Automatic Seccomp Syscall Policy Generator

Abstract:

This thesis deals with design and implementation of the tool which transforms a system call log into a policy that limits the system call usage in operating system GNU Linux. The motivation raised as a need for automatic creation such policies. In this thesis, we dealt with the intermediate data structure that represents the system call log. We dealt with simplification of the data structure on which were used optimization algorithms. The first implemented algorithm was minimax and the other was clustering algorithm DBSCAN. In the last part of the thesis, the testing methods are described. We tested the particular modules and the whole tool as a unit. During the testing, issuesthat prevent from complex testing, arised.

Student:

Tamaškovič Marek

Consultant:

Daniel Kopeček

Leader:

Turoňová Lenka

University:

FIT VUT

Link on thesis:

https://www.fit.vut.cz/study/thesis/21219/