{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,11]],"date-time":"2025-11-11T15:55:40Z","timestamp":1762876540726,"version":"build-2065373602"},"publisher-location":"New York, NY, USA","reference-count":37,"publisher":"ACM","funder":[{"name":"NSF","award":["CNS-2236966"],"award-info":[{"award-number":["CNS-2236966"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,9,8]]},"DOI":"10.1145\/3748355.3748374","type":"proceedings-article","created":{"date-parts":[[2025,8,19]],"date-time":"2025-08-19T13:47:07Z","timestamp":1755611227000},"page":"87-93","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["BPFflow - Preventing information leaks from eBPF"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-1744-8083","authenticated-orcid":false,"given":"Chinecherem","family":"Dimobi","sequence":"first","affiliation":[{"name":"Virginia Tech, Blacksburg, VA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-8923-1020","authenticated-orcid":false,"given":"Rahul","family":"Tiwari","sequence":"additional","affiliation":[{"name":"Virginia Tech, Blacksburg, VA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-0900-6456","authenticated-orcid":false,"given":"Zhengjie","family":"Ji","sequence":"additional","affiliation":[{"name":"Virginia Tech, Blacksburg, VA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1537-0525","authenticated-orcid":false,"given":"Dan","family":"Williams","sequence":"additional","affiliation":[{"name":"Virginia Tech, Blacksburg, VA, USA"}]}],"member":"320","published-online":{"date-parts":[[2025,9,8]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMSNETS63942.2025.10885589"},{"key":"e_1_3_2_1_2_1","unstructured":"Cilium Project Contributors. 2025. Cilium: eBPF-based Networking Observability and Security. (2025). https:\/\/cilium.io\/ Accessed: 2025-01-09."},{"key":"e_1_3_2_1_3_1","volume-title":"Falco: Open Source Runtime Security.","author":"Contributors Falco Project","year":"2025","unstructured":"Falco Project Contributors. 2025. Falco: Open Source Runtime Security. (2025). https:\/\/falco.org\/ Accessed: 2025-01-09."},{"key":"e_1_3_2_1_4_1","volume-title":"Pixie: Open-source observability for Kubernetes.","author":"Contributors Pixie","year":"2025","unstructured":"Pixie Contributors. 2025. Pixie: Open-source observability for Kubernetes. (2025). https:\/\/github.com\/pixie-io\/pixie Accessed: 2025-01-09."},{"key":"e_1_3_2_1_5_1","volume-title":"Pyroscope: Continuous Profiling for Developers.","author":"Contributors Pyroscope Project","year":"2025","unstructured":"Pyroscope Project Contributors. 2025. Pyroscope: Continuous Profiling for Developers. (2025). https:\/\/pyroscope.io\/ Accessed: 2025-01-09."},{"key":"e_1_3_2_1_6_1","unstructured":"Tetragon Project Contributors. 2025. Tetragon: eBPF-based Security Observability and Enforcement. (2025). https:\/\/tetragon.io\/ Accessed: 2025-01-09."},{"key":"e_1_3_2_1_7_1","unstructured":"Deep Instinct Threat Research. 2024. BPFdoor Malware Evolves: Stealthy Sniffing Backdoor Ups Its Game. (2024). https:\/\/www.deepinstinct.com\/blog\/bpfdoor-malware-evolves-stealthy-sniffing-backdoor-ups-its-game Accessed: 2025-03-30."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/360051.360056"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/359636.359712"},{"key":"e_1_3_2_1_10_1","unstructured":"eBPF Community. 2025. eBPF Case Studies: Real-world Use Cases for eBPF Technology. (2025). https:\/\/ebpf.io\/case-studies\/ Accessed: 2025-01-09."},{"key":"e_1_3_2_1_11_1","unstructured":"Linux Foundation. 2025. ControlPlane --- eBPF Security Threat Model. (2025). https:\/\/www.linuxfoundation.org\/hubfs\/eBPF\/ControlPlane%20%E2%80%94%20eBPF%20Security%20Threat%20Model.pdf Accessed: 2025-01-09."},{"key":"e_1_3_2_1_12_1","unstructured":"Guillaume Fournier Sylvain Afchain and Sylvain Baubeau. 2021. eBPF I Thought We Were Friends!. In DEF CON 29. https:\/\/defcon.org\/html\/defcon-29\/dc-29-speakers.html#fournier Accessed: 2025-03-26."},{"key":"e_1_3_2_1_13_1","volume-title":"Black Hat USA 2021","author":"Fournier Guillaume","year":"2021","unstructured":"Guillaume Fournier, Sylvain Afchain, and Sylvain Baubeau. 2021. With Friends Like eBPF, Who Needs Enemies?. In Black Hat USA 2021. https:\/\/www.blackhat.com\/us-21\/briefings\/schedule\/#with-friends-like-ebpf-who-needs-enemies-23619 Accessed: 2025-03-26."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3314221.3314590"},{"key":"e_1_3_2_1_15_1","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"He Yi","year":"2023","unstructured":"Yi He, Roland Guo, Yunlong Xing, Xijia Che, Kun Sun, Zhuotao Liu, Ke Xu, and Qi Li. 2023. Cross Container Attacks: The Bewildered eBPF on Clouds. In 32nd USENIX Security Symposium (USENIX Security 23). USENIX Association, Anaheim, CA, 5971--5988. https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/he"},{"key":"e_1_3_2_1_16_1","unstructured":"hyperfine [n. d.]