FotisLouk / docker-sec
Automatic AppArmor management for Docker containers
☆15Updated last year
Related projects: ⓘ
- This tool set can generate SECCOMP profiles for Docker images. It mainly relies on static analysis, making its results more reliable than…☆62Updated 2 years ago
- ☆11Updated 8 years ago
- BPFContain is a container security daemon for GNU/Linux leveraging the power and safety of eBPF and Rust.☆55Updated 2 years ago
- ebpH (Extended BPF Process Homeostasis) monitors process behavior on your system to establish normal behavioral patterns. ebpH reports an…☆40Updated last year
- Confidential Containers Shim Firmware☆91Updated this week
- Process-based Confidential Container Runtime☆74Updated this week
- Generates kernel patch for CamFlow Linux Provenance Capture.☆27Updated 7 months ago
- A library OS for Linux multi-process applications, with Intel TDX support (experimental)☆15Updated last month
- ☆33Updated last week
- 🐝 BPFBox 📦 Exploring process confinement in eBPF☆98Updated 8 months ago
- bpflock - eBPF driven security for locking and auditing Linux machines☆136Updated 2 years ago
- libsinsp, libscap, the kernel module driver, and the eBPF driver sources☆224Updated this week
- Modified musl libc for SGX-LKL☆13Updated 3 years ago
- Kubernetes Device Plugin for Intel SGX☆67Updated last year
- ☆20Updated last week
- A lightweight eBPF-based Monitor tool:run ebpf as a service!☆57Updated 2 years ago
- Ratel - a new framework for instruction-level interposition on enclaved applications☆21Updated last year
- Contextualizing System Calls in Containers for Anomaly-Based Intrusion Detection - CCSW'22☆19Updated last year
- ☆34Updated this week
- Documentation for the confidential containers project☆73Updated last year
- RATS architecture based TLS using librats☆28Updated 5 months ago
- Trace system calls from Docker containers running on the system☆31Updated last year
- Confidential Containers Community☆176Updated this week
- Jinzhao Disk (JinDisk) is a log-structured secure block device for TEEs. This repo is JinDisk's Linux version.☆37Updated last year
- Derived from CAT-SGX and elf-respect: Practical and Efficient in-Enclave Verification of Privacy Compliance☆41Updated 2 years ago
- AMD SEV Tool☆79Updated last year
- Administrative utility for AMD SEV☆41Updated last week
- SPADE: Support for Provenance Auditing in Distributed Environments☆166Updated 2 weeks ago
- bouheki is KRSI(eBPF+LSM) based Linux security auditing tool.☆82Updated last year
- A secure container runtime with CRI/OCI interface☆317Updated this week