Automatic seccomp syscall policy generator

Develop a syscall policy generator based on inputs from an application syscall logger and with an output to seccomp based policy code.


  • Study the fundamentals of linux syscalls, tools for monitoring syscalls, berkeley packet filter and libseccomp.
  • Conduct research on intermediate representation of syscalls and optimizer of intermediate representation.
  • Based on the research, design the intermediate representation and provide an analysis of appropriate optimizers.
  • Implement tool which reads syscalls and translates it to the intermediate representation, optimizer of the inter. rep., translator from the inter. Repre. To a seccomp policy.
  • Evaluate implementation of this tool.
  • Suggest further improvements.


You must be logged in to perform this action!

Daniel Kopeček

Location: Brno