This framework can generate Seccomp profiles for Docker images to harden container and reduce the Linux kernel attack surface available to the container. The general goal is to remove functionalities not required by containers by performing static analysis.

While you can find a more complete and thorough description of how Confine works by reading our paper, we have summarized some of the most important points in this section. Read more...

You can find the list of applications required to run Confine, along with their relevant installation commands in this section. Read more...

The user guide provides a general overview of how to run different parts of the toolchain and to generate the results provided in the paper. Read more...

We also provide a step-by-step guide which walks you through running Confine for a single Docker image, explaining what to expect in each of the program execution. Read more...

Please consider citing our paper if you found our tool set useful.

@inproceedings{confineraid20,
year={2020},
booktitle={Proceedings of the International Conference on Research in Attacks,
Intrusions, and Defenses (RAID)},
title={Confine: Automated System Call Policy Generation for Container Attack
Surface Reduction},
author={Ghavamnia, Seyedhamed and Palit, Tapti and Benameur, Azzedine and
Polychronakis, Michalis}
}