Finding ways to make it easier and faster to mitigate an ongoing attack
against a Linux system at runtime is part of the motivation behind the
kernel runtime security instrumentation (KRSI) project. Its developer, KP
Singh, gave a presentation about the project at the
2019
Linux
Security Summit North America (LSS-NA), which was held in late August
in San Diego. A prototype of KRSI is implemented as a Linux security
module (LSM) that allows eBPF programs to be attached to the kernel’s
security hooks.

Source: LWN.net – [$] Kernel runtime security instrumentation