DeepSec 2024 Talk: Living on the Edge: eBPF Defenses for Embedded System (in the Automotive Domain) – Reinhard Kugler (
Linux has become a driving factor in the industrial and automotive domain. Vehicles are already a complex network of electrical components. In recent years, the technology stack and connectivity of vehicles have drastically evolved. Is all this complexity still safe and secure?
How can embedded systems running different bus systems and physical interfaces be protected against modern attackers? The now mandatory updates of on-board components in these vehicles have introduced even new security challenges to this evolving landscape. Common Linux security measures, including capabilities, permissions, and mandatory access control, are already hitting their limits. Using eBPF technologies promises a flexible way to define security at runtime without the need to change the application code. Will this be as transformative for the embedded sector as it has been for the cloud?
This talk presents hands-on the internals of embedded security and shows how eBPF can be employed for defenses on automotive and embedded systems running Linux.
We asked Reinhard a few more questions about his talk.
Please tell us the top 5 facts about your talk.
The talk will outline
- current developments in modern cars and the pursue of the software defined vehicle.
- the use of Linux and containers in embedded systems (such as vehicles)
- security techniques in container security (like Docker, Kubernetes and runc)
- how to employ eBPF in the Kernel to extend security controls and observability in embedded systems (but also for the offense as a root-kit)
- summarize how modern container technologies and eBPF can create new ways to run and protect software (without additional appliances )
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
The talk is a confluence of my work on containers, embedded systems and eBPF. It started some years ago with experiments of securing IOT platforms, extended to container security on embedded systems and now is enriched with experiments with eBPF on embedded platforms. The spark was set as I disassembled my car to install my ARM-based car computer only to find out that car manufacturers are now doing the same.
Why do you think this is an important topic?
My professional work, such as security testing and trainings, is in all those areas above (Linux, Cloud, embedded systems, containers, eBPF). I see many companies struggle to understand and use all those areas in regard to security. I would like to promote some technologies and their internals that companies and individuals can come up with simpler solutions to engineer security.
Is there something you want everybody to know – some good advice for our readers, maybe?
Try to catch the train! Right now, there is a lot of movement in Linux-based embedded-, Cloud- and industrial IOT-systems. It seems the evolution in embedded and cyber-physical systems is happening and this adds a lot of technologies to understand.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?
The embedded domain, especially industrial and automotive, will transform to agile and CI/CD driven products and services – always on, periodic updates and app/feature based. This opens up many possibilities but also exposes technology to attackers, which have been in the shadows up to now.
Reinhard’s expertise centers on security testing of IT, industrial, and cyber-physical systems. Drawing from his background in cyber defense, reverse engineering and penetration testing, he collaborates with companies to enhance their security capabilities, develop secure products, and contribute to research projects in applied security. Reinhard is also a seasoned instructor, developing customized security training programs. As a member of the MATRIS research group at SBA Research, he provides Applied Research Consulting services to both research partners and industrial companies. He co-organizes meetups in the domains of automotive security, container security and eBPF.