{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,8]],"date-time":"2026-03-08T22:37:07Z","timestamp":1773009427847,"version":"3.50.1"},"publisher-location":"Cham","reference-count":34,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030017002","type":"print"},{"value":"9783030017019","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-030-01701-9_26","type":"book-chapter","created":{"date-parts":[[2018,12,28]],"date-time":"2018-12-28T17:03:08Z","timestamp":1546016588000},"page":"471-490","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":9,"title":["CAVAS: Neutralizing Application and Container Security Vulnerabilities in the Cloud Native Era"],"prefix":"10.1007","author":[{"given":"Kennedy A.","family":"Torkura","sequence":"first","affiliation":[]},{"given":"Muhammad I. H.","family":"Sukmana","sequence":"additional","affiliation":[]},{"given":"Feng","family":"Cheng","sequence":"additional","affiliation":[]},{"given":"Christoph","family":"Meinel","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,12,29]]},"reference":[{"key":"26_CR1","doi-asserted-by":"publisher","first-page":"176","DOI":"10.1016\/j.jss.2015.06.063","volume":"123","author":"B Fitzgerald","year":"2017","unstructured":"Fitzgerald, B., Stol, K.-J.: Continuous software engineering: a roadmap and agenda. J. Syst. Softw. 123, 176\u2013189 (2017)","journal-title":"J. Syst. Softw."},{"key":"26_CR2","volume-title":"DevOpsSec Securing Software through Continuous Delivery","author":"J Bird","year":"2016","unstructured":"Bird, J.: DevOpsSec Securing Software through Continuous Delivery. O\u2019 Relliy Media Inc., Sebastopol (2016)"},{"key":"26_CR3","doi-asserted-by":"crossref","unstructured":"Rahman, A.A.U., Williams, L.: Software security in devops: synthesizing practitioners\u2019 perceptions and practices. In: Proceedings of the International Workshop on Continuous Software Evolution and Delivery (2016)","DOI":"10.1145\/2896941.2896946"},{"key":"26_CR4","unstructured":"Fielding, R.T., Taylor, R.N.: Architectural styles and the design of network-based software architectures, Ph.D. thesis (2000)"},{"key":"26_CR5","doi-asserted-by":"publisher","first-page":"195","DOI":"10.1007\/978-3-319-67425-4_12","volume-title":"Present and Ulterior Software Engineering","author":"N Dragoni","year":"2017","unstructured":"Dragoni, N., et al.: Microservices: yesterday, today, and tomorrow. In: Mazzara, M., Meyer, B. (eds.) Present and Ulterior Software Engineering, pp. 195\u2013216. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-67425-4_12"},{"key":"26_CR6","doi-asserted-by":"publisher","unstructured":"Souppaya, M., Morello, J. Scarfone, K.: Application container security guide (2017). https:\/\/doi.org\/10.6028\/NIST.SP.800-190","DOI":"10.6028\/NIST.SP.800-190"},{"key":"26_CR7","doi-asserted-by":"crossref","unstructured":"Torkura, K.A., Sukmana, M.I., Meinel, C.: Integrating continuous security assessments in microservices and cloud native applications. In: Proceedings of the 10th International Conference on Utility and Cloud Computing (2017)","DOI":"10.1145\/3147213.3147229"},{"key":"26_CR8","doi-asserted-by":"crossref","unstructured":"Scott, D., Sharp, R.: Abstracting application-level web security. In: Proceedings of the 11th International Conference on World Wide Web, pp. 396\u2013407. ACM (2002)","DOI":"10.1145\/511446.511498"},{"issue":"9","key":"26_CR9","doi-asserted-by":"publisher","first-page":"43","DOI":"10.1109\/2.708449","volume":"31","author":"R Oppliger","year":"1998","unstructured":"Oppliger, R.: Security at the internet layer. Computer 31(9), 43\u201347 (1998)","journal-title":"Computer"},{"key":"26_CR10","doi-asserted-by":"publisher","first-page":"397","DOI":"10.2307\/23044049","volume":"35","author":"P-Y Chen","year":"2011","unstructured":"Chen, P.-Y., Kataria, G., Krishnan, R.: Correlated failures, diversification, and information security risk management. MIS Q. 35, 397\u2013422 (2011)","journal-title":"MIS Q."