{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,9]],"date-time":"2026-04-09T14:43:13Z","timestamp":1775745793711,"version":"3.50.1"},"reference-count":37,"publisher":"IEEE","license":[{"start":{"date-parts":[[2021,6,8]],"date-time":"2021-06-08T00:00:00Z","timestamp":1623110400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2021,6,8]],"date-time":"2021-06-08T00:00:00Z","timestamp":1623110400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100004040","name":"Research Fund KU Leuven","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100004040","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100003130","name":"Flemish Research Programme Cyberse-curity","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100003130","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100010661","name":"EU H2020 MSCA-ITN action 5GhOSTS","doi-asserted-by":"publisher","award":["814035"],"award-info":[{"award-number":["814035"]}],"id":[{"id":"10.13039\/100010661","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,6,8]]},"DOI":"10.1109\/eucnc\/6gsummit51104.2021.9482526","type":"proceedings-article","created":{"date-parts":[[2021,7,28]],"date-time":"2021-07-28T20:32:03Z","timestamp":1627504323000},"page":"407-412","source":"Crossref","is-referenced-by-count":35,"title":["Network Policies in Kubernetes: Performance Evaluation and Security Analysis"],"prefix":"10.1109","author":[{"given":"Gerald","family":"Budigiri","sequence":"first","affiliation":[{"name":"imec-DistriNet, KU Leuven,Belgium"}]},{"given":"Christoph","family":"Baumann","sequence":"additional","affiliation":[{"name":"Ericsson Research,Stockholm,Sweden"}]},{"given":"Jan Tobias","family":"Muhlberg","sequence":"additional","affiliation":[{"name":"imec-DistriNet, KU Leuven,Belgium"}]},{"given":"Eddy","family":"Truyen","sequence":"additional","affiliation":[{"name":"imec-DistriNet, KU Leuven,Belgium"}]},{"given":"Wouter","family":"Joosen","sequence":"additional","affiliation":[{"name":"imec-DistriNet, KU Leuven,Belgium"}]}],"member":"263","reference":[{"key":"ref33","year":"0","journal-title":"Using eBPF in Kubernetes"},{"key":"ref32","author":"fleming","year":"0","journal-title":"A Thorough Introduction to EBPF"},{"key":"ref31","author":"manfred","year":"0","journal-title":"Kernel privilege escalation via improper eBPF program verification"},{"key":"ref30","year":"0","journal-title":"bpf(2) - linux manual page"},{"key":"ref37","article-title":"TaLoS: Secure and transparent TLS termination inside SGX enclaves","volume":"5","author":"aublin","year":"2017","journal-title":"Imperial College London Technical Report"},{"key":"ref36","author":"gowda","year":"0","journal-title":"Microsoft Docs Enclave aware containers on Azure"},{"key":"ref35","article-title":"Configure encryption and authentication","year":"0","journal-title":"org\/security\/comms\/crypto-auth\/"},{"key":"ref34","year":"0","journal-title":"Customize the manifests"},{"key":"ref10","article-title":"SCONE: Secure linux containers with intel SGX","author":"arnautov","year":"2016","journal-title":"12th USENIX OSDI 16"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev45635.2020.00025"},{"key":"ref12","author":"balkan","year":"0","journal-title":"Kubernetes network policy recipes"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/LANMAN49260.2020.9153266"},{"key":"ref14","author":"nguyen","year":"2020","journal-title":"Network isolation for K8s hard multi-tenancy"},{"key":"ref15","year":"0","journal-title":"Kubernetes namespaces"},{"key":"ref16","year":"0","journal-title":"How to stop the next equifax-style megabreach"},{"key":"ref17","year":"0","journal-title":"About eBPF"},{"key":"ref18","year":"0","journal-title":"eBPF datapath"},{"key":"ref19","article-title":"How it's built","year":"0","journal-title":"CED"},{"key":"ref28","year":"0","journal-title":"Pod security policies"},{"key":"ref4","article-title":"BAS-TION: A security enforcement network stack for container networks","author":"nam","year":"0","journal-title":"2020 USENIX Annual Technical Conf (USENIXATC 20)"},{"key":"ref27","year":"0","journal-title":"Zero-trust networks in Kubernetes cloud-native applications"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2945930"},{"key":"ref6","article-title":"Application container security guide (2nd draft)","author":"souppaya","year":"2017","journal-title":"NIST"},{"key":"ref29","author":"ahmed","year":"0","journal-title":"Enforce pod security policies in Kubernetes using OPA"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2911732"},{"key":"ref8","article-title":"Understanding and hardening linux containers","author":"grattafiori","year":"2016","journal-title":"NCC Group Intern Whitepaper"},{"key":"ref7","author":"reshetova","year":"2014","journal-title":"Security of os-level virtualization technologies Tech report"},{"key":"ref2","article-title":"Exploring microservices as the architecture of choice for network function virtualization platforms","author":"hawilo","year":"2019","journal-title":"IEEE Network"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2018.00076"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3001277"},{"key":"ref20","year":"0","journal-title":"Care and Feeding of Netperf 2 7 X"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1002\/eng2.12080"},{"key":"ref21","year":"0"},{"key":"ref24","article-title":"Misconfig. remains #1 cause of data breaches in the cloud","author":"truta","year":"0","journal-title":"CLOUD"},{"key":"ref23","year":"0","journal-title":"Kubernetes adoption security and market share trends report"},{"key":"ref26","author":"monica","year":"0","journal-title":"Least priv cont orchestration"},{"key":"ref25","author":"ahmed","year":"0","journal-title":"How to enforce Kubernetes network security policies using OPA"}],"event":{"name":"2021 Joint European Conference on Networks and Communications & 6G Summit (EuCNC\/6G Summit)","location":"Porto, Portugal","start":{"date-parts":[[2021,6,8]]},"end":{"date-parts":[[2021,6,11]]}},"container-title":["2021 Joint European Conference on Networks and Communications &amp; 6G Summit (EuCNC\/6G Summit)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9482408\/9482415\/09482526.pdf?arnumber=9482526","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,2]],"date-time":"2022-08-02T23:58:58Z","timestamp":1659484738000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9482526\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,6,8]]},"references-count":37,"URL":"https:\/\/doi.org\/10.1109\/eucnc\/6gsummit51104.2021.9482526","relation":{},"subject":[],"published":{"date-parts":[[2021,6,8]]}}}