SnakeBPF: Runtime Python Package Detection - An eBPF-based approach for Vulnerability Prioritization in Containerized Environments
Hämtar...
Ladda ner
Publicerad
Författare
Typ
Examensarbete för masterexamen
Master's Thesis
Master's Thesis
Modellbyggare
Tidskriftstitel
ISSN
Volymtitel
Utgivare
Sammanfattning
Maintaining awareness of software dependencies is essential for system security, as
vulnerabilities in dependencies may introduce significant security risks. Static vulnerability scanning tools often identify large numbers of libraries and packages, making vulnerability prioritization challenging. To improve prioritization, it is valuable
to determine which packages are actively used during runtime.
This thesis presents SnakeBPF, a runtime Python package detection approach based
on eBPF tracing of interactions with the Linux kernel. Several data collection
sources and strategies are evaluated, and the proposed approach primarily leverages
openat system calls to identify Python packages used during program execution.
To establish an evaluation baseline, multiple alternatives are considered. Ultimately,
results from the static analysis tool Trivy and Syft are used to evaluate the effective
ness of the proposed approach. The detection technique is further evaluated using
multiple containerized web applications as well as a 5G packet core Kubernetes cluster to assess its applicability in real-world containerized deployment scenarios.
The results demonstrate that information obtained from the openat system call
can be used to detect Python packages imported during runtime. However, the
approach is sensitive to Python’s in-memory caching mechanisms, which may result in false negatives when tracing is not initiated during application startup or
deployment. With correct initialization, the proposed runtime approach SnakeBPF
may complement static vulnerability scanning, by providing contextual information
about actively used dependencies.
Beskrivning
Ämne/nyckelord
Vulnerability Scanning, Library Detection, Dynamic Analysis, eBPF, Python Package Detection.
