Thesis Details

Automatic Seccomp Syscall Policy Generator

Bachelor's Thesis Student: Tamaškovič Marek Academic Year: 2017/2018 Supervisor: Holíková Lenka, Ing.
Czech title
Automatický generátor politiky systémového volání

This thesis deals with design and implementation of the tool which transforms a system call log into a policy that limits the system call usage in operating system GNU Linux. The motivation raised as a need for automatic creation such policies. In this thesis, we dealt with the intermediate data structure that represents the system call log. We dealt with simplification of the data structure on which were used optimization algorithms. The first implemented algorithm was minimax and the other was clustering algorithm DBSCAN. In the last part of the thesis, the testing methods are described. We tested the particular modules and the whole tool as a unit. During the testing, issuesthat prevent from complex testing, arised.


seccomp, libseccomp, strace, optimizer, clustering, C++, policy generator, system calls, executable binaries limitations, catch2, american fuzzy lop, fuzzying

Degree Programme
Information Technology
defended, grade B
22 August 2018
Hruška Tomáš, prof. Ing., CSc. (DIFS FIT BUT), předseda
Dytrych Jaroslav, Ing., Ph.D. (DCGM FIT BUT), člen
Křena Bohuslav, Ing., Ph.D. (DITS FIT BUT), člen
Rogalewicz Adam, doc. Mgr., Ph.D. (DITS FIT BUT), člen
Růžička Richard, doc. Ing., Ph.D., MBA (DCSY FIT BUT), člen
TAMAŠKOVIČ, Marek. Automatic Seccomp Syscall Policy Generator. Brno, 2018. Bachelor's Thesis. Brno University of Technology, Faculty of Information Technology. 2018-08-22. Supervised by Holíková Lenka. Available from:
    author = "Marek Tama\v{s}kovi\v{c}",
    type = "Bachelor's thesis",
    title = "Automatic Seccomp Syscall Policy Generator",
    school = "Brno University of Technology, Faculty of Information Technology",
    year = 2018,
    location = "Brno, CZ",
    language = "english",
    url = ""
Back to top