior mazor
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Scalar Decisions
 
Application Security Guide for Beginners
Application Security Guide for Beginners Application Security Guide for Beginners
Application Security Guide for Beginners
Checkmarx
 
Web applications security conference slides
Web applications security  conference slidesWeb applications security  conference slides
Web applications security conference slides
Bassam Al-Khatib
 
Simplify and Scale Enterprise Spring Apps in the Cloud | March 23, 2023
Simplify and Scale Enterprise Spring Apps in the Cloud | March 23, 2023Simplify and Scale Enterprise Spring Apps in the Cloud | March 23, 2023
Simplify and Scale Enterprise Spring Apps in the Cloud | March 23, 2023
VMware Tanzu
 

Similar to In-kernel Analytics and Tracing with eBPF for OpenStack Clouds (20)

Trend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationTrend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning Presentation
 
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
 
7 Reasons Your Applications are Attractive to Adversaries
7 Reasons Your Applications are Attractive to Adversaries7 Reasons Your Applications are Attractive to Adversaries
7 Reasons Your Applications are Attractive to Adversaries
 
Using Modern Tools and Technologies to Improve Your Software Architecture
Using Modern Tools and Technologies to Improve Your Software ArchitectureUsing Modern Tools and Technologies to Improve Your Software Architecture
Using Modern Tools and Technologies to Improve Your Software Architecture
 
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated DesignCisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
 
Using Splunk for Information Security
Using Splunk for Information SecurityUsing Splunk for Information Security
Using Splunk for Information Security
 
Using Splunk for Information Security
Using Splunk for Information SecurityUsing Splunk for Information Security
Using Splunk for Information Security
 
What are the best tools used in cybersecurity in 2023.pdf
What are the best tools used in cybersecurity in 2023.pdfWhat are the best tools used in cybersecurity in 2023.pdf
What are the best tools used in cybersecurity in 2023.pdf
 
Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and WhyFilling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
 
Web Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery PipelinesWeb Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery Pipelines
 
Inherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsInherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV Deployments
 
Cloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New RealityCloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New Reality
 
Cloud-Native Security
Cloud-Native SecurityCloud-Native Security
Cloud-Native Security
 
The Future of Embedded and IoT Security: Kaspersky Operating System
The Future of Embedded and IoT Security: Kaspersky Operating SystemThe Future of Embedded and IoT Security: Kaspersky Operating System
The Future of Embedded and IoT Security: Kaspersky Operating System
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
Application Security Guide for Beginners
Application Security Guide for Beginners Application Security Guide for Beginners
Application Security Guide for Beginners
 
Web applications security conference slides
Web applications security  conference slidesWeb applications security  conference slides
Web applications security conference slides
 
Simplify and Scale Enterprise Spring Apps in the Cloud | March 23, 2023
Simplify and Scale Enterprise Spring Apps in the Cloud | March 23, 2023Simplify and Scale Enterprise Spring Apps in the Cloud | March 23, 2023
Simplify and Scale Enterprise Spring Apps in the Cloud | March 23, 2023
 

More from PLUMgrid

Monitoring Security Policies for Container and OpenStack Clouds
Monitoring Security Policies for Container and OpenStack CloudsMonitoring Security Policies for Container and OpenStack Clouds
Monitoring Security Policies for Container and OpenStack Clouds
PLUMgrid
 
Service Discovery and Registration in a Microservices Architecture
Service Discovery and Registration in a Microservices ArchitectureService Discovery and Registration in a Microservices Architecture
Service Discovery and Registration in a Microservices Architecture
PLUMgrid
 
Design and Deploy Secure Clouds for Financial Services Use Cases
Design and Deploy Secure Clouds for Financial Services Use CasesDesign and Deploy Secure Clouds for Financial Services Use Cases
Design and Deploy Secure Clouds for Financial Services Use Cases
PLUMgrid
 
How to Quickly Implement a Secure Cloud for Government and Military | Webinar
How to Quickly Implement a Secure Cloud for Government and Military | WebinarHow to Quickly Implement a Secure Cloud for Government and Military | Webinar
How to Quickly Implement a Secure Cloud for Government and Military | Webinar
PLUMgrid
 
OpenStack and Application Delivery: Joy and Pain of an Intricate Relationship
OpenStack and Application Delivery: Joy and Pain of an Intricate RelationshipOpenStack and Application Delivery: Joy and Pain of an Intricate Relationship
OpenStack and Application Delivery: Joy and Pain of an Intricate Relationship
PLUMgrid
 
You Can Build Your OpenStack and Consume it Too
You Can Build Your OpenStack and Consume it TooYou Can Build Your OpenStack and Consume it Too
You Can Build Your OpenStack and Consume it Too
PLUMgrid
 
