{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,18]],"date-time":"2025-10-18T00:33:30Z","timestamp":1760747610698,"version":"build-2065373602"},"publisher-location":"Cham","reference-count":55,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032078933","type":"print"},{"value":"9783032078940","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,10,18]],"date-time":"2025-10-18T00:00:00Z","timestamp":1760745600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,10,18]],"date-time":"2025-10-18T00:00:00Z","timestamp":1760745600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-07894-0_3","type":"book-chapter","created":{"date-parts":[[2025,10,17]],"date-time":"2025-10-17T19:07:19Z","timestamp":1760728039000},"page":"43-63","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["No Root, No Problem: Automating Linux Least Privilege and\u00a0Securing Ansible Deployments"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5292-3008","authenticated-orcid":false,"given":"Eddie","family":"Billoir","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0943-6180","authenticated-orcid":false,"given":"Romain","family":"Laborde","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4265-7743","authenticated-orcid":false,"given":"Daniele","family":"Canavese","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-7365-2105","authenticated-orcid":false,"given":"Yves","family":"R\u00fctschl\u00e9","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1611-2870","authenticated-orcid":false,"given":"Ahmad Samer","family":"Wazan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8236-8690","authenticated-orcid":false,"given":"Abdelmalek","family":"Benzekri","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,10,18]]},"reference":[{"key":"3_CR1","unstructured":"Ansible project: Homepage | Ansible Collaborative (2024). https:\/\/www.ansible.com\/"},{"key":"3_CR2","unstructured":"Assaraf, A.: 1\/6 | How We Hacked Multi-Billion Dollar Companies in 30 Minutes Using a Fake VSCode Extension (Oct 2024). https:\/\/medium.com\/extensiontotal\/the-story-of-extensiontotal-how-we-hacked-the-vscode-marketplace-5c6e66a0e9d7"},{"key":"3_CR3","unstructured":"Ball, D.G.V., Deborah: mass leak of client data rattles swiss banking. Wall Street J. (2010)"},{"key":"3_CR4","unstructured":"Belanger, A.: Ex-Ubiquiti engineer behind \u201cbreathtaking\u201d data theft gets 6-year prison term (May 2023). https:\/\/arstechnica.com\/tech-policy\/2023\/05\/ex-ubiquiti-engineer-behind-breathtaking-data-theft-gets-6-year-prison-term\/"},{"key":"3_CR5","doi-asserted-by":"publisher","unstructured":"Billoir, E.e.a.: Implementing the principle of least privilege using linux capabilities: challenges and perspectives. In: 2023 7th Cyber Security in Networking Conference (CSNet), pp. 130\u2013136. IEEE, Montreal, QC, Canada (Oct 2023). https:\/\/doi.org\/10.1109\/CSNet59123.2023.10339753, https:\/\/ieeexplore.ieee.org\/document\/10339753\/","DOI":"10.1109\/CSNet59123.2023.10339753"},{"key":"3_CR6","doi-asserted-by":"publisher","unstructured":"Billoir, E., et al.: Implementing the principle of least administrative privilege on operating systems: challenges and perspectives. Annals Telecommun. 79(11), 857\u2013880 (2024). https:\/\/doi.org\/10.1007\/s12243-024-01033-5","DOI":"10.1007\/s12243-024-01033-5"},{"key":"3_CR7","unstructured":"Boehs, E.: Everything I know about the XZ backdoor. https:\/\/boehs.org\/node\/everything-i-know-about-the-xz-backdoor"},{"key":"3_CR8","doi-asserted-by":"crossref","unstructured":"Carter, M.K.: Techniques to approach least privilege. IDPro Body of Knowledge 1(9) (2022)","DOI":"10.55621\/idpro.88"},{"key":"3_CR9","unstructured":"Homepage. https:\/\/www.cyberark.com\/"},{"key":"3_CR10","unstructured":"Highlights of ESA rules and regulations. https:\/\/www.esa.int\/About_Us\/Law_at_ESA\/Highlights_of_ESA_rules_and_regulations"},{"key":"3_CR11","doi-asserted-by":"publisher","unstructured":"Ferraiolo, D.F., et al.: Proposed nist standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4(3), 224 274 (2001).https:\/\/doi.org\/10.1145\/501978.501980, https:\/\/doi.org\/10.1145\/501978.501980","DOI":"10.1145\/501978.501980"},{"key":"3_CR12","unstructured":"Foundation, T.T.: trifectatechfoundation\/sudo-rs, https:\/\/github.com\/trifectatechfoundation\/sudo-rs, original-date: 2022-12-12T16:40:01Z"},{"key":"3_CR13","unstructured":"Dbus. https:\/\/www.freedesktop.org\/wiki\/Software\/dbus\/"},{"key":"3_CR14","unstructured":"Goldman, I., Kadkoda, Y.: Can You Trust