GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → willfindlay → bpfbox

willfindlay / bpfbox

Licence: GPL-3.0 license
🐝 BPFBox 📦 Exploring process confinement in eBPF

Programming Languages

c
50402 projects - #5 most used programming language
python
139335 projects - #7 most used programming language
Makefile
30231 projects

Labels

linuxsecuritysandboxlinux-kernelebpfbccruntime-security

Projects that are alternatives of or similar to bpfbox

ebpfkit-monitor
ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits
Stars: ✭ 80 (-13.98%)
Mutual labels:  linux-kernel, ebpf, runtime-security
ebpfkit
ebpfkit is a rootkit powered by eBPF
Stars: ✭ 472 (+407.53%)
Mutual labels:  linux-kernel, ebpf, runtime-security
sockdump
Dump unix domain socket traffic with bpf
Stars: ✭ 160 (+72.04%)
Mutual labels:  ebpf, bcc
el7-bpf-specs
RPM specs for building bpf related tools on CentOS 7
Stars: ✭ 38 (-59.14%)
Mutual labels:  ebpf, bcc
Bpftrace
High-level tracing language for Linux eBPF
Stars: ✭ 4,526 (+4766.67%)
Mutual labels:  ebpf, bcc
rbbcc
BCC port for MRI - this is unofficial bonsai project.
Stars: ✭ 45 (-51.61%)
Mutual labels:  ebpf, bcc
uprobe-http-tracer
uprobe-based HTTP tracer for Go binaries
Stars: ✭ 45 (-51.61%)
Mutual labels:  ebpf, bcc
lmp
LMP is a supermarket
Stars: ✭ 228 (+145.16%)
Mutual labels:  ebpf, bcc
ipftrace
[Deplicated] Now we have more sophisticated (and compact) implementation in ipftrace2 repository. Please check it as well.
Stars: ✭ 60 (-35.48%)
Mutual labels:  linux-kernel, ebpf
kernel new features
一个深挖 Linux 内核的新功能特性,以 io_uring, cgroup, ebpf, llvm 为代表,包含开源项目,代码案例,文章,视频,架构脑图等
Stars: ✭ 1,094 (+1076.34%)
Mutual labels:  linux-kernel, ebpf
Ebpf exporter
Prometheus exporter for custom eBPF metrics
Stars: ✭ 829 (+791.4%)
Mutual labels:  linux-kernel, ebpf
Polycube
eBPF/XDP-based software framework for fast network services running in the Linux kernel.
Stars: ✭ 217 (+133.33%)
Mutual labels:  linux-kernel, ebpf
portablebpf
You came here so you could have a base code to serve you as an example on how to develop a BPF application, compatible to BCC and/or LIBBPF, specially LIBBPF, having the userland part made in C or PYTHON.
Stars: ✭ 32 (-65.59%)
Mutual labels:  linux-kernel, ebpf
Ipftrace2
A packet oriented Linux kernel function call tracer
Stars: ✭ 193 (+107.53%)
Mutual labels:  linux-kernel, ebpf
lkm-sandbox
Collection of Linux Kernel Modules and PoC to discover, learn and practice Linux Kernel Development
Stars: ✭ 36 (-61.29%)
Mutual labels:  sandbox, linux-kernel
Pafish
Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do
Stars: ✭ 2,026 (+2078.49%)
Mutual labels:  sandbox
Vm2
Advanced vm/sandbox for Node.js
Stars: ✭ 2,738 (+2844.09%)
Mutual labels:  sandbox
Mba
Malware Behavior Analyzer
Stars: ✭ 125 (+34.41%)
Mutual labels:  sandbox
Groovy Sandbox
(Deprecated) Compile-time transformer to run Groovy code in a restrictive sandbox
Stars: ✭ 104 (+11.83%)
Mutual labels:  sandbox
Firecracker
Secure and fast microVMs for serverless computing.
Stars: ✭ 16,826 (+17992.47%)
Mutual labels:  sandbox
View All Similar Projects ➔

🐝 bpfbox 📦

bpfbox is a policy enforcement engine written in eBPF to confine process access to security-sensitive system resources.

bpfbox is EOL

BPFBox is being replaced by BPFContain, a new confinement solution written in Rust using libbpf-rs.

Links

Our research paper: https://www.cisl.carleton.ca/~will/written/conference/bpfbox-ccsw2020.pdf

Disclaimer

bpfbox is very much a research prototype at this stage. Not recommended for production use before version 1.0.0.

Roadmap / TODO

  • Implement auto attachment of uprobes/kprobes for process state
  • Fully implement the uprobe/kprobe support in the policy language (see below)
  • Re-visit policy langugage
    • Move to yaml / rego?
  • Document final version of policy language
  • Add more unit tests / document code coverage

Requirements

  1. Linux 5.8+ compiled with at least CONFIG_BPF=y, CONFIG_BPF_SYSCALL=y, CONFIG_BPF_JIT=y, CONFIG_TRACEPOINTS=y, CONFIG_BPF_LSM=y, CONFIG_DEBUG_INFO=y, CONFIG_DEBUG_INFO_BTF=y, CONFIG_LSM="bpf". pahole >= 0.16 must be installed for the kernel to be built with BTF info.
  2. Either the latest version of bcc from https://github.com/iovisor/bcc or bcc version 0.16+. If building from source, be sure to include -DPYTHON_CMD=python3 in your the cmake flags
  3. Python 3.8+

Installation

  • Coming soon, for now just run from the bin directory in this repository.

Usage

  1. Install policy files in /var/lib/bpfbox/policy
  2. Run the daemon using sudo bpfboxd
  3. Inspect audit logs with tail -f /var/log/bpfbox/bpfbox.log

Citation

If you would like to cite this work, we request that you use the following bibtex entry:

@inproceedings{findlay2020_bpfbox,
    author    = {Findlay, William and Somayaji, Anil and Barrera, David},
    title     = {{bpfbox: Simple Precise Process Confinement with eBPF}},
    year      = {2020},
    isbn      = {9781450380843},
    publisher = {Association for Computing Machinery},
    address   = {New York, NY, USA},
    doi       = {10.1145/3411495.3421358},
    booktitle = {Proceedings of the 2020 ACM SIGSAC Conference on Cloud Computing Security Workshop},
    pages     = {91–103},
    numpages  = {13},
    keywords  = {ebpf, application confinement, access control, sandboxing, operating system security, linux},
    location  = {Virtual Event, USA},
    series    = {CCSW'20}
}
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].