Browsing by Author "Pinto, Carlos Francisco Caramelo"
Now showing 1 - 1 of 1
Results Per Page
Sort Options
- Preventing Data Exfiltration eBPF-based approachPublication . Pinto, Carlos Francisco Caramelo; Sousa, Maria Manuela Areias da Costa Pereira de; Sousa, André Passos; Simão Melo deThis internship report addresses the challenges and solutions associated with the data exfiltration problems identified by Scalabit. The research carried out during the course of this internship is based on eBPF, which is an emerging technology. The aim of this research is to study the feasibility of a solution based on this technology for the data exfiltration problem on machines whose users have sudo access. The document is organized into several crucial sections, starting with an introduction outlining the problem, the solution to be studied and a contextualization of the company where the internship was carried out. This is followed by a review of the state of the art of tools that make use of kernel-based security and eBPF itself. Some classic tools are also presented in this review and compared with eBPF. A preliminary case study is then presented, focusing on the implementation of an eBPF application that can list a user and the directory in which they are present when a specific system call is made. This study serves as a preliminary proof that eBPF would be a suitable tool for the problem at hand, providing valuable insights about eBPF and the kernel itself. The core work of this internship is the development of an eBPF application, which limits system calls on a per user and directory basis, effectively using data hiding as a method to prevent data exfiltration. This tool is intended to be deployed on several machines where users have sudo access. The expected use case and tests ran are presented alongside the tool itself. Finally, the report presents a critical analysis of the tool developed and the work carried out during this internship period. The vulnerabilities of the application itself and the way in which they were dealt with are analyzed. In summary, this report aims to present the research and development work carried out during my internship at Scalabit.