{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,16]],"date-time":"2026-07-16T21:40:53Z","timestamp":1784238053027,"version":"3.55.0"},"publisher-location":"Cham","reference-count":54,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319608754","type":"print"},{"value":"9783319608761","type":"electronic"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-60876-1_11","type":"book-chapter","created":{"date-parts":[[2017,6,3]],"date-time":"2017-06-03T12:00:34Z","timestamp":1496491234000},"page":"230-251","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":44,"title":["SPEAKER: Split-Phase Execution of Application Containers"],"prefix":"10.1007","author":[{"given":"Lingguang","family":"Lei","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jianhua","family":"Sun","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Kun","family":"Sun","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Chris","family":"Shenefiel","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Rui","family":"Ma","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yuewu","family":"Wang","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Qi","family":"Li","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2017,6,4]]},"reference":[{"key":"11_CR1","unstructured":"CVE-2016-9793 Detail. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2016-9793"},{"key":"11_CR2","unstructured":"Docker. https:\/\/www.docker.com\/"},{"key":"11_CR3","unstructured":"Docker Datacenter. https:\/\/www.docker.com\/products\/docker-datacenter"},{"key":"11_CR4","unstructured":"PostgreSQL 9.5.3. http:\/\/www.postgresql.org\/docs\/current\/static\/sql-commands.html"},{"key":"11_CR5","unstructured":"Seccomp security profiles for Docker. https:\/\/github.com\/docker\/docker\/blob\/master\/docs\/security\/seccomp.md"},{"key":"11_CR6","unstructured":"SECure COMPuting with filters. https:\/\/www.kernel.org\/doc\/Documentation\/prctl\/seccomp_filter.txt"},{"key":"11_CR7","unstructured":"Vulnerability summary for CVE-2014-9357. https:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2014-9357"},{"key":"11_CR8","unstructured":"AWS: Amazon EC2 container service. https:\/\/aws.amazon.com\/ecs\/"},{"key":"11_CR9","doi-asserted-by":"crossref","unstructured":"Bacis, E., Mutti, S., Capelli, S., Paraboschi, S.: DockerPolicyModules: mandatory access control for docker containers. In: 2015 IEEE Conference on Communications and Network Security (CNS), pp. 749\u2013750. IEEE (2015)","DOI":"10.1109\/CNS.2015.7346917"},{"key":"11_CR10","unstructured":"Bernaschi, M., Gabrielli, E., Mancini, L.V.: Enhancements to the Linux kernel for blocking buffer overflow based attacks. In: Annual Linux Showcase & Conference (2000)"},{"issue":"1","key":"11_CR11","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1145\/2723872.2723882","volume":"49","author":"C Boettiger","year":"2015","unstructured":"Boettiger, C.: An introduction to docker for reproducible research. ACM SIGOPS Oper. Syst. Rev. 49(1), 71\u201379 (2015)","journal-title":"ACM SIGOPS Oper. Syst. Rev."},{"key":"11_CR12","unstructured":"Bruno, L.: Libseccomp: an enhanced seccomp (mode 2) helper library. https:\/\/github.com\/seccomp\/libseccomp"},{"key":"11_CR13","unstructured":"Bruno, L.: rkt - app container runtime. https:\/\/github.com\/coreos\/rkt"},{"key":"11_CR14","unstructured":"Bui, T.: Analysis of docker security. arXiv preprint arXiv:1501.02967 (2015)"},{"key":"11_CR15","unstructured":"Oracle Corporation: Mysql 5.7 reference manual. http:\/\/dev.mysql.com\/doc\/refman\/5.7\/en\/tutorial.html"},{"key":"11_CR16","unstructured":"Garfinkel, T., Pfaff, B., Rosenblum, M., et al.: Ostia: a delegating architecture for secure system call interposition. In: NDSS (2004)"},{"key":"11_CR17","unstructured":"Garfinkel, T., et al.: Traps and pitfalls: practical problems in system call interposition based security tools. In: NDSS. vol. 3, pp. 163\u2013176 (2003)"},{"key":"11_CR18","unstructured":"Giffin, J.T., Jha, S., Miller, B.P.: Detecting manipulated remote call streams. In: USENIX Security Symposium, pp. 61\u201379 (2002)"},{"key":"11_CR19","unstructured":"Google: Container engine on Google cloud platform. https:\/\/cloud.google.com\/container-engine\/"},{"key":"11_CR20","unstructured":"Hallyn, S.E., Morgan, A.G.: Linux capabilities: making them work. In: Linux Symposium, vol. 