Confine: Automated System Call Policy Generation for Container Attack Surface Reduction

Confine overview figure About Confine

While you can find a more complete and thorough description of how Confine works by reading our paper, we have summarized some of the most important points in this section. Read more...

Installation icon Installation Guide

You can find the list of applications required to run Confine, along with their relevant installation commands in this section. Read more...

User guide icon User Guide

The user guide provides a general overview of how to run different parts of the toolchain and to generate the results provided in the paper. Read more...

step by step icon Step-by-Step Guide

We also provide a step-by-step guide which walks you through running Confine for a single Docker image, explaining what to expect in each of the program execution. Read more...

step by step icon Extra

This exercise can be used after following the step-by-step guide which provdes less specific details on how to harden a Docker image. Read more...