You Can Build Your OpenStack and Consume it Too
You Can Build Your OpenStack and Consume it TooYou Can Build Your OpenStack and Consume it Too
You Can Build Your OpenStack and Consume it Too
PLUMgrid
 
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
PLUMgrid
 
Networking For Nested Containers: Magnum, Kuryr, Neutron Integration
Networking For Nested Containers: Magnum, Kuryr, Neutron IntegrationNetworking For Nested Containers: Magnum, Kuryr, Neutron Integration
Networking For Nested Containers: Magnum, Kuryr, Neutron Integration
PLUMgrid
 
Hands-on Lab: Test Drive Your OpenStack Network
Hands-on Lab: Test Drive Your OpenStack NetworkHands-on Lab: Test Drive Your OpenStack Network
Hands-on Lab: Test Drive Your OpenStack Network
PLUMgrid
 
Securing Micro Services in Cloud Foundry
Securing Micro Services in Cloud FoundrySecuring Micro Services in Cloud Foundry
Securing Micro Services in Cloud Foundry
PLUMgrid
 
Docker Networking in Swarm, Mesos and Kubernetes [Docker Meetup Santa Clara |...
Docker Networking in Swarm, Mesos and Kubernetes [Docker Meetup Santa Clara |...Docker Networking in Swarm, Mesos and Kubernetes [Docker Meetup Santa Clara |...
Docker Networking in Swarm, Mesos and Kubernetes [Docker Meetup Santa Clara |...
PLUMgrid
 
Unified Underlay and Overlay SDNs for OpenStack Clouds
Unified Underlay and Overlay SDNs for OpenStack CloudsUnified Underlay and Overlay SDNs for OpenStack Clouds
Unified Underlay and Overlay SDNs for OpenStack Clouds
PLUMgrid
 
Building a Scalable Federated Hybrid Cloud
Building a Scalable Federated Hybrid CloudBuilding a Scalable Federated Hybrid Cloud
Building a Scalable Federated Hybrid Cloud
PLUMgrid
 
Managing Multi-hypervisor OpenStack Cloud with Single Virtual Network
Managing Multi-hypervisor OpenStack Cloud with Single Virtual NetworkManaging Multi-hypervisor OpenStack Cloud with Single Virtual Network
Managing Multi-hypervisor OpenStack Cloud with Single Virtual Network
PLUMgrid
 
Revolutionizing IT and Telecom Industry with OpenStack, SDN and NFV
Revolutionizing IT and Telecom Industry with OpenStack, SDN and NFVRevolutionizing IT and Telecom Industry with OpenStack, SDN and NFV
Revolutionizing IT and Telecom Industry with OpenStack, SDN and NFV
PLUMgrid
 
See Your OpenStack Network Like Never Before
See Your OpenStack Network Like Never BeforeSee Your OpenStack Network Like Never Before
See Your OpenStack Network Like Never Before
PLUMgrid
 
Federation manager demo
Federation manager demoFederation manager demo
Federation manager demo
PLUMgrid
 
Network Monitoring and Analytics
Network Monitoring and AnalyticsNetwork Monitoring and Analytics
Network Monitoring and Analytics
PLUMgrid
 
Navigating OpenStack Networking
Navigating OpenStack NetworkingNavigating OpenStack Networking
Navigating OpenStack Networking
PLUMgrid
 

More from PLUMgrid (20)

Monitoring Security Policies for Container and OpenStack Clouds
Monitoring Security Policies for Container and OpenStack CloudsMonitoring Security Policies for Container and OpenStack Clouds
Monitoring Security Policies for Container and OpenStack Clouds
 
Service Discovery and Registration in a Microservices Architecture
Service Discovery and Registration in a Microservices ArchitectureService Discovery and Registration in a Microservices Architecture
Service Discovery and Registration in a Microservices Architecture
 
Design and Deploy Secure Clouds for Financial Services Use Cases
Design and Deploy Secure Clouds for Financial Services Use CasesDesign and Deploy Secure Clouds for Financial Services Use Cases
Design and Deploy Secure Clouds for Financial Services Use Cases
 
How to Quickly Implement a Secure Cloud for Government and Military | Webinar
How to Quickly Implement a Secure Cloud for Government and Military | WebinarHow to Quickly Implement a Secure Cloud for Government and Military | Webinar
How to Quickly Implement a Secure Cloud for Government and Military | Webinar
 
OpenStack and Application Delivery: Joy and Pain of an Intricate Relationship
OpenStack and Application Delivery: Joy and Pain of an Intricate RelationshipOpenStack and Application Delivery: Joy and Pain of an Intricate Relationship
OpenStack and Application Delivery: Joy and Pain of an Intricate Relationship
 