8 (2008)"},{"key":"11_CR21","unstructured":"Helsley, M.: LXC: Linux container tools. IBM devloperWorks Technical Library (2009)"},{"key":"11_CR22","unstructured":"Red Hat Inc.: Red Hat OpenShift Container Platform. https:\/\/www.openshift.com\/enterprise\/trial.html"},{"key":"11_CR23","doi-asserted-by":"publisher","first-page":"432","DOI":"10.1109\/TSE.1984.5010256","volume":"4","author":"J Jachner","year":"1984","unstructured":"Jachner, J., Agarwal, V.K.: Data flow anomaly detection. IEEE Trans. Softw. Eng. 4, 432\u2013437 (1984)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"11_CR24","volume-title":"The Unified Software Development Process","author":"I Jacobson","year":"1999","unstructured":"Jacobson, I., Booch, G., Rumbaugh, J., Rumbaugh, J., Booch, G.: The Unified Software Development Process, vol. 1. Addison-Wesley, Reading (1999)"},{"key":"11_CR25","unstructured":"Kamp, P.H., Watson, R.N.: Jails: confining the omnipotent root. In: The 2nd International SANE Conference, vol. 43, p. 116 (2000)"},{"key":"11_CR26","unstructured":"Kim, T., Zeldovich, N.: Practical and effective sandboxing for non-root users. In: USENIX Annual Technical Conference, pp. 139\u2013144 (2013)"},{"key":"11_CR27","unstructured":"Kruegel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Automating mimicry attacks using static binary analysis. In: Proceedings of the 14th Conference on USENIX Security Symposium, p. 11. USENIX Association (2005)"},{"key":"11_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"326","DOI":"10.1007\/978-3-540-39650-5_19","volume-title":"Computer Security \u2013 ESORICS 2003","author":"C Kruegel","year":"2003","unstructured":"Kruegel, C., Mutz, D., Valeur, F., Vigna, G.: On the detection of anomalous system call arguments. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 326\u2013343. Springer, Heidelberg (2003). doi: 10.1007\/978-3-540-39650-5_19"},{"key":"11_CR29","doi-asserted-by":"crossref","unstructured":"Kurmus, A., Sorniotti, A., Kapitza, R.: Attack surface reduction for commodity OS kernels: trimmed garden plants may attract less bugs. In: Proceedings of the Fourth European Workshop on System Security, p. 6. ACM (2011)","DOI":"10.1145\/1972551.1972557"},{"key":"11_CR30","unstructured":"Kurmus, A., Tartler, R., Dorneanu, D., Heinloth, B., Rothberg, V., Ruprecht, A., Schr\u00f6der-Preikschat, W., Lohmann, D., Kapitza, R.: Attack surface metrics and automated compile-time OS kernel tailoring. In: NDSS (2013)"},{"key":"11_CR31","unstructured":"Lee, K.H., Zhang, X., Xu, D.: High accuracy attack provenance via binary-based execution partition. In: NDSS (2013)"},{"key":"11_CR32","doi-asserted-by":"crossref","unstructured":"des Ligneris, B.: Virtualization of Linux based computers: the Linux-Vserver project. In: HPCS 2005, pp. 340\u2013346. IEEE (2005)","DOI":"10.1109\/HPCS.2005.59"},{"key":"11_CR33","unstructured":"Linn, C., Rajagopalan, M., Baker, S., Collberg, C.S., Debray, S.K., Hartman, J.H.: Protecting against unexpected system calls. In: Usenix Security (2005)"},{"issue":"4","key":"11_CR34","doi-asserted-by":"publisher","first-page":"381","DOI":"10.1109\/TDSC.2008.69","volume":"7","author":"F Maggi","year":"2010","unstructured":"Maggi, F., Matteucci, M., Zanero, S.: Detecting intrusions through system call sequence and argument analysis. IEEE Trans. Dependable Secure Comput. 7(4), 381\u2013395 (2010)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"11_CR35","unstructured":"Martignoni, L., Christodorescu, M., Jha, S.: Omniunpack: fast, generic, and safe unpacking of malware. In: Twenty-Third Annual Computer Security Applications Conference, 2007. ACSAC 2007, pp. 431\u2013441. IEEE (2007)"},{"key":"11_CR36","doi-asserted-by":"crossref","unstructured":"Mattetti, M., Shulman-Peleg, A., Allouche, Y., Corradi, A., Dolev, S., Foschini, L.: Securing the infrastructure and the workloads of Linux containers. In: 2015 IEEE Conference on Communications and Network Security (CNS) (2015)","DOI":"10.1109\/CNS.2015.7346869"},{"key":"11_CR37","unstructured":"Menage, P., Jackson, P., Lameter, C.: Cgroups. https:\/\/www.kernel.org\/doc\/Documentation\/cgroup-v1\/cgroups.txt"},{"key":"11_CR38","unstructured":"MongoDB, I.: Mongodb manual reference. https:\/\/docs.mongodb.com\/manual\/reference\/command\/"},{"issue":"3","key":"11_CR39","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1145\/306225.306235","volume":"26","author":"D Mosberger","year":"1998","unstructured":"Mosberger, D., Jin, T.: Httperf: a tool for measuring web server performance. ACM SIGMETRICS Perform. Eval. Rev. 26(3), 31\u201337 (1998)","journal-title":"ACM SIGMETRICS Perform. Eval. Rev."