},{"key":"26_CR11","unstructured":"Gummaraju, J., Desikan, T., Turner, Y.: Over 30% of official images in docker hub contain high priority security vulnerabilities. Technical report, BanyanOps (2015)"},{"key":"26_CR12","unstructured":"Combe, T., Martin, A., Di Pietro, R.: Containers: vulnerability analysis. Technical report, Nokia Bell Labs"},{"key":"26_CR13","doi-asserted-by":"crossref","unstructured":"Bila, N., Dettori, P., Kanso, A., Watanabe, Y., Youssef, A.: Leveraging the serverless architecture for securing linux containers. In: 2017 IEEE 37th International Conference on Distributed Computing Systems Workshops (ICDCSW) (2017)","DOI":"10.1109\/ICDCSW.2017.66"},{"key":"26_CR14","unstructured":"VMWare. Harbor. http:\/\/vmware.github.io\/harbor\/"},{"key":"26_CR15","unstructured":"Tak, B., Isci, C., Duri, S., Bila, N., Nadgowda, S., Doran, J.: Understanding security implications of using containers in the cloud. In: USENIX Annual Technical Conference (USENIX ATC 2017) (2017)"},{"key":"26_CR16","doi-asserted-by":"crossref","unstructured":"Zhang, M., Marino, D., Efstathopoulos, P.: Harbormaster: policy enforcement for containers. In: 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom) (2015)","DOI":"10.1109\/CloudCom.2015.96"},{"key":"26_CR17","first-page":"1","volume":"16","author":"N Antunes","year":"2016","unstructured":"Antunes, N., Vieira, M.: Designing vulnerability testing tools for web services: approach, components, and tools. Int. J. Inf. Secur. 16, 1\u201323 (2016)","journal-title":"Int. J. Inf. Secur."},{"issue":"5","key":"26_CR18","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1109\/MCC.2016.105","volume":"3","author":"C Esposito","year":"2016","unstructured":"Esposito, C., Castiglione, A., Choo, K.-K.R.: Challenges in delivering software in the cloud as microservices. IEEE Cloud Comput. 3(5), 10\u201314 (2016)","journal-title":"IEEE Cloud Comput."},{"key":"26_CR19","unstructured":"Thanh, T.Q., Covaci, S., Magedanz, T., Gouvas, P., Zafeiropoulos, A.: Embedding security and privacy into the development and operation of cloud applications and services. In: 2016 17th International Telecommunications Network Strategy and Planning Symposium (Networks). IEEE (2016)"},{"key":"26_CR20","doi-asserted-by":"crossref","unstructured":"Savchenko, D.I., Radchenko, G.I., Taipale, O.: Microservices validation: mjolnirr platform case study. In: 2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO) (2015)","DOI":"10.1109\/MIPRO.2015.7160271"},{"key":"26_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-319-60876-1_1","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"M Schwarz","year":"2017","unstructured":"Schwarz, M., Weiser, S., Gruss, D., Maurice, C., Mangard, S.: Malware guard extension: using SGX to conceal cache attacks. In: Polychronakis, M., Meier, M. (eds.) DIMVA 2017. LNCS, vol. 10327, pp. 3\u201324. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-60876-1_1"},{"key":"26_CR22","unstructured":"Wichers, D.: Owasp top-10 2013. OWASP Foundation, February 2013"},{"key":"26_CR23","unstructured":"Alliance, C.S.: Domain 4: complaince and audit management (2011). https:\/\/cloudsecurityalliance.org\/wp-content\/uploads\/2011\/09\/Domain-4.doc"},{"key":"26_CR24","doi-asserted-by":"crossref","unstructured":"Sun, Y., Nanda, S., Jaeger, T.: Security-as-a-service for microservices-based cloud applications. In: 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom) (2015)","DOI":"10.1109\/CloudCom.2015.93"},{"issue":"2","key":"26_CR25","doi-asserted-by":"publisher","first-page":"187","DOI":"10.1007\/s10515-013-0133-z","volume":"21","author":"M Almorsy","year":"2014","unstructured":"Almorsy, M., Grundy, J., Ibrahim, A.S.: Adaptable, model-driven security engineering for SaaS cloud-based applications. Autom. Softw. Eng. 21(2), 187\u2013224 (2014)","journal-title":"Autom. Softw. Eng."