Thesis Details
Automatic Seccomp Syscall Policy Generator
This thesis deals with design and implementation of the tool which transforms a system call log into a policy that limits the system call usage in operating system GNU Linux. The motivation raised as a need for automatic creation such policies. In this thesis, we dealt with the intermediate data structure that represents the system call log. We dealt with simplification of the data structure on which were used optimization algorithms. The first implemented algorithm was minimax and the other was clustering algorithm DBSCAN. In the last part of the thesis, the testing methods are described. We tested the particular modules and the whole tool as a unit. During the testing, issuesthat prevent from complex testing, arised.
seccomp, libseccomp, strace, optimizer, clustering, C++, policy generator, system calls, executable binaries limitations, catch2, american fuzzy lop, fuzzying
Dytrych Jaroslav, Ing., Ph.D. (DCGM FIT BUT), člen
Křena Bohuslav, Ing., Ph.D. (DITS FIT BUT), člen
Rogalewicz Adam, doc. Mgr., Ph.D. (DITS FIT BUT), člen
Růžička Richard, doc. Ing., Ph.D., MBA (DCSY FIT BUT), člen
@bachelorsthesis{FITBT21219,
author = "Marek Tama\v{s}kovi\v{c}",
type = "Bachelor's thesis",
title = "Automatic Seccomp Syscall Policy Generator",
school = "Brno University of Technology, Faculty of Information Technology",
year = 2018,
location = "Brno, CZ",
language = "english",
url = "https://www.fit.vut.cz/study/thesis/21219/"
}