BestHub
search
Sign in
Tag

seccomp

1 views collected around this technical thread.

AntTech
AntTech
Jul 18, 2023 · Information Security

HODOR: Shrinking the Attack Surface on Node.js via System Call Limitation

Researchers from Shanghai Jiao Tong University, Ant Security Light-Year Lab, and Zhejiang University present HODOR, a system that reduces the attack surface of Node.js applications by generating fine-grained system‑call allowlists using Seccomp, achieving an average 80% reduction in exploit surface with negligible runtime overhead.

Node.jsRuntime Protectionseccomp
0 likes · 12 min read
HODOR: Shrinking the Attack Surface on Node.js via System Call Limitation
DevOps
DevOps
Nov 1, 2018 · Information Security

Docker Security Features: Capabilities, Image Signing, AppArmor, Seccomp, User Namespaces and More

This article explains Docker's built‑in security mechanisms—including Linux kernel capabilities, image signing, AppArmor MAC, Seccomp syscall filtering, user namespaces, SELinux, PID limits and additional kernel hardening tools—provides configuration examples, command‑line demonstrations, and guidance on using them safely.

Container SecurityDockerLinux security
0 likes · 16 min read
Docker Security Features: Capabilities, Image Signing, AppArmor, Seccomp, User Namespaces and More
Hujiang Technology
Hujiang Technology
Sep 5, 2017 · Information Security

Understanding Android O seccomp Filters and Illegal System Calls

The article explains how Android O uses seccomp filters in the zygote process to block unused or dangerous system calls, how developers can detect and avoid illegal calls that cause crashes, and how to test or disable the filter on development builds.

AndroidKernelseccomp
0 likes · 6 min read
Understanding Android O seccomp Filters and Illegal System Calls