{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,21]],"date-time":"2026-01-21T21:29:19Z","timestamp":1769030959537,"version":"3.49.0"},"reference-count":51,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,11,14]],"date-time":"2025-11-14T00:00:00Z","timestamp":1763078400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,11,14]],"date-time":"2025-11-14T00:00:00Z","timestamp":1763078400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,11,14]]},"DOI":"10.1109\/cloudcom67567.2025.11331483","type":"proceedings-article","created":{"date-parts":[[2026,1,20]],"date-time":"2026-01-20T20:37:16Z","timestamp":1768941436000},"page":"1-8","source":"Crossref","is-referenced-by-count":0,"title":["Secure Kubernetes Workload Deployment with Automated Enforcement of Cluster-Defined Policies"],"prefix":"10.1109","author":[{"given":"Matthew","family":"Rossi","sequence":"first","affiliation":[{"name":"Università degli Studi di Bergamo,Italy"}]},{"given":"Michele","family":"Beretta","sequence":"additional","affiliation":[{"name":"Università degli Studi di Bergamo,Italy"}]},{"given":"Dario","family":"Facchinetti","sequence":"additional","affiliation":[{"name":"Università degli Studi di Bergamo,Italy"}]},{"given":"Stefano","family":"Paraboschi","sequence":"additional","affiliation":[{"name":"Università degli Studi di Bergamo,Italy"}]}],"member":"263","reference":[{"key":"ref1","volume-title":"CNCF Annual Survey","year":"2023"},{"key":"ref2","volume-title":"CVE-2024\u20132I626"},{"key":"ref3","volume-title":"CVE-202I-44228"},{"key":"ref4","volume-title":"In-gressNightmare: 9.8 Critical Unauthenticated Remote Code Exe-cution Vulnerabilities in Ingress NGINX","author":"Ohfeld","year":"2025"},{"key":"ref5","volume-title":"CVE-2022\u20130I85"},{"key":"ref6","volume-title":"Kubernetes adoption, security, and market trends report","year":"2024"},{"key":"ref7","volume-title":"Open-sourcing gVisor, a sandboxed container runtime","author":"Lacasse"},{"key":"ref8","article-title":"Firecracker: Lightweight Virtualization for Serverless Applications","author":"Agache","year":"2020","journal-title":"NSDI"},{"key":"ref9","volume-title":"Kata Containers","year":"2025"},{"key":"ref10","article-title":"The true cost of containing: a gVisor case study","author":"Young","year":"2019","journal-title":"HotCloud"},{"key":"ref11","year":"2025","journal-title":"Pod Topology Spread Constraints"},{"key":"ref12","volume-title":"Workload Security Rings","author":"Czapinski","year":"2023"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/2741948.2741964"},{"key":"ref14","volume-title":"Assign Pods to Nodes with Node labels","year":"2025"},{"key":"ref15","volume-title":"Assign Pods to Nodes using Affinity","year":"2025"},{"key":"ref16","volume-title":"Taints and Tolerations - Kubernetes","year":"2025"},{"key":"ref17","volume-title":"OPA Gatekeeper","year":"2025"},{"key":"ref18","volume-title":"Open Policy Agent","year":"2025"},{"key":"ref19","volume-title":"Policy Language","year":"2025"},{"key":"ref20","volume-title":"Node feature discovery","year":"2025"},{"key":"ref21","volume-title":"ClusterLoader2","year":"2025"},{"key":"ref22","volume-title":"KWOK","year":"2025"},{"key":"ref23","volume-title":"Service","year":"2025"},{"key":"ref24","volume-title":"wrk: Modern HTTP Benchmarking Tool","author":"Glozer"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/1807128.1807152"},{"key":"ref26","volume-title":"Filesystem","year":"2025"},{"key":"ref27","volume-title":"sysbench: Scriptable database and system performance benchmark","author":"Kopytov"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/3539606"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/3544788"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/3708821.3735343"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/IPDPS.2003.1213198"},{"key":"ref32","article-title":"Apollo: scalable and coordinated scheduling for cloud-scale computing","author":"Boutin","year":"2014","journal-title":"USENIX OSDI"},{"key":"ref33","article-title":"Graphene: packing and dependency-aware scheduling for data-parallel clusters","author":"Grandl","year":"2016","journal-title":"USENIX OSDI"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/1618525.1618529"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.3390\/s21123978"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1007\/s11227-023-05506-7"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1007\/s10723-024-09788-w"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-91337-2_75"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2006.110"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2010.117"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-61176-1_15"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2015.2429132"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/CLOUD.2017.95"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/3579856.3582835"},{"key":"ref45","year":"2025","journal-title":"QEMU"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/CloudCom59040.2023.00033"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/3708821.3735342"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/3579856.3595799"},{"key":"ref49","article-title":"Security Namespace: Making Linux Security Frameworks Available to Containers","author":"Sun","year":"2018","journal-title":"USENIX Security"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1145\/3607199.3607233"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/3579856.3592831"}],"event":{"name":"2025 lEEE International Conference on Cloud Computing Technology and Science (CloudCom)","location":"Shenzhen, China","start":{"date-parts":[[2025,11,14]]},"end":{"date-parts":[[2025,11,16]]}},"container-title":["2025 lEEE International Conference on Cloud Computing Technology and Science (CloudCom)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11330195\/11331311\/11331483.pdf?arnumber=11331483","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,21]],"date-time":"2026-01-21T07:12:42Z","timestamp":1768979562000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11331483\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,14]]},"references-count":51,"URL":"https:\/\/doi.org\/10.1109\/cloudcom67567.2025.11331483","relation":{},"subject":[],"published":{"date-parts":[[2025,11,14]]}}}