Static to Dynamic: Evolution of Linux Security Modules

The Linux Security Module (LSM) framework has long served as the backbone of access control and enforcement in Linux systems. Historically dominated by static models like AppArmor and SELinux, LSMs enforced security through predefined, policy-driven mechanisms. While effective, these static models often lacked the flexibility required to meet modern cloud-native, containerized, and dynamically changing workloads.

This talk explores the evolution of LSMs from static, policy-bound systems to programmable security enforcers through the integration of eBPF-based LSMs. We’ll dive into:

• The design and limitations of traditional LSMs like AppArmor and SELinux

• The architecture and capabilities of eBPF LSMs

• Real-world use cases where dynamic enforcement offers a significant advantage such as -

  • Emitting telemetry along with enforcement.

  • Context-Aware Enforcement Based on Runtime Attributes.

  • Fine-Grained Process-Level Enforcement.

• A technical walkthrough of using KubeArmor to showcase usage of eBPF LSM

• Understand the architectural differences between static and programmable LSMs.

• Learn the benefits and trade-offs of using dynamic eBPF-based enforcement over traditional policy models.

• Explore real-world scenarios where static LSMs fall short and eBPF LSMs excel.

• Introduction to KubeArmor, a cloud native policy driven system that makes LSMs enforcement easy.