Your VSCode Extensions? - Aqua Security. https:\/\/www.aquasec.com\/blog\/can-you-trust-your-vscode-extensions\/ (Jan 2023)"},{"key":"3_CR15","unstructured":"G\u00f6ttsche, C.: Security: Keys: Perform capable check only on privileged operations $$\\cdot $$ torvalds\/linux@2d7f105. https:\/\/github.com\/torvalds\/linux\/commit\/2d7f105edbb3b2be5ffa4d833abbf9b69-65e9ce7"},{"key":"3_CR16","doi-asserted-by":"publisher","unstructured":"Haber, M.J.: Just in time. In: Privileged Attack Vectors, pp. 285\u2013294. Apress, Berkeley, CA (2020). https:\/\/doi.org\/10.1007\/978-1-4842-5914-6_21","DOI":"10.1007\/978-1-4842-5914-6_21"},{"key":"3_CR17","doi-asserted-by":"publisher","unstructured":"Haber, M.J.: Privileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organizations. Apress, Berkeley, CA (2020). https:\/\/doi.org\/10.1007\/978-1-4842-5914-6, http:\/\/link.springer.com\/10.1007\/978-1-4842-5914-6","DOI":"10.1007\/978-1-4842-5914-6"},{"key":"3_CR18","unstructured":"Technical overview - IBM Documentation. https:\/\/www.ibm.com\/docs\/en\/sig-and-i\/5.2.3?topic=overview-technical"},{"key":"3_CR19","unstructured":"Instruction interminist rielle relative la protection des syst mes d\u2019informations sensibles - l gifrance"},{"key":"3_CR20","unstructured":"iovisor: Github project: Iovisor\/bcc (Jan 2025). https:\/\/github.com\/iovisor\/bcc"},{"issue":"1","key":"3_CR21","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1109\/MC.2003.1160055","volume":"36","author":"J Kephart","year":"2003","unstructured":"Kephart, J., Chess, D.: The vision of autonomic computing. Computer 36(1), 41\u201350 (2003). https:\/\/doi.org\/10.1109\/MC.2003.1160055","journal-title":"Computer"},{"key":"3_CR22","unstructured":"LeChatP: LeChatP\/RaR-perf. https:\/\/github.com\/LeChatP\/RaR-perf"},{"key":"3_CR23","unstructured":"LeChatP: LeChatP\/rootasansible. https:\/\/github.com\/LeChatP\/RootAsAnsible"},{"key":"3_CR24","unstructured":"LeChatP: Github project: LeChatP\/RootAsRole (Jan 2025). https:\/\/github.com\/LeChatP\/RootAsRole"},{"key":"3_CR25","unstructured":"tursodatabase\/limbo (Apr 2025). https:\/\/github.com\/tursodatabase\/limbo"},{"key":"3_CR26","unstructured":"Landlock(7) - Linux manual page. https:\/\/www.man7.org\/linux\/man-pages\/man7\/landlock.7.html"},{"key":"3_CR27","unstructured":"Namespaces(7) - Linux manual page. https:\/\/www.man7.org\/linux\/man-pages\/man7\/namespaces.7.html"},{"key":"3_CR28","unstructured":"capabilities(7). https:\/\/man7.org\/linux\/man-pages\/man7\/capabilities.7.html"},{"key":"3_CR29","unstructured":"namespaces(7) - linux manual page. https:\/\/www.man7.org\/linux\/man-pages\/man7\/namespaces.7.html"},{"issue":"9","key":"3_CR30","doi-asserted-by":"publisher","first-page":"541","DOI":"10.1016\/S0950-5849(02)00067-8","volume":"44","author":"L Lopriore","year":"2002","unstructured":"Lopriore, L.: Access privilege management in protection systems. Inf. Softw. Technol. 44(9), 541\u2013549 (2002). https:\/\/doi.org\/10.1016\/S0950-5849(02)00067-8","journal-title":"Inf. Softw. Technol."},{"key":"3_CR31","doi-asserted-by":"publisher","unstructured":"Lorch, M.e.a.: The prima system for privilege management, authorization and enforcement in grid environments. In: Proceedings. First Latin American Web Congress, pp. 109\u2013116 (Nov 2003). https:\/\/doi.org\/10.1109\/GRID.2003.1261705","DOI":"10.1109\/GRID.2003.1261705"},{"key":"3_CR32","unstructured":"Nakamura, Y.: Writing eBPF Kprobe Program with Rust Aya (Sep 2024)"},{"key":"3_CR33","unstructured":"Directive (EU) 2022\/2555 of the European Parliament and of the Council (Dec 2022). http:\/\/data.europa.eu\/eli\/dir\/2022\/2555\/oj\/eng"},{"key":"3_CR34","unstructured":"Okta Privileged Access | Okta. https:\/\/www.okta.com\/products\/privileged-access\/"},{"key":"3_CR35","unstructured":"Open Policy Agent. https:\/\/www.openpolicyagent.org\/"},{"key":"3_CR36","unstructured":"SUSE Manager Documentation :\u00a0: SUSE Manager Documentation. https:\/\/documentation.suse.com\/suma\/4.3\/en\/suse-manager\/index.html#_what_is_suse_manager"},{"key":"3_CR37","unstructured":"PARLIAMENT T.E. UNION, T.C.O.T.E: Regulation (EU) 2016\/679 of the European Parliament and of the Council (Apr 2016). http:\/\/data.europa.eu\/eli\/reg\/2016\/679\/oj\/eng, legislative Body: EP, CONSIL"},{"key":"3_CR38","unstructured":"PARLIAMENT, T.E, UNION, T.C.O.T.E: Regulation (EU) 2021\/821 of the European Parliament and of the Council (May 2021). http:\/\/data.europa.eu\/eli\/reg\/2021\/821\/oj\/eng, legislative Body: CONSIL, EP"},{"key":"3_CR39","unstructured":"PARLIAMENT, T.E, UNION, T.C.O.T.E: Regulation (eu) 2024\/2847 of the european parliament and of the council (Nov 2024). https:\/\/eur-lex.europa.eu\/eli\/reg\/2024\/2847\/oj"},{"key":"3_CR40","unstructured":"Commission Delegated Regulation (EU) 2021\/2223 (Sep 2021). http:\/\/data.europa.eu\/eli\/reg_del\/2021\/2223\/oj\/eng, legislative Body: COM, HOME"},{"key":"3_CR41","unstructured":"Polkit-org\/polkit (Jan 2025). https:\/\/github.com\/polkit-org\/polkit"},{"key":"3_CR42","unstructured":"Qeole: Answer to \"eBPF - difference between loading, attaching, and linking?