. ([n. d.]). https:\/\/github.com\/sharkdp\/hyperfine"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1323293.1294293"},{"key":"e_1_3_2_1_18_1","volume-title":"Accessed","author":"Labs Grafana","year":"2024","unstructured":"Grafana Labs. 2024. Beyla - eBPF-based auto-instrumentation agent for observability. https:\/\/github.com\/grafana\/beyla. (2024). Accessed: May 20, 2025."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/362375.362389"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3609021.3609301"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3689938.3694781"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3672197.3673435"},{"key":"e_1_3_2_1_23_1","unstructured":"Hongyi Lu Shuai Wang Yechang Wu Wanning He and Fengwei Zhang. 2024. {MOAT}: Towards Safe {BPF} Kernel Extension. 1153--1170. https:\/\/www.usenix.org\/conference\/usenixsecurity24\/presentation\/lu- hongyi"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.35"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/268998.266669"},{"key":"e_1_3_2_1_26_1","volume-title":"Boopkit: Linux eBPF backdoor over TCP. https:\/\/github.com\/krisnova\/boopkit\/tree\/b8dc4ee0c9a7eeb042e20835f26591776f7a6cff.","author":"N\u00f3va Kris","year":"2022","unstructured":"Kris N\u00f3va. 2022. Boopkit: Linux eBPF backdoor over TCP. https:\/\/github.com\/krisnova\/boopkit\/tree\/b8dc4ee0c9a7eeb042e20835f26591776f7a6cff. (2022). https:\/\/github.com\/krisnova\/boopkit\/tree\/b8dc4ee0c9a7eeb042e20835f26591776f7a6cff Accessed: 2025-03-30."},{"key":"e_1_3_2_1_27_1","unstructured":"pamspy [n. d.]. pampsy - Credentials Dumper for Linux using eBPF. ([n. d.]). https:\/\/github.com\/citronneur\/pamspy"},{"key":"e_1_3_2_1_28_1","unstructured":"Pathtofile. [n. d.]. Bad BPF: A Collection of Malicious eBPF Programs. https:\/\/github.com\/pathtofile\/bad-bpf. ([n. d.]). Accessed: 2025-03-26."},{"key":"e_1_3_2_1_29_1","volume-title":"Accessed","author":"Project Visor","year":"2024","unstructured":"IOVisor Project. 2024. libbpf-tools - Collection of eBPF tools using libbpf. https:\/\/github.com\/iovisor\/bcc\/tree\/f2d3803272fcd39888b75bb508df8f095ad02411\/libbpf-tools. (2024). Accessed: May 20, 2025."},{"key":"e_1_3_2_1_30_1","unstructured":"Embrace The Red. [n. d.]. eBPF Blog Posts. https:\/\/embracethered.com\/blog\/tags\/ebpf\/. ([n. d.]). Accessed: 2025-03-26."},{"key":"e_1_3_2_1_31_1","unstructured":"Hao Sun and Zhendong Su. 2024. Validating the {eBPF} Verifier via State Embedding. 615--628. https:\/\/www.usenix.org\/conference\/osdi24\/presentation\/sun-hao"},{"key":"e_1_3_2_1_32_1","volume-title":"Symbiote: A new stealthy malware for Linux.","author":"Protection Team Acronis Cyber","year":"2022","unstructured":"Acronis Cyber Protection Team. 2022. Symbiote: A new stealthy malware for Linux. (2022). https:\/\/www.acronis.com\/en-us\/cyber-protection-center\/posts\/symbiote-a-new-stealthy-malware-for-linux\/ Accessed: 2025-03-30."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/1314299.1314302"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","unstructured":"Harishankar Vishwanathan Matan Shachnai Srinivas Narayana and Santosh Nagarakatte. 2023. Verifying the Verifier: eBPF Range Analysis Verification. In Computer Aided Verification Constantin Enea and Akash Lal (Eds.). Springer Nature Switzerland Cham 226--251. https:\/\/doi.org\/10.1007\/978-3-031-37709-9_12","DOI":"10.1007\/978-3-031-37709-9_12"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.5220\/0012470800003648"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2018396.2018419"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.5555\/1387589.1387610"}],"event":{"name":"SIGCOMM '25: ACM SIGCOMM 2025 Conference","sponsor":["SIGCOMM ACM Special Interest Group on Data Communication"],"location":"Coimbra Portugal","acronym":"SIGCOMM '25"},"container-title":["Proceedings of the 3rd Workshop on eBPF and Kernel Extensions"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3748355.3748374","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T14:11:11Z","timestamp":1760019071000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3748355.3748374"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,9,8]]},"references-count":37,"alternative-id":["10.1145\/3748355.3748374","10.1145\/3748355"],"URL":"https:\/\/doi.org\/10.1145\/3748355.3748374","relation":{},"subject":[],"published":{"date-parts":[[2025,9,8]]},"assertion":[{"value":"2025-09-08","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}