shamedgh / confineLinks
This tool set can generate SECCOMP profiles for Docker images. It mainly relies on static analysis, making its results more reliable than currently available tools.
☆67Updated 3 years ago
Alternatives and similar repositories for confine
Users that are interested in confine are comparing it to the libraries listed below
Sorting:
- Linux Kernel Runtime Integrity with eBPF☆183Updated last year
- bpflock - eBPF driven security for locking and auditing Linux machines☆150Updated 3 years ago
- BPFContain is a container security daemon for GNU/Linux leveraging the power and safety of eBPF and Rust.☆59Updated 3 years ago
- This repository contains the source code related to the research paper titled "Temporal System Call Specialization for Attack Surface Red…☆37Updated 10 months ago
- A process level network security monitoring and enforcement project for Kubernetes, using eBPF☆44Updated 5 years ago
- ☆465Updated 3 months ago
- Lind: Secure Lightweight Adaptive Isolation☆32Updated 2 months ago
- ☆23Updated last year
- Fuzz Introspector -- introspect, extend and optimise fuzzers☆432Updated 2 weeks ago
- Trace deep kernel events through eBPF and lsm hooks☆39Updated 4 years ago
- A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and o…☆78Updated last week
- Linux Security Hardening for Confidential Compute☆68Updated last year
- 🐝 BPFBox 📦 Exploring process confinement in eBPF☆105Updated last year
- [USENIX SECURITY'19] PeX: A Permission Check Analysis Framework for Linux Kernel☆77Updated 3 years ago
- fuzzing framework based on libfuzzer and clang sanitizer☆167Updated 6 years ago
- ✨🔐 CNCF Fuzzers☆127Updated last month
- ☆13Updated 3 years ago
- find relevant security papers published in the top-4 conferences (S&P, USENIX, CCS, NDSS)☆189Updated last year
- Lightweight fuzzing of a memory snapshot using KVM☆462Updated last year
- This repository is used to analysis the shared resources of different containers☆31Updated 11 months ago
- Example BPF program with LSM hooks☆33Updated 4 years ago
- ☆180Updated last year
- Trace system calls from Docker containers running on the system☆32Updated 2 years ago
- FitM, the Fuzzer in the Middle, can fuzz client and server binaries at the same time using userspace snapshot-fuzzing and network emulati…☆291Updated 3 years ago
- Kasper: Scanning for Generalized Transient Execution Gadgets in the Linux Kernel☆58Updated last year
- The public dataset in the paper "PatchDB: A Large-Scale Security Patch Dataset". This paper appears in the 51st Annual IEEE/IFIP Interna…☆43Updated last year
- eBPF - extended Berkeley Packet Filter tooling☆124Updated 3 years ago
- Vault Exploit Defense☆129Updated last year
- KernJC: Automated Vulnerable Environment Generation for Linux Kernel Vulnerabilities | 🏆 Best Practical Paper Award of RAID 2024☆73Updated 2 months ago
- OSS-Fuzz vulnerabilities for OSV.☆162Updated this week