Skip to Main Content
Talk Intermediate

Static to Dynamic: Evolution of Linux Security Modules

Rejected
Session Description

The Linux Security Module (LSM) framework has long served as the backbone of access control and enforcement in Linux systems. Historically dominated by static models like AppArmor and SELinux, LSMs enforced security through predefined, policy-driven mechanisms. While effective, these static models often lacked the flexibility required to meet modern cloud-native, containerized, and dynamically changing workloads.

This talk explores the evolution of LSMs from static, policy-bound systems to programmable security enforcers through the integration of eBPF-based LSMs. We’ll dive into:

  • The design and limitations of traditional LSMs like AppArmor and SELinux

  • The architecture and capabilities of eBPF LSMs

  • Real-world use cases where dynamic enforcement offers a significant advantage such as -

    • Emitting telemetry along with enforcement.

    • Context-Aware Enforcement Based on Runtime Attributes.

    • Fine-Grained Process-Level Enforcement.

  • A technical walkthrough of using KubeArmor to showcase usage of eBPF LSM

Key Takeaways

  • Understand the architectural differences between static and programmable LSMs.

  • Learn the benefits and trade-offs of using dynamic eBPF-based enforcement over traditional policy models.

  • Explore real-world scenarios where static LSMs fall short and eBPF LSMs excel.

  • Introduction to KubeArmor, a cloud native policy driven system that makes LSMs enforcement easy.

References

https://ebpf.io/
https://github.com/kubearmor/KubeArmor

Session Categories

Technology architecture
Which track are you applying for?
Main track

Speakers

Rishabh Soni
Software Engineer | AccuKnox

Rishabh is a Software Engineer at AccuKnox with a passion for low-level systems, cloud-native security, and developer tooling. He is a key contributor and approver for KubeArmor, a CNCF Sandbox project focused on Kubernetes runtime security using eBPF and BPFLSM.

Rishabh has deep, hands-on experience building scalable SIEM solutions and has worked extensively with OpenSearch and the OpenSearch Operator to enable secure, production-grade observability pipelines.

He’s also active in the CNCF community, both as an LFX mentee and mentor, and enjoys sharing practical insights drawn from real-world use cases.

 https://x.com/rootxrishabh
Rishabh Soni

Reviews

Please spend a good chunk of your time going over LSMs and getting into the details, this is a real service many are interesting in. Demoing kubearmor's implementation is fine but should be very secondary to the LSM exploration and getting into the weeds there

Reviewer #1 Approved

A well-structured and highly relevant proposal highlighting gap between traditional /static and modern/dynamic LSMs

Reviewer #2 Approved

Thank you for submitting your proposal for IndiaFOSS 2025. Your submission was well-received and progressed to our final review stages.

Unfortunately, due to the high volume of excellent proposals this year, we were unable to select your talk for the final program. We appreciate the effort you put into your submission and encourage you to apply again for future events.

Reviewer #3 Rejected