{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,4,23]],"date-time":"2025-04-23T05:51:11Z","timestamp":1745387471318,"version":"3.40.3"},"publisher-location":"Cham","reference-count":41,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030629731"},{"type":"electronic","value":"9783030629748"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-62974-8_10","type":"book-chapter","created":{"date-parts":[[2020,11,24]],"date-time":"2020-11-24T13:10:38Z","timestamp":1606223438000},"page":"160-177","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Evaluation on the Security of Commercial Cloud Container Services"],"prefix":"10.1007","author":[{"given":"Yifei","family":"Wu","sequence":"first","affiliation":[]},{"given":"Lingguang","family":"Lei","sequence":"additional","affiliation":[]},{"given":"Yuewu","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Kun","family":"Sun","sequence":"additional","affiliation":[]},{"given":"Jingzi","family":"Meng","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,11,25]]},"reference":[{"unstructured":"Apparmor security profiles for docker. https:\/\/docs.docker.com\/engine\/security\/apparmor\/","key":"10_CR1"},{"unstructured":"The linux kernel archives. https:\/\/www.kernel.org","key":"10_CR2"},{"unstructured":"National vulnerability database. https:\/\/nvd.nist.gov\/","key":"10_CR3"},{"unstructured":"Supervisor mode execution prevention. https:\/\/en.wikipedia.org\/wiki\/Control_register#SMEP","key":"10_CR4"},{"unstructured":"Cve-2016-2384 (2016). https:\/\/xairy.github.io\/blog\/2016\/cve-2016-2384","key":"10_CR5"},{"unstructured":"Cgroup$$\\_$$namespaces-overview of linux cgroup namespaces (2017). https:\/\/www.man7.org\/linux\/man-pages\/man7\/cgroup_namespaces.7.html","key":"10_CR6"},{"unstructured":"Aws fargate (2018). https:\/\/aws.amazon.com\/fargate","key":"10_CR7"},{"unstructured":"Overview of linux capabilities (2018). http:\/\/man7.org\/linux\/man-pages\/man7\/capabilities.7.html","key":"10_CR8"},{"unstructured":"Overview of linux namespaces (2018). http:\/\/man7.org\/linux\/man-pages\/man7\/namespaces.7.html","key":"10_CR9"},{"unstructured":"Seccomp security profiles for docker (2018). https:\/\/docs.docker.com\/engine\/security\/seccomp\/","key":"10_CR10"},{"unstructured":"What is docker (2018). https:\/\/www.docker.com\/what-docker","key":"10_CR11"},{"unstructured":"Google kubernetes engine (2019). https:\/\/cloud.google.com\/kubernetes-engine\/","key":"10_CR12"},{"unstructured":"Intel transactional synchronization extensions (intel tsx) overview (2019). https:\/\/software.intel.com\/en-us\/cpp-compiler-developer-guide-and-reference-intel-transactional-synchronization-extensions-intel-tsx-overview","key":"10_CR13"},{"unstructured":"Red hat bugzilla (2019). https:\/\/bugzilla.redhat.com\/","key":"10_CR14"},{"unstructured":"Authors, T.K.: Production-grade container orchestration (2018). https:\/\/kubernetes.io\/","key":"10_CR15"},{"unstructured":"Babar, M.A., Ramsey, B.: Understanding container isolation mechanisms for building security-sensitive private cloud. Technical Report, CREST, University of Adelaide, Adelaide, Australia (2017)","key":"10_CR16"},{"issue":"5","key":"10_CR17","doi-asserted-by":"publisher","first-page":"164","DOI":"10.1145\/1165389.945462","volume":"37","author":"P Barham","year":"2003","unstructured":"Barham, P., et al.: Xen and the art of virtualization. SIGOPS Oper. Syst. Rev. 37(5), 164\u2013177 (2003)","journal-title":"SIGOPS Oper. Syst. Rev."},{"issue":"3","key":"10_CR18","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1109\/MCC.2014.51","volume":"1","author":"D Bernstein","year":"2014","unstructured":"Bernstein, D.: Containers and cloud: from LXC to docker to kubernetes. IEEE Cloud Comput. 1(3), 81\u201384 (2014)","journal-title":"IEEE Cloud Comput."},{"unstructured":"Bui, T.: Analysis of docker security. CoRR abs\/1501.02967 (2015)","key":"10_CR19"},{"unstructured":"Corbet, J.: Supervisor mode access prevention (2012). https:\/\/lwn.net\/Articles\/517475\/","key":"10_CR20"},{"unstructured":"Edge, J.: Kernel address space layout randomization (2013), https:\/\/lwn.net\/Articles\/569635\/","key":"10_CR21"},{"unstructured":"Gao, X., Gu, Z., Kayaalp, M., Pendarakis, D., Wang, H.: Containerleaks: emerging security threats of information leakages in container clouds. In: 47th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks, DSN 2017, Denver, CO, USA, June 26\u201329, 2017. pp. 237\u2013248 (2017)","key":"10_CR22"},{"doi-asserted-by":"crossref","unstructured":"Hund, R., Willems, C., Holz, T.: Practical timing side channel attacks against kernel space ASLR. In: 2013 IEEE Symposium on Security and Privacy, pp. 191\u2013205, May 2013","key":"10_CR23","DOI":"10.1109\/SP.2013.23"},{"unstructured":"Jang, Y., Lee, S., Kim, T.: Breaking kernel address space layout randomization with intel TSX. