{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,18]],"date-time":"2025-10-18T00:32:58Z","timestamp":1760747578803,"version":"build-2065373602"},"publisher-location":"Cham","reference-count":58,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032078933","type":"print"},{"value":"9783032078940","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,10,18]],"date-time":"2025-10-18T00:00:00Z","timestamp":1760745600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,10,18]],"date-time":"2025-10-18T00:00:00Z","timestamp":1760745600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-07894-0_20","type":"book-chapter","created":{"date-parts":[[2025,10,17]],"date-time":"2025-10-17T19:07:04Z","timestamp":1760728024000},"page":"382-401","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["The Hidden Dangers of\u00a0Public Serverless Repositories: An Empirical Security Assessment"],"prefix":"10.1007","author":[{"given":"Eduard","family":"Marin","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jinwoo","family":"Kim","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alessio","family":"Pavoni","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mauro","family":"Conti","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Roberto","family":"Di Pietro","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,10,18]]},"reference":[{"key":"20_CR1","unstructured":"Access-Control-Allow-Origin header - HTTP - MDN Web Docs. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Reference\/Headers\/Access-Control-Allow-Origin#directives"},{"key":"20_CR2","unstructured":"Alibaba cloud function compute. https:\/\/www.alibabacloud.com\/en\/product\/function-compute?_p_lc=1"},{"key":"20_CR3","unstructured":"AWS CLI command reference. https:\/\/awscli.amazonaws.com\/v2\/documentation\/api\/latest\/reference\/lambda\/create-function.html"},{"key":"20_CR4","unstructured":"AWS CloudFormation. https:\/\/aws.amazon.com\/cloudformation\/"},{"key":"20_CR5","unstructured":"AWS Lambda. https:\/\/aws.amazon.com\/lambda\/"},{"key":"20_CR6","unstructured":"AWS SAM. https:\/\/aws.amazon.com\/serverless\/sam\/?nc1=h_ls"},{"key":"20_CR7","unstructured":"AWS serverless application repository. https:\/\/aws.amazon.com\/serverless\/serverlessrepo\/"},{"key":"20_CR8","unstructured":"Azure Microsoft. https:\/\/azure.microsoft.com\/en-us\/solutions\/serverless"},{"key":"20_CR9","unstructured":"Beautifulsoup. https:\/\/pypi.org\/project\/beautifulsoup4\/"},{"key":"20_CR10","unstructured":"Create your first containerized functions on Azure Container Apps. https:\/\/learn.microsoft.com\/en-us\/azure\/azure-functions\/functions-deploy-container-apps"},{"key":"20_CR11","unstructured":"Deploy a Cloud Function. https:\/\/cloud.google.com\/functions\/docs\/deploy"},{"key":"20_CR12","unstructured":"Deploy lambda functions with container images. https:\/\/docs.aws.amazon.com\/prescriptive-guidance\/latest\/patterns\/deploy-lambda-functions-with-container-images.html"},{"key":"20_CR13","unstructured":"Deploying lambda functions as .zip file archives. https:\/\/docs.aws.amazon.com\/lambda\/latest\/dg\/configuration-function-zip.html"},{"key":"20_CR14","unstructured":"Docker Hub. https:\/\/hub.docker.com\/"},{"key":"20_CR15","unstructured":"Ensure that lambda function permission has a source ARN specified. https:\/\/aquasecurity.github.io\/tfsec\/v1.0.0-rc.8\/checks\/aws\/lambda\/restrict-source-arn\/"},{"key":"20_CR16","unstructured":"GCP Cloud Run: serverless deployment. https:\/\/medium.com\/@109manojsaini\/serverless-deployment-cloud-run-3332c3817ef9"},{"key":"20_CR17","unstructured":"Github. https:\/\/github.com\/"},{"key":"20_CR18","unstructured":"Google cloud serverless. https:\/\/cloud.google.com\/solutions\/serverless?hl=en"},{"key":"20_CR19","unstructured":"Grype documentation. https:\/\/docs.anchore.com\/current\/docs\/"},{"key":"20_CR20","unstructured":"IBM Cloud Functions. https:\/\/www.ibm.com\/cloud\/functions"},{"key":"20_CR21","unstructured":"Identify AWS resources with amazon resource names (ARNs). https:\/\/docs.aws.amazon.com\/IAM\/latest\/UserGuide\/reference-arns.html"},{"key":"20_CR22","unstructured":"Red