CNCF-hosted Co-located Events North America 2024

Least privilege is a very old concept that is well understood and already implemented in the cloud native landscape by Security Teams. It is often encountered when they deploy an application and will be asked: what privileges does this workload require? Join John and Natalia to learn how eBPF allows to implement least privileged policies by injecting code inline into the kernel and keeping the application overhead minimal! This will be a fun talk which evaluates eBPF-based least privileged policies against a list of known CVEs by showing a live demo. We will show how eBPF can be used to implement the least privileged principle by monitoring every process and system call execution, networking and file access, or even stack traces combining this data to create a known ordering and making the attacker's job immensely harder. We will finish by explaining where this technology shines and where we are continuing to improve to block the next generation of security attacks.