You Can Build Your OpenStack and Consume it Too
You Can Build Your OpenStack and Consume it TooYou Can Build Your OpenStack and Consume it Too
You Can Build Your OpenStack and Consume it Too
 
You Can Build Your OpenStack and Consume it Too
You Can Build Your OpenStack and Consume it TooYou Can Build Your OpenStack and Consume it Too
You Can Build Your OpenStack and Consume it Too
 
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
 
Networking For Nested Containers: Magnum, Kuryr, Neutron Integration
Networking For Nested Containers: Magnum, Kuryr, Neutron IntegrationNetworking For Nested Containers: Magnum, Kuryr, Neutron Integration
Networking For Nested Containers: Magnum, Kuryr, Neutron Integration
 
Hands-on Lab: Test Drive Your OpenStack Network
Hands-on Lab: Test Drive Your OpenStack NetworkHands-on Lab: Test Drive Your OpenStack Network
Hands-on Lab: Test Drive Your OpenStack Network
 
Securing Micro Services in Cloud Foundry
Securing Micro Services in Cloud FoundrySecuring Micro Services in Cloud Foundry
Securing Micro Services in Cloud Foundry
 
Docker Networking in Swarm, Mesos and Kubernetes [Docker Meetup Santa Clara |...
Docker Networking in Swarm, Mesos and Kubernetes [Docker Meetup Santa Clara |...Docker Networking in Swarm, Mesos and Kubernetes [Docker Meetup Santa Clara |...
Docker Networking in Swarm, Mesos and Kubernetes [Docker Meetup Santa Clara |...
 
Unified Underlay and Overlay SDNs for OpenStack Clouds
Unified Underlay and Overlay SDNs for OpenStack CloudsUnified Underlay and Overlay SDNs for OpenStack Clouds
Unified Underlay and Overlay SDNs for OpenStack Clouds
 
Building a Scalable Federated Hybrid Cloud
Building a Scalable Federated Hybrid CloudBuilding a Scalable Federated Hybrid Cloud
Building a Scalable Federated Hybrid Cloud
 
Managing Multi-hypervisor OpenStack Cloud with Single Virtual Network
Managing Multi-hypervisor OpenStack Cloud with Single Virtual NetworkManaging Multi-hypervisor OpenStack Cloud with Single Virtual Network
Managing Multi-hypervisor OpenStack Cloud with Single Virtual Network
 
Revolutionizing IT and Telecom Industry with OpenStack, SDN and NFV
Revolutionizing IT and Telecom Industry with OpenStack, SDN and NFVRevolutionizing IT and Telecom Industry with OpenStack, SDN and NFV
Revolutionizing IT and Telecom Industry with OpenStack, SDN and NFV
 
See Your OpenStack Network Like Never Before
See Your OpenStack Network Like Never BeforeSee Your OpenStack Network Like Never Before
See Your OpenStack Network Like Never Before
 
Federation manager demo
Federation manager demoFederation manager demo
Federation manager demo
 
Network Monitoring and Analytics
Network Monitoring and AnalyticsNetwork Monitoring and Analytics
Network Monitoring and Analytics
 
Navigating OpenStack Networking
Navigating OpenStack NetworkingNavigating OpenStack Networking
Navigating OpenStack Networking
 

Recently uploaded

Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 

Recently uploaded (20)

Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 

In-kernel Analytics and Tracing with eBPF for OpenStack Clouds

  • 1. In-kernel Analytics and Tracing with eBPF for OpenStack Clouds October 2016 Brenden Blanco PLUMgrid Ali Khayam PLUMgrid
  • 2. Thank You to Sponsoring Members 2
  • 3. IO Visor Project, What is in it? • A set of development tools, IO Visor Dev Tools • A set of IO Visor Tools for management and operations of the IO Visor Engine • A set of Applications, Tools and open IO Modules build on top of the IO Visor framework • A set of possible use cases & applications like Networking, Security, Tracing & others 3
  • 4. The promise of Microservices: Better cloud app lifecycle …… but what about security? 4 Shared kernel Larger attack surface? Self service Developer = Security Expert? Shared Infrastructure Insider threats? Fast Development & Iteration Compromised zero trust?
  • 5. Where should microservices security be implemented? All layers…. but from the app cloud provider’s perspective: best to trust what you build/operate/control => “Security-as-a-Service” in the cloud infrastructure Infrastructure Operator Application Developer
  • 6. An ideal Security-as-a-Service offering Transparent: Application shouldn’t be aware of this layer No new software installation/configuration Generically applicable: Should be able to characterize microservice security profiles for diverse applications, without having visibility into service behavior Efficient: No compromises on performance or scalability
  • 7. What features can characterize a Microservice Security Profile? API API call, payload len Traffic bytes tx/rx, packets rx/rx Disk I/O Disk I/O rx/tx Tenants # of active tenants …. how to get these features without compromising transparency and efficiency
  • 8. How to extract features for Microservice Security Profiles? Objectives: Transparency, Seamlessness, Efficiency IO Visor instrumented infra to extract features for service security profiles: ▪ already present in Linux kernels ▪ capture API calls and resource usage ▪ system-call level insight ▪ real-time monitoring ▪ without efficiency degradation 8 Automation Developers IOVisor framework Advanced Monitoring Security Automation / Operations Machine Learning Infrastructure Monitor Ops/Automation Maintain
  • 9. Plugging features into an ML model to learn Microservice security profiles 9 ComputeNode UserSpaceKernelSpace API / Traffic Data Disk/Memory Data Microservice Collector Machine Learning API Traffic (Ingress / Egress) Microservice Security Profiles
  • 10. IO Visor Code Snippet (Userspace)
  • 11. IO Visor Code Snippet (Kernel) www.iovisor.org
  • 12. Preliminary Evaluation 1) OpenStack Controller Services as Microservices 12
  • 13. OpenStack Controller Services as Microservices IO Visor instrumentation is used to build security profiles of all controller services nova, neutron, keystone, cinder, etc. API calls learned as they arrive on the services’ veth interface no pre-training of API calls IO Visor hooks to monitor vfs_{read/write} accesses from each service separated based on PIDs for each container ML algorithm builds security profiles based on initial (training) data then security profile deviations are used for attack detection on run-time data
  • 14. Attack: Bruteforce password cracking on keystone Lots of Background (benign) Traffic: Continuous CRUD APIs from a real-world app cloud use case All API calls (incl. service-to-service) must get auth_token from keystone first Attack Traffic: 2-4 password attempts per second Attack continued for a sustained period of time
  • 15. Results of brute-force password attack on keystone Attack Detection Rate False Positive Rate 97% 0% • Results obtained from an ROC curve by tuning the detection threshold • API and Traffic features are the main contributors to these results
  • 16. Preliminary Evaluation 2) Database container using MySQL 16
  • 17. MySQL Microservice instrumentation MySQL Docker image (MySQL version 5.7, docker 1.12 ) SQL queries (TCP packets) intercepted by IOVisor hooks on veth pairs handshakes, teardown and acks ignored IOVisor hooks for vfs_{read/write} for queries into a large DB (180Mb) separated on PID and TID for docker 17
  • 18. Attack: First order SQL injection Benign traffic consisted of Simulated SQL queries Generated randomly and continuously Attack results in extracting large segments of the DB Segment size varying In parallel to benign traffic on the microservice 18
  • 19. Results of brute-force password attack on keystone Attack Detection Rate False Positive Rate 93.5% 3.5% • Results obtained from an ROC curve by tuning the detection threshold • Correlating Traffic and disk access was essential for detection
  • 21. Conclusion: Meeting the requirements of an ideal Security-as-a- Service offering 21
  • 22. Transparency Application shouldn’t be aware of this layer IO Visor works on eBPF constructs that are present in >4.x upstream kernels IO Visor instrumentation runs in kernel and is not visible to the developer The only non-standard dependency is github.com/iovisor/bcc python library
  • 23. Generic Applicability Should be able to characterize microservice security profiles for diverse applications, without having visibility into service behavior Trained/Tested on SQL Trained/Tested on OpenStack services Future Work: Train/Test for DNS attacks Train/Test for ransomware attacks
  • 24. Efficiency No compromises on performance or scalability eBPF counting is done inside the kernel with little or no overhead Main overhead is kernel to userspace interaction Data polled by userspace every 1 minute All data structures are reset after polling; data cannot grow indefinitely Data is exported by the userspace application to a collector node Machine learning and classification is applied on the collector node i.e. no impact to performance on computes
  • 25. Efficiency No compromises on performance or scalability Data structures have low overhead: vfs_read (BFP_HASH): size at time ti = Ni x 3, where: Ni = # of read process at ti the map has: {key: pid, value1: # of reads, value2: aggregate size of all reads vfs_write (BFP_HASH): has the the same structure as vfs_read traffic (BFP_HASH): size at time ti = Fi x 7, where: Fi = # of active TCP flows at ti the map’s key is a 5-tuple flow id, and values are the same as vfs_{read/write} http_traffic (BPF_HISTOGRAM): size at time ti = Si x LSi x 7, where: key is a 5-tuple flow id of http packets Si = # of active HTTP session at ti LSi = # of HTTP packets with unique lengths received on session Si
  • 26. How to Contribute github.com/akhayam/conmon (this presentation) www.iovisor.org github.com/iovisor #iovisor at irc.oftc.net lists.iovisor.org/mailman/listinfo/iovisor-dev 26