Hat Quay. https:\/\/quay.io\/"},{"key":"20_CR23","unstructured":"S3 encryption should use Customer Managed Keys. https:\/\/aquasecurity.github.io\/tfsec\/v1.6.2\/checks\/aws\/s3\/encryption-customer-key\/"},{"key":"20_CR24","unstructured":"Selenium. https:\/\/www.selenium.dev\/"},{"key":"20_CR25","unstructured":"Serverless framework plugins. https:\/\/www.serverless.com\/plugins\/"},{"key":"20_CR26","unstructured":"Terraform. https:\/\/developer.hashicorp.com\/terraform"},{"key":"20_CR27","unstructured":"Trivy - IaC. https:\/\/trivy.dev\/v0.19.2\/misconfiguration\/iac\/"},{"key":"20_CR28","unstructured":"Trivy documentation. https:\/\/aquasecurity.github.io\/trivy\/v0.44\/docs\/"},{"key":"20_CR29","unstructured":"Virustotal. https:\/\/www.virustotal.com\/"},{"key":"20_CR30","unstructured":"Zip deployment for azure functions. https:\/\/learn.microsoft.com\/en-us\/azure\/azure-functions\/deployment-zip-push"},{"key":"20_CR31","unstructured":"Cryptojacking invades cloud. How Modern Containerization Trend is Exploited by Attackers. https:\/\/threatpost.com\/malicious-docker-containers-earn-crypto-miners-90000\/132816\/ (2018)"},{"key":"20_CR32","unstructured":"Compare Trivy and Grype. https:\/\/gitlab.com\/gitlab-org\/gitlab\/-\/issues\/327174 (2021)"},{"key":"20_CR33","unstructured":"AWS Serverless application repository \u2013 FAQs and terms. https:\/\/aws.amazon.com\/serverless\/serverlessrepo\/faqs\/ (2023)"},{"key":"20_CR34","unstructured":"EleKtra-Leak Cryptojacking attacks exploit AWS IAM credentials exposed on GitHub (2023). https:\/\/thehackernews.com\/2023\/10\/elektra-leak-cryptojacking-attacks.html"},{"key":"20_CR35","unstructured":"Multiple false positive and false negative CVEs (2023). https:\/\/github.com\/aquasecurity\/trivy\/issues\/3010"},{"key":"20_CR36","unstructured":"Operation Red Kangaroo: industry\u2019s first dynamic analysis of 4M public docker container images (2023). https:\/\/www.algosec.com\/blog\/operation-red-kangaroo-industrys-first-dynamic-analysis-of-4m-public-docker-container-images"},{"key":"20_CR37","unstructured":"Stemming the tide of false positive vulnerabilities (2023). https:\/\/www.chainguard.dev\/unchained\/stemming-the-tide-of-false-positive-vulnerabilities"},{"key":"20_CR38","unstructured":"Why Chainguard uses Grype as its first line of defense for CVEs (2023). https:\/\/www.chainguard.dev\/unchained\/why-chainguard-uses-grype-as-its-first-line-of-defense-for-cves"},{"key":"20_CR39","unstructured":"Hacking serverless runtimes profiling lambda, azure, and more (2024). https:\/\/www.blackhat.com\/docs\/us-17\/wednesday\/us-17-Krug-Hacking-Severless-Runtimes.pdf"},{"key":"20_CR40","unstructured":"Using cross-origin resource sharing (CORS) (2024). https:\/\/docs.aws.amazon.com\/AmazonS3\/latest\/userguide\/cors.html"},{"issue":"12","key":"20_CR41","doi-asserted-by":"publisher","first-page":"44","DOI":"10.1145\/3368454","volume":"62","author":"P Castro","year":"2019","unstructured":"Castro, P., Ishakian, V., Muthusamy, V., Slominski, A.: The rise of serverless computing. Commun. ACM 62(12), 44\u201354 (2019)","journal-title":"Commun. ACM"},{"key":"20_CR42","unstructured":"Chen, J., et al.: We still don\u2019t have secure cross-domain requests: an empirical study of CORS. In: USENIX Security, pp. 1079\u20131093 (2018)"},{"key":"20_CR43","doi-asserted-by":"crossref","unstructured":"Dahlmanns, M., Sander, C., Decker, R., Wehrle, K.: Secrets revealed in container images: an internet-wide study on occurrence and impact. In: ASIACCS, pp. 797\u2013811 (2023)","DOI":"10.1145\/3579856.3590329"},{"key":"20_CR44","unstructured":"Datta, P., Polinsky, I., Inam, M.A., Bates, A., Enck, W.: ALASTOR: Reconstructing the provenance of serverless intrusions. In: USENIX Security, pp. 2443\u20132460 (2022)"},{"key":"20_CR45","doi-asserted-by":"crossref","unstructured":"Eskandani, N., Salvaneschi, G.: The wonderless dataset for serverless computing. In: MSR, pp. 565\u2013569 (2021)","DOI":"10.1109\/MSR52588.2021.00075"},{"key":"20_CR46","doi-asserted-by":"crossref","unstructured":"Franco, J., Acar, A., Aris, A., Uluagac, S.: