{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,29]],"date-time":"2025-12-29T11:26:00Z","timestamp":1767007560023,"version":"3.37.3"},"reference-count":59,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100012166","name":"National Key Research and Development Program of China","doi-asserted-by":"publisher","award":["2019YFB1804002"],"award-info":[{"award-number":["2019YFB1804002"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62272495"],"award-info":[{"award-number":["62272495"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100021171","name":"Basic and Applied Basic Research Foundation of Guangdong Province","doi-asserted-by":"publisher","award":["2023B1515020054"],"award-info":[{"award-number":["2023B1515020054"]}],"id":[{"id":"10.13039\/501100021171","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100012226","name":"Fundamental Research Funds for the Central Universities, Sun Yat-sen University","doi-asserted-by":"publisher","award":["22qntd1004"],"award-info":[{"award-number":["22qntd1004"]}],"id":[{"id":"10.13039\/501100012226","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Alibaba Project","award":["20925056"],"award-info":[{"award-number":["20925056"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/access.2024.3450496","type":"journal-article","created":{"date-parts":[[2024,8,27]],"date-time":"2024-08-27T17:25:00Z","timestamp":1724779500000},"page":"6487-6506","source":"Crossref","is-referenced-by-count":1,"title":["ESX: A Self-Generated Control Policy for Remote Access With SSH Based on eBPF"],"prefix":"10.1109","volume":"13","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-5422-7407","authenticated-orcid":false,"given":"Yuan","family":"Zhong","sequence":"first","affiliation":[{"name":"School of Computer Science and Engineering, Sun Yat-sen University, Guangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0972-6900","authenticated-orcid":false,"given":"Pengfei","family":"Chen","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, Sun Yat-sen University, Guangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-1761-9044","authenticated-orcid":false,"given":"Huxing","family":"Zhang","sequence":"additional","affiliation":[{"name":"Alibaba Group, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.2139\/ssrn.3355151"},{"key":"ref2","first-page":"40","article-title":"SSH\u2014Secure login connections over the internet","volume-title":"Proc. 6th USENIX Secur. Symp.","volume":"37","author":"Ylonen"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/ICSSIT53264.2022.9716317"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4842-2283-6_4"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(17)30092-2"},{"key":"ref6","article-title":"Inside the cyberattack that shocked the US government","volume":"23","author":"Koerner","year":"2016","journal-title":"Wired"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1007\/s11227-020-03213-1"},{"volume-title":"System and Application Monitoring and Troubleshooting With Sysdig","year":"2015","author":"Borello","key":"ref8"},{"key":"ref9","first-page":"209","article-title":"The LTTng tracer: A low impact performance and behavior monitor for GNU\/Linux","volume-title":"Proc. Ottawa Linux Symp.","author":"Desnoyers"},{"key":"ref10","first-page":"355","article-title":"Auditing frameworks need resource isolation: A systematic study on the super producer threat to system auditing and its mitigation","volume-title":"Proc. 32nd USENIX Secur. Symp.","author":"Jiang"},{"issue":"43","key":"ref11","first-page":"139","article-title":"Implementing SELinux as a Linux security module","volume-title":"NAI Labs Rep.","volume":"1","author":"Smalley","year":"2001"},{"key":"ref12","first-page":"355","article-title":"Subdomain: Parsimonious server security","volume-title":"Proc. 14th Conf. Syst. Admin.","author":"Cowan"},{"key":"ref13","article-title":"Dynamic seccomp policies (using BPF filters)","volume":"18","author":"Drewry","year":"2012","journal-title":"Retrieved"},{"volume-title":"Namespaces in Operation, Part 1: Namespaces Overview [LWN.net]","year":"2013","key":"ref14"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.3103\/s0146411618080357"},{"key":"ref16","first-page":"259","article-title":"The BSD packet filter: A new architecture for user-level packet capture","volume-title":"Proc. Usenix Winter Tech. Conf.","author":"McCanne"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.4018\/jsse.2012100103"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/2501604.2501606"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1016\/s0065-2458(08)60206-5"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/MCC.2014.51"},{"issue":"162","key":"ref21","first-page":"1","article-title":"Guide to attribute