toe
Model checking the BPF verifier
a project by shunghsiyu
Project Description
BPF verifier plays a crucial role in securing the system (though less so now that unprivileged BPF is disabled by default in both upstream and SLES), and bugs in the verifier has lead to privilege escalation vulnerabilities in the past (e.g. CVE-2021-3490).
Predefined app security policy template for NeuVector
an idea by feih
Project Description
Idea is to predefine a set of security policies for popular container applications just for example MySQL, Nginx etc..., with these predefined security policies, users can just download unpack it to use. No need to worry too much about detailed security settings/configurations for this application container. The policies could be any policies that Kubernetes supported and/or NeuVector supported.
Port NeuVector zero-trust security functions to host/VM
an idea by feih
Project Description
Today, NeuVector only support container environment. It does a lot of security functions and many of those are actually not limited to only protect containers technically. Sometimes, we are seeing requests/asks about providing similar functions to protect servers & VMs. So, it is technically possible. Some of the zero-trust security protections are still pretty unique if we port it over to host/VM side. Welcome if you are interested to help and give it a try!
Looking for projects around:
securityActivity