Forensic analysis of cryptojacking in host-based docker containers using honeypots. In: ICC, pp. 4860\u20134865 (2023)","DOI":"10.1109\/ICC45041.2023.10278764"},{"key":"20_CR47","doi-asserted-by":"crossref","unstructured":"Haque, M.U., Babar, M.A.: Well begun is half done: an empirical study of exploitability and impact of base-image vulnerabilities (2021). https:\/\/arxiv.org\/abs\/2112.12597","DOI":"10.1109\/SANER53432.2022.00124"},{"key":"20_CR48","unstructured":"Jonas, E., et al.: Cloud programming simplified: a berkeley view on serverless computing (2019). http:\/\/arxiv.org\/abs\/1902.03383"},{"key":"20_CR49","doi-asserted-by":"crossref","unstructured":"Ladisa, P., Plate, H., Martinez, M., Barais, O.: SoK: Taxonomy of attacks on open-source software supply chains. In: S &P, pp. 1509\u20131526 (2023)","DOI":"10.1109\/SP46215.2023.10179304"},{"key":"20_CR50","unstructured":"Liu, G., Gao, X., Wang, H., Sun, K.: Exploring the unchartered space of container registry typosquatting. In: USENIX Security, pp. 35\u201351 (2022)"},{"key":"20_CR51","doi-asserted-by":"crossref","unstructured":"Liu, P., et al.: Understanding the security risks of docker hub. In: ESORICS, pp. 257\u2013276 (2020)","DOI":"10.1007\/978-3-030-58951-6_13"},{"key":"20_CR52","doi-asserted-by":"crossref","unstructured":"Marin, E., Perino, D., Di\u00a0Pietro, R.: Serverless computing: a security perspective. J. Cloud Comput. 11(1) (2022)","DOI":"10.1186\/s13677-022-00347-w"},{"key":"20_CR53","doi-asserted-by":"crossref","unstructured":"Schleier-Smith, J., et al.: What serverless computing is and should become: the next phase of cloud computing. Commun. ACM, pp. 76\u201384 (2021)","DOI":"10.1145\/3406011"},{"key":"20_CR54","doi-asserted-by":"crossref","unstructured":"Shu, R., Gu, X., Enck, W.: A study of security vulnerabilities on docker hub. In: CODASPY, pp. 269\u2013280 (2017)","DOI":"10.1145\/3029806.3029832"},{"key":"20_CR55","doi-asserted-by":"crossref","unstructured":"Wist, K., Helsem, M., Gligoroski, D.: Vulnerability analysis of 2500 docker hub images (2020). https:\/\/arxiv.org\/abs\/2006.02932","DOI":"10.1007\/978-3-030-71017-0_22"},{"issue":"2","key":"20_CR56","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s10664-020-09908-6","volume":"26","author":"A Zerouali","year":"2021","unstructured":"Zerouali, A., Mens, T., Decan, A., Gonzalez-Barahona, J., Robles, G.: A multi-dimensional analysis of technical lag in Debian-based Docker images. Empir. Softw. Eng. 26(2), 1\u201345 (2021). https:\/\/doi.org\/10.1007\/s10664-020-09908-6","journal-title":"Empir. Softw. Eng."},{"key":"20_CR57","doi-asserted-by":"crossref","unstructured":"Zerouali, A., Mens, T., Robles, G., Gonzalez-Barahona, J.M.: On the relation between outdated docker containers, severity vulnerabilities, and bugs. In: SANER, pp. 491\u2013501 (2019)","DOI":"10.1109\/SANER.2019.8668013"},{"key":"20_CR58","doi-asserted-by":"publisher","DOI":"10.1016\/j.scico.2021.102653","volume":"207","author":"A Zerouali","year":"2021","unstructured":"Zerouali, A., Mens, T., Roover, C.D.: On the usage of JavaScript, Python and Ruby packages in Docker Hub images. Sci. Comput. Program. 207, 102653 (2021)","journal-title":"Sci. Comput. Program."}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2025"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-07894-0_20","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,17]],"date-time":"2025-10-17T19:07:12Z","timestamp":1760728032000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-07894-0_20"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,18]]},"ISBN":["9783032078933","9783032078940"],"references-count":58,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-07894-0_20","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,10,18]]},"assertion":[{"value":"18 October 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Toulouse","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 September 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 September 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.esorics2025.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}