🐝 BPFBox 📦 Exploring process confinement in eBPF
bpfbox
is a policy enforcement engine written in eBPF to confine process access to security-sensitive system resources.
BPFBox is being replaced by BPFContain, a new confinement solution written in Rust using libbpf-rs.
Our research paper: https://www.cisl.carleton.ca/~will/written/conference/bpfbox-ccsw2020.pdf
bpfbox
is very much a research prototype at this stage. Not recommended for production use before version 1.0.0.
bin
directory in this repository./var/lib/bpfbox/policy
sudo bpfboxd
tail -f /var/log/bpfbox/bpfbox.log
If you would like to cite this work, we request that you use the following bibtex entry:
@inproceedings{findlay2020_bpfbox,
author = {Findlay, William and Somayaji, Anil and Barrera, David},
title = {{bpfbox: Simple Precise Process Confinement with eBPF}},
year = {2020},
isbn = {9781450380843},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
doi = {10.1145/3411495.3421358},
booktitle = {Proceedings of the 2020 ACM SIGSAC Conference on Cloud Computing Security Workshop},
pages = {91–103},
numpages = {13},
keywords = {ebpf, application confinement, access control, sandboxing, operating system security, linux},
location = {Virtual Event, USA},
series = {CCSW'20}
}