},{"issue":"1","key":"26_CR26","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.jnca.2010.07.006","volume":"34","author":"S Subashini","year":"2011","unstructured":"Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34(1), 1\u201311 (2011)","journal-title":"J. Netw. Comput. Appl."},{"key":"26_CR27","unstructured":"Davis, S.: Using the open API specification to find first and second order vulnerabilities in restful APIS (2016). https:\/\/2016.appsec.eu\/wp-content\/uploads\/2016\/07\/AppSecEU2016-Scott-Davis-Scanning-with-Swagger.pdf"},{"key":"26_CR28","unstructured":"Homer, A., Sharp, J., Brader, L., Narumoto, M., Swanson, T.: Cloud Design Patterns. Microsoft Press (2014)"},{"key":"26_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"218","DOI":"10.1007\/978-3-642-04474-8_18","volume-title":"Information Security","author":"S Roschke","year":"2009","unstructured":"Roschke, S., Cheng, F., Schuppenies, R., Meinel, C.: Towards unifying vulnerability information for attack graph construction. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 218\u2013233. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-04474-8_18"},{"key":"26_CR30","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"165","DOI":"10.1007\/978-981-10-7080-8_13","volume-title":"Trusted Computing and Information Security","author":"L Wang","year":"2017","unstructured":"Wang, L., Ma, R., Gao, H.R., Wang, X.J., Hu, C.Z.: Analysis of vulnerability correlation based on data fitting. In: Xu, M., Qin, Z., Yan, F., Fu, S. (eds.) CTCIS 2017. CCIS, vol. 704, pp. 165\u2013180. Springer, Singapore (2017). https:\/\/doi.org\/10.1007\/978-981-10-7080-8_13"},{"key":"26_CR31","doi-asserted-by":"crossref","unstructured":"Torkura, K.A., Meinel, C.: Towards cloud-aware vulnerability assessments. In: 2015 11th International Conference on Signal-Image Technology & Internet-Based Systems (SITIS) (2015)","DOI":"10.1109\/SITIS.2015.63"},{"key":"26_CR32","doi-asserted-by":"crossref","unstructured":"Torkura, K.A., Sukmana, M.I. Cheng, F., Meinel, C.: Leveraging cloud native design patterns for security-as-a-service applications. In: 2017 IEEE International Conference on Smart Cloud (SmartCloud) (2017)","DOI":"10.1109\/SmartCloud.2017.21"},{"key":"26_CR33","doi-asserted-by":"crossref","unstructured":"Bau, J. Bursztein, E., Gupta, D. Mitchell, J.: State of the art: automated black-box web application vulnerability testing. In: IEEE Symposium on Security and Privacy (SP), pp. 332\u2013345. IEEE (2010)","DOI":"10.1109\/SP.2010.27"},{"key":"26_CR34","volume-title":"Microservices: Flexible Software Architecture","author":"E Wolff","year":"2016","unstructured":"Wolff, E.: Microservices: Flexible Software Architecture. Addison-Wesley Professional, Boston (2016)"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Security and Privacy in Communication Networks"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-01701-9_26","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,11,13]],"date-time":"2019-11-13T06:19:36Z","timestamp":1573625976000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-01701-9_26"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783030017002","9783030017019"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-01701-9_26","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"value":"1867-8211","type":"print"},{"value":"1867-822X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"SecureComm","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Security and Privacy in Communication Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Singapore","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Singapore","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 August 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10 August 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"securecomm2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/securecomm.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}