\" (Jul 2021)"},{"key":"3_CR43","unstructured":"8.3.8.\u00a0Allowing Access: Audit2allow | Red Hat Product Documentation. https:\/\/docs.redhat.com\/en\/documentation\/red_hat_enterprise_linux\/6\/html\/-security-enhanced_linux\/sect-security-enhanced _linux-fixing_problems-allowing_access_audit2allow"},{"key":"3_CR44","unstructured":"Red Hat Ansible Automation Platform. https:\/\/www.redhat.com\/en\/technologies\/ management\/ansible"},{"issue":"9","key":"3_CR45","doi-asserted-by":"publisher","first-page":"1278","DOI":"10.1109\/PROC.1975.9939","volume":"63","author":"J Saltzer","year":"1975","unstructured":"Saltzer, J., Schroeder, M.: The protection of information in computer systems. Proc. IEEE 63(9), 1278\u20131308 (1975). https:\/\/doi.org\/10.1109\/PROC.1975.9939","journal-title":"Proc. IEEE"},{"key":"3_CR46","unstructured":"SELinux Wiki. https:\/\/selinuxproject.org\/page\/Main_Page"},{"key":"3_CR47","unstructured":"Strace. https:\/\/strace.io\/"},{"key":"3_CR48","unstructured":"System and Service Manager. https:\/\/systemd.io\/"},{"key":"3_CR49","unstructured":"aa-genprof - profile generation utility for AppArmor. https:\/\/manpages.ubuntu.com\/manpages\/oracular\/en\/man8\/aa-genprof.8.html"},{"key":"3_CR50","unstructured":"Apparmor [Wiki ubuntu-fr]. https:\/\/doc.ubuntu-fr.org\/apparmor"},{"key":"3_CR51","unstructured":"2024 Data Breach Investigations Report, https:\/\/www.verizon.com\/business\/resources\/reports\/dbir\/"},{"key":"3_CR52","unstructured":"Vitard, A.: Un ancien RSSI suspect\u00e9 d\u2019\u00eatre \u00e0 l\u2019origine de la cyberattaque du groupe de sant\u00e9 Hospi Grand Ouest. Digitale, Usine (Dec (2024)"},{"key":"3_CR53","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"196","DOI":"10.1007\/978-3-030-78120-0_13","volume-title":"ICT Systems Security and Privacy Protection","author":"AS Wazan","year":"2021","unstructured":"Wazan, A.S., Chadwick, D.W., Venant, R., Laborde, R., Benzekri, A.: RootAsRole: towards a secure alternative to sudo\/su commands for\u00a0home users and SME administrators. In: J\u00f8sang, A., Futcher, L., Hagen, J. (eds.) SEC 2021. IAICT, vol. 625, pp. 196\u2013209. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-78120-0_13"},{"key":"3_CR54","doi-asserted-by":"publisher","unstructured":"Wazan, A.S., et al.: RootAsRole: a security module to manage the administrative privileges for Linux. Comput. Sec., 102983 (2022). https:\/\/doi.org\/10.1016\/j.cose.2022.102983, https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167404822003753","DOI":"10.1016\/j.cose.2022.102983"},{"key":"3_CR55","doi-asserted-by":"publisher","unstructured":"Zhou, J., et al.: Automatic permission check analysis for linux kernel. IEEE Trans. Dependable Sec. Comput. 20(3), 1849\u20131866 (2023). https:\/\/doi.org\/10.1109\/TDSC.2022.3165368","DOI":"10.1109\/TDSC.2022.3165368"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2025"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-07894-0_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,17]],"date-time":"2025-10-17T19:07:27Z","timestamp":1760728047000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-07894-0_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,18]]},"ISBN":["9783032078933","9783032078940"],"references-count":55,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-07894-0_3","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,10,18]]},"assertion":[{"value":"18 October 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"There are no competing interests.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Disclosure of Interests"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Toulouse","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 September 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 September 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.esorics2025.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}