},{"key":"11_CR40","unstructured":"Price, D., Tucker, A.: Solaris zones: operating system support for consolidating commercial workloads. In: Proceedings of the 18th USENIX Conference on System Administration. LISA (2004)"},{"key":"11_CR41","unstructured":"Provos, N.: Improving host security with system call policies. In: USENIX Security, vol. 3, p. 19 (2003)"},{"key":"11_CR42","unstructured":"Quest, K.C.: docker-slim: lean and mean docker containers. https:\/\/github.com\/docker-slim\/docker-slim"},{"key":"11_CR43","unstructured":"Rastogi, V., Davidson, D., De Carli, L., Jha, S., McDaniel, P.: Towards least privilege containers with cimplifier. arXiv preprint arXiv:1602.08410 (2016)"},{"key":"11_CR44","unstructured":"RedHat: Docker selinux security policy. https:\/\/access.redhat.com\/documentation\/en\/red-hat-enterprise-linux-atomic-host\/7\/container-security-guide\/chapter-6-docker-selinux-security-policy"},{"key":"11_CR45","unstructured":"Redislabs: Redis commands reference. http:\/\/redis.io\/commands"},{"key":"11_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1007\/978-3-319-11599-3_5","volume-title":"Secure IT Systems","author":"E Reshetova","year":"2014","unstructured":"Reshetova, E., Karhunen, J., Nyman, T., Asokan, N.: Security of OS-level virtualization technologies. In: Bernsmed, K., Fischer-H\u00fcbner, S. (eds.) NordSec 2014. LNCS, vol. 8788, pp. 77\u201393. Springer, Cham (2014). doi: 10.1007\/978-3-319-11599-3_5"},{"key":"11_CR47","doi-asserted-by":"crossref","unstructured":"Sekar, R., Bendre, M., Dhurjati, D., Bollineni, P.: A fast automaton-based method for detecting anomalous program behaviors. In: Proceedings of IEEE Security and Privacy, pp. 144\u2013155 (2001)","DOI":"10.1109\/SECPRI.2001.924295"},{"key":"11_CR48","doi-asserted-by":"crossref","unstructured":"Soltesz, S., P\u00f6tzl, H., Fiuczynski, M.E., Bavier, A., Peterson, L.: Container-based operating system virtualization: a scalable, high-performance alternative to hypervisors. In: ACM SIGOPS Operating Systems Review, pp. 275\u2013287. ACM (2007)","DOI":"10.1145\/1272998.1273025"},{"key":"11_CR49","unstructured":"van Surksum, K.: Microsoft announces support for docker container virtualization for next version of windows server (2014)"},{"key":"11_CR50","unstructured":"Wagner, D., Dean, R.: Intrusion detection via static analysis. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy (2001)"},{"key":"11_CR51","doi-asserted-by":"crossref","unstructured":"Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 255\u2013264. ACM (2002)","DOI":"10.1145\/586110.586145"},{"key":"11_CR52","unstructured":"Walsh, D.J.: Docker security in the future. https:\/\/opensource.com\/business\/15\/3\/docker-security-future"},{"key":"11_CR53","unstructured":"Watson, R.N., Anderson, J., Laurie, B., Kennaway, K.: Capsicum: practical capabilities for UNIX. In: USENIX Security Symposium, vol. 46, p. 2 (2010)"},{"key":"11_CR54","unstructured":"Zeng, Q., Xin, Z., Wu, D., Liu, P., Mao, B.: Tailored application-specific system call tables. Technical report, Pennsylvania State University (2014)"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-60876-1_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T23:33:51Z","timestamp":1750289631000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-60876-1_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319608754","9783319608761"],"references-count":54,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-60876-1_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"4 June 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DIMVA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bonn","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Germany","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6 July 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"7 July 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dimva2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.dimva.org\/dimva2017","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}