BSDCan2017 - 0722d
BSDCan 2017
The Technical BSD Conference
Speakers | |
---|---|
Brian Kidney |
Schedule | |
---|---|
Day | Talks #1 - 9 June - 2017-06-09 |
Room | DMS 1120 |
Start time | 13:30 |
Duration | 01:00 |
Info | |
ID | 841 |
Event type | Lecture |
Track | Plenary |
Language used for presentation | English |
The Realities of DTrace on FreeBSD
For more than a year we have been using DTrace as one of the three core components of a security research project, CADETS. Unlike earlier users of DTrace, which were focused on occasional, deep debugging sessions, the CADETS project uses DTrace to bring total system transparency to both the operating system and the applications that are running on top of it. The use of "always-on tracing" pushes the DTrace system up to, and often, past its limits and shows how some of the original design tradeoffs need to be revisited to address the needs of our project. Our talk covers our current efforts to extend and improve the DTrace framework in FreeBSD, including performance and programming improvements to address the needs of always-on tracing as well as integration with FreeBSD's audit subsystem and the addition of machine-readable output for use by creators of downstream security-analysis tools.
This presentation is based upon the work of six authors: Jonathan Anderson, Graeme Jenkinson, Brian Kidney, George Neville-Neil, Amanda Strnad, Arun Thomas, and Robert Watson.
For more than a year we have been using DTrace as one of the three core components of a security research project, CADETS. Unlike earlier users of DTrace, which were focused on occasional, deep debugging sessions, the CADETS project uses DTrace to bring total system transparency to both the operating system and the applications that are running on top of it. The use of "always-on tracing" pushes the DTrace system up to, and often, past its limits and shows how some of the original design tradeoffs need to be revisited to address the needs of our project. Our talk covers our current efforts to extend and improve the DTrace framework in FreeBSD, including performance and programming improvements to address the needs of always-on tracing as well as integration with FreeBSD's audit subsystem and the addition of machine-readable output for use by creators of downstream security-analysis tools.