{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,8]],"date-time":"2025-09-08T06:36:45Z","timestamp":1757313405182,"version":"3.40.3"},"publisher-location":"Cham","reference-count":42,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031171451"},{"type":"electronic","value":"9783031171468"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-17146-8_8","type":"book-chapter","created":{"date-parts":[[2022,9,21]],"date-time":"2022-09-21T23:35:39Z","timestamp":1663803339000},"page":"145-166","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["SecQuant: Quantifying Container System Call Exposure"],"prefix":"10.1007","author":[{"given":"Sunwoo","family":"Jang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Somin","family":"Song","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Byungchul","family":"Tak","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sahil","family":"Suneja","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michael\u00a0V.","family":"Le","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chuan","family":"Yue","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dan","family":"Williams","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,9,22]]},"reference":[{"key":"8_CR1","unstructured":"Exploit Database. https:\/\/www.exploit-db.com. (Accessed 12 Oct 2021)"},{"key":"8_CR2","unstructured":"Project Zero. https:\/\/bugs.chromium.org\/p\/project-zero\/issues\/list. (Accessed 12 Oct 2021)"},{"key":"8_CR3","unstructured":"Abubakar, M., Ahmad, A., Fonseca, P., Xu, D.: Shard: Fine-grained kernel specialization with context-aware hardening. In: USENIX Security Symposium (2021)"},{"key":"8_CR4","unstructured":"Agache, A., et al.: Firecracker: Lightweight virtualization for serverless apps. In: NSDI 2020 (2020)"},{"key":"8_CR5","unstructured":"AWS: Lambda (2014). https:\/\/aws.amazon.com\/ko\/lambda\/. (Accessed Oct 2021)"},{"key":"8_CR6","unstructured":"Babar, A., Ramsey, B.: Understanding container isolation mechanisms for building security-sensitive private cloud. Technical Report CREST (2017)"},{"key":"8_CR7","doi-asserted-by":"crossref","unstructured":"Bernaschi, M., Gabrielli, E., Mancini, L.V.: Operating system enhancements to prevent the misuse of system calls. In: Proceedings of the 7th ACM Conference on Computer and Communications Security, p. 174\u2013183 (2000)","DOI":"10.1145\/352600.352624"},{"key":"8_CR8","unstructured":"Bulekov, A., Jahanshahi, R., Egele, M.: Saphire: sandboxing php applications with tailored system call allowlists. In: 30th USENIX Security Symposium (2021)"},{"key":"8_CR9","series-title":"Advances in Information Security","doi-asserted-by":"publisher","first-page":"263","DOI":"10.1007\/978-3-319-11391-3_13","volume-title":"Cyber Defense and Situational Awareness","author":"Y Cheng","year":"2014","unstructured":"Cheng, Y., Deng, J., Li, J., DeLoach, S.A., Singhal, A., Ou, X.: Metrics of security. In: Kott, A., Wang, C., Erbacher, R.F. (eds.) Cyber Defense and Situational Awareness. AIS, vol. 62, pp. 263\u2013295. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-11391-3_13"},{"key":"8_CR10","unstructured":"Cloud Hypervisor. https:\/\/github.com\/cloud-hypervisor\/cloud-hypervisor. (Accessed 12 Oct 2021)"},{"issue":"5","key":"8_CR11","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1109\/MCC.2016.100","volume":"3","author":"T Combe","year":"2016","unstructured":"Combe, T., Martin, A., Di Pietro, R.: To docker or not to docker: a security perspective. IEEE Cloud Comput. 3(5), 54\u201362 (2016)","journal-title":"IEEE Cloud Comput."},{"key":"8_CR12","unstructured":"CVE. https:\/\/cve.mitre.org. (Accessed 12 Oct 2021)"},{"key":"8_CR13","unstructured":"Firecracker. https:\/\/firecracker-microvm.github.io. (Accessed 22 June 2022)"},{"key":"8_CR14","unstructured":"Ghavamnia, S., Palit, T., Benameur, A., Polychronakis, M.: Confine: automated system call policy generation for container attack surface reduction. In: The 23rd International Symposium on Research in Attacks, Intrusions and Defenses (2020)"},{"key":"8_CR15","unstructured":"Ghavamnia, S., Palit, T., Mishra, S., Polychronakis, M.: Temporal system call specialization for attack surface reduction. In: USENIX Security Symposium (2020)"},{"key":"8_CR16","unstructured":"Google: Cloud Function (2016). https:\/\/cloud.google.com\/functions. (Accessed 10 Oct 2021)"},{"key":"8_CR17","unstructured":"gVisor. https:\/\/github.com\/google\/gvisor\/. (Accessed 17 May 2022)"},{"issue":"1","key":"8_CR18","first-page":"31","volume":"24","author":"P Hunt","year":"2003","unstructured":"Hunt, P., Hansman, S.: A taxonomy of network and computer attack methodologies. Comput. Secur. 24(1), 31\u201343 (2003)","journal-title":"Comput. Secur."