docs: Refine network isolation instructions, update the default model, and correct research paper publication years.

2026-02-12 14:42:46 +00:00 · 2026-02-03 17:48:30 +01:00
parent 40ad95f5e7
commit dbd2bbb2f8
1 changed files with 4 additions and 4 deletions
--- a/docs/Chapter_07_Lab_Setup_and_Environmental_Safety.md
+++ b/docs/Chapter_07_Lab_Setup_and_Environmental_Safety.md
@@ -90,7 +90,7 @@ Below is the logical topology for a standard isolated red team lab.

 At the system level, we rely on Linux namespaces and cgroups (in Docker) or hardware virtualization (in VMs) to contain the threat.

-1. **Network Namespaces:** We use `--net=internal` or similar flags to ensure the inference engine has no route to the internet. This prevents the model from "phoning home" or an agent from downloading external payloads.
+1. **Network Namespaces:** We use `--network none` or create an internal network with `docker network create --internal <name>` to ensure the inference engine has no route to the internet. This prevents the model from "phoning home" or an agent from downloading external payloads.
 2. **Resource Cgroups:** We strictly limit CPU cycles and memory. This prevents a "Denial of Service" attack where a model enters an infinite generation loop and freezes the host.
 3. **Read-Only Mounts:** The model weights themselves should always be mounted as Read-Only. An advanced attack vector involves an agent modifying its own weights or configuration files to persist a backdoor.

@@ -152,7 +152,7 @@ This setup script pulls a Docker image for vLLM, which provides a high-performan

 # Requirements: NVIDIA Driver, Docker, NVIDIA Container Toolkit

-MODEL="meta-llama/Meta-Llama-3-8B-Instruct"
+MODEL="casperhansen/llama-3-8b-instruct-awq"
 PORT=8000

 echo "[*] Pulling vLLM container..."
@@ -420,8 +420,8 @@ This setup allows testing **"Indirect Prompt Injection"**, where the Attacker po
 | Paper                                        | Year | Contribution                                                                                                                    |
 | :------------------------------------------- | :--- | :------------------------------------------------------------------------------------------------------------------------------ |
 | **"LLMSmith: A Tool for Investigating RCE"** | 2024 | Demonstrated "Code Escape" where prompt injection leads to Remote Code Execution in LLM frameworks [1].                         |
-| **"Whisper Leak: Side-channel attacks"**     | 2024 | Showed how network traffic patterns (packet size/timing) can leak the topic of LLM prompts even over encrypted connections [2]. |
-| **"SandboxEval"**                            | 2024 | Introduced a benchmark for evaluating the security of sandboxes against code generated by LLMs [3].                             |
+| **"Whisper Leak: Side-channel attacks"**     | 2025 | Showed how network traffic patterns (packet size/timing) can leak the topic of LLM prompts even over encrypted connections [2]. |
+| **"SandboxEval"**                            | 2025 | Introduced a benchmark for evaluating the security of sandboxes against code generated by LLMs [3].                             |

 ### Current Research Gaps