BSDCan2017 - 0722d

BSDCan 2017
The Technical BSD Conference

Speakers
Brian Kidney
Schedule
Day Talks #1 - 9 June - 2017-06-09
Room DMS 1120
Start time 13:30
Duration 01:00
Info
ID 841
Event type Lecture
Track Plenary
Language used for presentation English

The Realities of DTrace on FreeBSD

For more than a year we have been using DTrace as one of the three core components of a security research project, CADETS. Unlike earlier users of DTrace, which were focused on occasional, deep debugging sessions, the CADETS project uses DTrace to bring total system transparency to both the operating system and the applications that are running on top of it. The use of "always-on tracing" pushes the DTrace system up to, and often, past its limits and shows how some of the original design tradeoffs need to be revisited to address the needs of our project. Our talk covers our current efforts to extend and improve the DTrace framework in FreeBSD, including performance and programming improvements to address the needs of always-on tracing as well as integration with FreeBSD's audit subsystem and the addition of machine-readable output for use by creators of downstream security-analysis tools.

This presentation is based upon the work of six authors: Jonathan Anderson, Graeme Jenkinson, Brian Kidney, George Neville-Neil, Amanda Strnad, Arun Thomas, and Robert Watson.

For more than a year we have been using DTrace as one of the three core components of a security research project, CADETS. Unlike earlier users of DTrace, which were focused on occasional, deep debugging sessions, the CADETS project uses DTrace to bring total system transparency to both the operating system and the applications that are running on top of it. The use of "always-on tracing" pushes the DTrace system up to, and often, past its limits and shows how some of the original design tradeoffs need to be revisited to address the needs of our project. Our talk covers our current efforts to extend and improve the DTrace framework in FreeBSD, including performance and programming improvements to address the needs of always-on tracing as well as integration with FreeBSD's audit subsystem and the addition of machine-readable output for use by creators of downstream security-analysis tools.