https://github.com/szsolt0/thesis

BSc thesis on Linux kernel sandboxing with Landlock & seccomp
https://github.com/szsolt0/thesis

bsc-thesis cpp gemakszd1-bp-b2 landlock linux linux-kernel resource-isolation sandbox seccomp seccomp-bpf seccomp-filter security syscall systems-programming

Last synced: 26 days ago
JSON representation

BSc thesis on Linux kernel sandboxing with Landlock & seccomp

• Host: GitHub
• URL: https://github.com/szsolt0/thesis
• Owner: szsolt0
• Created: 2025-09-28T23:51:46.000Z (3 months ago)
• Default Branch: master
• Last Pushed: 2025-10-06T20:08:34.000Z (3 months ago)
• Last Synced: 2025-10-06T22:12:10.027Z (3 months ago)
• Topics: bsc-thesis, cpp, gemakszd1-bp-b2, landlock, linux, linux-kernel, resource-isolation, sandbox, seccomp, seccomp-bpf, seccomp-filter, security, syscall, systems-programming
• Language: C++
• Homepage:
• Size: 2.93 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Bachelor Thesis

This repository contains the materials for my BSc thesis, including both the

written thesis and supporting codes.

- **Title:** Alkalmazásfejlesztői szintű erőforrás-izoláció a Linux kernelben:

  Landlock és seccomp szerepe és alkalmazása

- **Description:** The security of operating systems is of critical importance.

  This thesis examines how Landlock, BPF, and similar mechanisms contribute to

  making systems more secure. It also discusses the roles of SELinux and AppArmor.

  Through the study of specific applications and known vulnerabilities, the thesis

  demonstrates how these mechanisms work and, retrospectively, which past

  vulnerabilities could have been mitigated by their use. Additionally, the thesis

  presents the development of a custom library, designed with an API that

  prioritizes ease of use and convenience for secure software development.

- **Supervisor:** Károly Nehéz

# Thesis Scope

The thesis explores:

- Integration of Landlock and seccomp into software that may not yet use them.

- Real-world usage: how existing applications (e.g., Chromium) leverage these technologies.

- Comparison with other security frameworks: OpenBSD (`pledge`/`unveil`), SELinux, AppArmor.

- CVE analysis: evaluation of past vulnerabilities that could have been mitigated.

- API design and usability: creating a library to simplify secure software development in C++ or Rust.

- Performance and portability considerations: evaluating potential downsides or trade-offs.

## Repository Overview

This repository contains both the thesis and the supporting code:

- `thesis/` – LaTeX source files for the written thesis.

- `docs/` – Documentation related to the library and thesis.

- `code/` – All related code.

    - `examples/` – Various example programs.

    - `library/` – Implementation of the custom library.

        - `cpp/` – C++ version.

        - `rs/` – Rust version.

        - `common/` – Shared files used by both versions (e.g., list of syscall categories).