based access control (ABAC) definition and considerations (draft)","volume":"800","author":"Hu","year":"2013","journal-title":"NIST Special Publication"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653675"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/1377836.1377840"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-43936-4_18"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/eurosp.2018.00011"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1007\/s11280-022-01076-5"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/proc.1975.9939"},{"key":"ref28","first-page":"21","article-title":"Make least privilege a right (not a privilege)","volume-title":"Proc. 10th Conf. Hot Topics Operating Syst.","author":"Krohn"},{"key":"ref29","article-title":"Rework\/optimize internal BPF interpreter\u2019s instruction set","author":"Starovoitov","year":"2014","journal-title":"Kernel Patch"},{"volume-title":"BPF Performance Tools: Linux System and Application Observability","year":"2019","author":"Gregg","key":"ref30"},{"key":"ref31","first-page":"215","article-title":"Ptrace, utrace, uprobes: Lightweight, dynamic tracing of user apps","volume-title":"Proc. Linux Symp.","author":"Keniston"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/3317550.3321435"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/3176258.3176307"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/3472883.3486974"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/2295136.2295145"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2014.2369048"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359805"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1023\/B:DAMI.0000005258.31418.83"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/1880022.1880030"},{"key":"ref40","article-title":"BPFContain: Fixing the soft underbelly of container security","author":"Findlay","year":"2021","journal-title":"arXiv:2102.06972"},{"article-title":"Phoronix test suite. Phoronix media","year":"2011","author":"Larabel","key":"ref41"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1145\/956750.956788"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2016.01.010"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2018.03.041"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1002\/widm.8"},{"key":"ref46","first-page":"487","article-title":"Fast algorithms for mining association rules in large databases","volume-title":"Proc. 20th Int. Conf. Very Large Data Bases","author":"Agrawal"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/170035.170072"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/362375.362389"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/2988545"},{"key":"ref50","first-page":"116","article-title":"Jails: Confining the omnipotent root","volume-title":"Proc. 2nd Int. SANE Conf.","author":"Kamp"},{"key":"ref51","first-page":"241","article-title":"Solaris zones: Operating system support for consolidating commercial workloads","volume-title":"Proc. 18th Conf. Syst. Admin.","author":"Price"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1145\/2093548.2093572"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.23919\/cnsm46954.2019.9012736"},{"key":"ref54","first-page":"1","article-title":"A secure environment for untrusted helper applications confining the wily hacker","volume-title":"Proc. 6th Conf. USENIX Secur. Symp., Focusing Appl. Cryptography","author":"Goldberg"},{"key":"ref55","first-page":"207","article-title":"A flexible containment mechanism for executing untrusted code","volume-title":"Proc. 11th USENIX Secur. Symp.","author":"Peterson"},{"key":"ref56","first-page":"18","article-title":"Improving host security with system call policies","volume-title":"Proc. 12th Conf. USENIX Secur. Symp.","author":"Provos"},{"key":"ref57","first-page":"1","article-title":"Ostia: A delegating architecture for secure system call interposition","volume-title":"Proc. Netw. Distrib. Syst. Secur. Symp.","author":"Garfinkel"},{"key":"ref58","article-title":"Landlock LSM: Toward unprivileged sandboxing","author":"Sala\u00fcn","year":"2017","journal-title":"Linux Secur. Summit"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1145\/3411495.3421358"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6287639\/10820123\/10649557.pdf?arnumber=10649557","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,14]],"date-time":"2025-01-14T20:08:31Z","timestamp":1736885311000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10649557\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":59,"URL":"https:\/\/doi.org\/10.1109\/access.2024.3450496","relation":{},"ISSN":["2169-3536"],"issn-type":[{"type":"electronic","value":"2169-3536"}],"subject":[],"published":{"date-parts":[[2025]]}}}