PhD Extending the Linux kernel with safe user programs – F/M

Job title:

PhD Extending the Linux kernel with safe user programs – F/M

Company:

Orange

Job description

about the roleThe Linux kernel offers a privileged observation position that allows to collect data related to running applications and their underlying infrastructure. The kernel also offers an ideal observation point for both network and system activities that any application running within a telecom platform can have. The eBPF (extended Berkeley Packet Filter) sandboxing paradigm has revolutionized network management practices by allowing the execution of user space programs written in high level languages at the kernel level. The eBPF technology includes several components such as helpers, maps, and the verifier. All these eBPF elements allow user space programs to have extensive access to kernel functions while offering safety guarantees.In recent years, several network and system management services have exploited the programmability offered by eBPF to endow infrastructures with native supervision, tracing, and security services. Running the eBPF programs at the kernel level ensures high performance and strong visibility into applications activity. However, the critical role played by the kernel makes it necessary to restrict the programs that a user can execute. The component responsible for verifying the safety of eBPF programs is the eBPF verifier that ensures that any program to be executed by the kernel will terminate and will not cause a system crash. This has the consequence of significantly reducing the expressiveness offered by eBPF by limiting certain programming mechanisms such as variable-sized loops, or the number of instructions a given program can execute. These limits hinder the development of security applications, such as HTTP parsers and TLS connection handlers.The objective of this PhD Thesis is to reconsider the design of program verification as implemented by the eBPF verifier to improve the robustness of verification on one hand and increase the expressiveness of programs on the other.It is expected that the results of the PhD thesis will include a comparative evaluation of the verification choices adopted by the Linux community with the state of the art in formal verification and the so-called safe programming languages such as Rust. The objective is to propose an improvement in the usability of the eBPF infrastructure. A secondary result of the thesis would be to reduce the reliance on helpers (Linux kernel functions).

about youTechnical Skills– Operating system design– Programming Language Theory– Formal Verification– Kernel programming– C programmingadditional informationThe subject of this PhD work is a hot topic with high expectations from the industry (OSDI 2020, KubeCon2024, Kernel Recipes 2023, etc.) . The results of this work can help to push the boundaries of the eBPF domain and give raise to the development of new eBPF services.departmentOrange Innovation brings together the research and innovation activities and expertise of the Group’s entities and countries. We work every day to ensure that Orange is recognized as an innovative operator by its customers and we create value for the Group and the Brand in each of our projects. With 720 researchers, thousands of marketers, developers, designers and data analysts, it is the expertise of our 6,000 employees that fuels this ambition every day.Orange Innovation anticipates technological breakthroughs and supports the Group’s countries and entities in making the best technological choices to meet the needs of our consumer and business customers. The team hosting this thesis makes a significant contribution to enhancing the security of Orange’s mobile networks, with a focus on authentication and the application of AI (Artificial Intelligence) techniques for threat/attack/fraud detection and security monitoring (events, logs, incidents, etc.).contractThesis

Expected salary

Location

Châtillon, Hauts-de-Seine

Job date

Fri, 05 Jul 2024 22:36:24 GMT

To help us track our recruitment effort, please indicate in your email/cover letter where (vacanciesineu.com) you saw this job posting.