},{"key":"8_CR19","unstructured":"IBM: IBM Cloud Functions (2016). https:\/\/cloud.ibm.com\/functions\/. (Accessed 10 Oct 2021)"},{"key":"8_CR20","unstructured":"Kata Containers. https:\/\/katacontainers.io\/. (Accessed 17 May 2022)"},{"key":"8_CR21","doi-asserted-by":"crossref","unstructured":"Kuenzer, S., et al.: Unikraft: fast, specialized unikernels the easy way. In: EuroSys (2021)","DOI":"10.1145\/3447786.3456248"},{"key":"8_CR22","doi-asserted-by":"crossref","unstructured":"Kuo, H.C., Williams, D., Koller, R., Mohan, S.: A linux in unikernel clothing. In: EuroSys (2020)","DOI":"10.1145\/3342195.3387526"},{"key":"8_CR23","unstructured":"Kurmus, A., et al.: Attack surface metrics and automated compile-time os kernel tailoring. In: NDSS (2013)"},{"key":"8_CR24","unstructured":"Li, Y., Dolan-Gavitt, B., Weber, S., Cappos, J.: Lock-in-pop: securing privileged operating system kernels by keeping on the beaten path. In: USENIX ATC (2017)"},{"key":"8_CR25","unstructured":"Lie, D., Satyanarayanan, M.: Quantifying the strength of security systems. In: USENIX HOTSEC (2007)"},{"key":"8_CR26","doi-asserted-by":"crossref","unstructured":"Lin, X., Lei, L., Wang, Y., Jing, J., Sun, K., Zhou, Q.: A measurement study on linux container security: Attacks and countermeasures. In: ACSAC (2018)","DOI":"10.1145\/3274694.3274720"},{"key":"8_CR27","doi-asserted-by":"crossref","unstructured":"Lopes, N., Martins, R., Correia, M.E., Serrano, S., Nunes, F.: Container hardening through automated seccomp profiling. In: Proceedings of the 2020 6th International Workshop on Container Technologies and Container Clouds, pp. 31\u201336 (2020)","DOI":"10.1145\/3429885.3429966"},{"key":"8_CR28","unstructured":"LTP: Linux Test Project. https:\/\/github.com\/linux-test-project\/ltp. (Accessed 12 Oct 2021)"},{"key":"8_CR29","doi-asserted-by":"crossref","unstructured":"Manco, F., et al.: My vm is lighter (and safer) than your container. In: Proceedings of the 26th Symposium on Operating Systems Principles (2017)","DOI":"10.1145\/3132747.3132763"},{"key":"8_CR30","doi-asserted-by":"crossref","unstructured":"Martin, A., Raponi, S., Combe, T., Pietro, R.D.: Docker ecosystem - vulnerability analysis. In: Computer Communications, vol. 122, pp. 30\u201343 (2018)","DOI":"10.1016\/j.comcom.2018.03.011"},{"key":"8_CR31","unstructured":"Microsoft: Azure Function. https:\/\/azure.microsoft.com\/en-us\/services\/functions\/"},{"key":"8_CR32","unstructured":"Nabla Containers: A new approach to Container Isolation. https:\/\/nabla-containers.github.io\/. (Accessed 12 Oct 2021)"},{"key":"8_CR33","doi-asserted-by":"crossref","unstructured":"Nayak, K., Marino, D., Efstathopoulos, P., Dumitra\u015f, T.: Some vulnerabilities are different than others. In: Workshop on Recent Advances in Intrusion Detection 2014 (2014)","DOI":"10.1007\/978-3-319-11379-1_21"},{"key":"8_CR34","doi-asserted-by":"crossref","unstructured":"Reshetova, E., Karhunen, J., Nyman, T., Asokan, N.: Security of os-level virtualization technologies: Technical report. Secure IT Systems (2014)","DOI":"10.1007\/978-3-319-11599-3_5"},{"key":"8_CR35","unstructured":"Suneja, S.: The choices we make: Impact of using host filesystem interface for secure containers (2018). https:\/\/nabla-containers.github.io\/2018\/11\/28\/fs\/"},{"key":"8_CR36","doi-asserted-by":"publisher","first-page":"52976","DOI":"10.1109\/ACCESS.2019.2911732","volume":"7","author":"S Sultan","year":"2019","unstructured":"Sultan, S., Ahmad, I., Dimitriou, T.: Container security: issues, challenges, and the road ahead. IEEE Access 7, 52976\u201352996 (2019)","journal-title":"IEEE Access"},{"key":"8_CR37","unstructured":"Syzkaller: Kernel Fuzzer. https:\/\/github.com\/google\/syzkaller. (Accessed Oct 2021)"},{"key":"8_CR38","doi-asserted-by":"crossref","unstructured":"Tunde-Onadele, O., Lin, Y., He, J., Gu, X.: Self-patch: Beyond patch tuesday for containerized applications. In: IEEE ACSOS (2020)","DOI":"10.1109\/ACSOS49614.2020.00022"},{"key":"8_CR39","doi-asserted-by":"crossref","unstructured":"Viktorsson, W., Klein, C., Tordsson, J.: Security-performance trade-offs of kubernetes container runtimes. In: IEEE MASCOTS (2020)","DOI":"10.1109\/MASCOTS50786.2020.9285946"},{"key":"8_CR40","doi-asserted-by":"crossref","unstructured":"Williams, D., Koller, R., Lucina, M., Prakash, N.: Unikernels as processes. In: Proceedings of the ACM Symposium on Cloud Computing, pp. 199\u2013211 (2018)","DOI":"10.1145\/3267809.3267845"},{"key":"8_CR41","unstructured":"Williams, D., Koller, R., Lum, B.: Say goodbye to virtualization for a safer cloud. In: 10th USENIX Workshop on Hot Topics in Cloud Computing (2018)"},{"key":"8_CR42","doi-asserted-by":"crossref","unstructured":"Wu, Y., Lei, L., Wang, Y., Sun, K., Meng, J.: Evaluation on the security of commercial cloud container services. In: ISC (2020)","DOI":"10.1007\/978-3-030-62974-8_10"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2022"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-17146-8_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,10,19]],"date-time":"2022-10-19T22:04:39Z","timestamp":1666217079000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-17146-8_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031171451","9783031171468"],"references-count":42,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-17146-8_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"22 September 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Copenhagen","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Denmark","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 September 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 September 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2022.compute.dtu.dk\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"562","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"104","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"6","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"19% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"12","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}