SnakeBPF: Runtime Python Package Detection - An eBPF-based approach for Vulnerability Prioritization in Containerized Environments

Hämtar...
Bild (thumbnail)

Publicerad

Typ

Examensarbete för masterexamen
Master's Thesis

Modellbyggare

Tidskriftstitel

ISSN

Volymtitel

Utgivare

Sammanfattning

Maintaining awareness of software dependencies is essential for system security, as vulnerabilities in dependencies may introduce significant security risks. Static vulnerability scanning tools often identify large numbers of libraries and packages, making vulnerability prioritization challenging. To improve prioritization, it is valuable to determine which packages are actively used during runtime. This thesis presents SnakeBPF, a runtime Python package detection approach based on eBPF tracing of interactions with the Linux kernel. Several data collection sources and strategies are evaluated, and the proposed approach primarily leverages openat system calls to identify Python packages used during program execution. To establish an evaluation baseline, multiple alternatives are considered. Ultimately, results from the static analysis tool Trivy and Syft are used to evaluate the effective ness of the proposed approach. The detection technique is further evaluated using multiple containerized web applications as well as a 5G packet core Kubernetes cluster to assess its applicability in real-world containerized deployment scenarios. The results demonstrate that information obtained from the openat system call can be used to detect Python packages imported during runtime. However, the approach is sensitive to Python’s in-memory caching mechanisms, which may result in false negatives when tracing is not initiated during application startup or deployment. With correct initialization, the proposed runtime approach SnakeBPF may complement static vulnerability scanning, by providing contextual information about actively used dependencies.

Beskrivning

Ämne/nyckelord

Vulnerability Scanning, Library Detection, Dynamic Analysis, eBPF, Python Package Detection.

Citation

Arkitekt (konstruktör)

Geografisk plats

Byggnad (typ)

Byggår

Modelltyp

Skala

Teknik / material

Index

Endorsement

Review

Supplemented By

Referenced By