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24\u201328, 2016, pp. 380\u2013392 (2016)","key":"10_CR24"},{"unstructured":"Jian, Z., Chen, L.: A defense method against docker escape attack. In: Proceedings of the 2017 International Conference on Cryptography, Security and Privacy, ICCSP 2017, Wuhan, China, March 17\u201319, 2017, pp. 142\u2013146 (2017)","key":"10_CR25"},{"doi-asserted-by":"crossref","unstructured":"Kedrowitsch, A., Yao, D.D., Wang, G., Cameron, K.: A first look: Using linux containers for deceptive honeypots. In: Proceedings of the 2017 Workshop on Automated Decision Making for Active Cyber Defense, pp. 15\u201322. ACM (2017)","key":"10_CR26","DOI":"10.1145\/3140368.3140371"},{"doi-asserted-by":"crossref","unstructured":"Lin, X., Lei, L., Wang, Y., Jing, J., Sun, K., Zhou, Q.: A measurement study on linux container security: attacks and countermeasures. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 418\u2013429. ACSAC 2018, ACM, New York, NY, USA (2018)","key":"10_CR27","DOI":"10.1145\/3274694.3274720"},{"unstructured":"Ltd, C.: Lxc introduction (2018). https:\/\/linuxcontainers.org\/lxc\/introduction\/","key":"10_CR28"},{"key":"10_CR29","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1016\/j.comcom.2018.03.011","volume":"122","author":"A Martin","year":"2018","unstructured":"Martin, A., Raponi, S., Combe, T., Pietro, R.D.: Docker ecosystem - vulnerability analysis. Comput. Commun. 122, 30\u201343 (2018)","journal-title":"Comput. Commun."},{"unstructured":"McCarty, B.: Selinux: Nsa\u2019s open source security enhanced linux, vol. 238. O\u2019Reilly (2005). http:\/\/www.oreilly.de\/catalog\/selinux\/index.html","key":"10_CR30"},{"unstructured":"$$\\acute{A}$$ngel Mendoza, M.: Vulnerabilities reached a historic peak in 2017 (2018). https:\/\/www.welivesecurity.com\/2018\/02\/05\/vulnerabilities-reached-historic-peak-2017\/","key":"10_CR31"},{"issue":"239","key":"10_CR32","first-page":"2","volume":"2014","author":"D Merkel","year":"2014","unstructured":"Merkel, D.: Docker: lightweight linux containers for consistent development and deployment. Linux J. 2014(239), 2 (2014)","journal-title":"Linux J."},{"unstructured":"Mouat, A.: Docker security using containers safely in production (2015). https:\/\/www.oreilly.com\/content\/docker-security\/","key":"10_CR33"},{"unstructured":"Pahl, C., Brogi, A., Soldani, J., Jamshidi, P.: Cloud container technologies: a state-of-the-art review. In: IEEE Transactions on Cloud Computing (2017)","key":"10_CR34"},{"unstructured":"Qumranet, A., Qumranet, Y., Qumranet, D., Qumranet, U., Liguori, A.: KVM: the linux virtual machine monitor. In: Proceedings Linux Symposium, vol. 15 (2007)","key":"10_CR35"},{"unstructured":"Reports, H.C.R.: Containers as a service market research report - global forecast 2023 (2019). https:\/\/www.marketresearchfuture.com\/reports\/containers-as-a-service-market-4611","key":"10_CR36"},{"key":"10_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1007\/978-3-319-11599-3_5","volume-title":"Secure IT Systems","author":"E Reshetova","year":"2014","unstructured":"Reshetova, E., Karhunen, J., Nyman, T., Asokan, N.: Security of OS-Level virtualization technologies. In: Bernsmed, K., Fischer-H\u00fcbner, S. (eds.) NordSec 2014. LNCS, vol. 8788, pp. 77\u201393. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-11599-3_5"},{"unstructured":"Sconway: Kubernetes continues to move from development to production (2017). https:\/\/www.cncf.io\/blog\/2017\/12\/06\/cloud-native-technologies-scaling-production-applications\/","key":"10_CR38"},{"unstructured":"SecurityFocus: Securityfocus (2019). https:\/\/www.securityfocus.com\/","key":"10_CR39"},{"unstructured":"Stoler, N.: How i hacked play-with-docker and remotely ran code on the host (2019). https:\/\/www.cyberark.com\/threat-research-blog\/how-i-hacked-play-with-docker-and-remotely-ran-code-on-the-host\/","key":"10_CR40"},{"unstructured":"Vertical, horizontal data: Inventory of cyber security vulnerabilities in 2017: The number of vulnerabilities has grown unprecedentedly and may occur at all levels (2017), https:\/\/news.zoneidc.com\/679.html","key":"10_CR41"}],"container-title":["Lecture Notes in Computer Science","Information Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-62974-8_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,12,7]],"date-time":"2020-12-07T00:05:34Z","timestamp":1607299534000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-62974-8_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030629731","9783030629748"],"references-count":41,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-62974-8_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"25 November 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ISC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bali","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Indonesia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 December 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 December 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"isw2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/isc2020.petra.ac.id\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"87","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"23","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"26% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}