{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:11:10Z","timestamp":1772039470030,"version":"3.50.1"},"reference-count":41,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"3","license":[{"start":{"date-parts":[[2024,5,1]],"date-time":"2024-05-01T00:00:00Z","timestamp":1714521600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2024,5,1]],"date-time":"2024-05-01T00:00:00Z","timestamp":1714521600000},"content-version":"am","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2024,5,1]],"date-time":"2024-05-01T00:00:00Z","timestamp":1714521600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,5,1]],"date-time":"2024-05-01T00:00:00Z","timestamp":1714521600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"NSF","award":["CNS-1815650"],"award-info":[{"award-number":["CNS-1815650"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2024,5]]},"DOI":"10.1109\/tdsc.2023.3268124","type":"journal-article","created":{"date-parts":[[2023,4,19]],"date-time":"2023-04-19T17:38:19Z","timestamp":1681925899000},"page":"1068-1083","source":"Crossref","is-referenced-by-count":6,"title":["A Hybrid System Call Profiling Approach for Container Protection"],"prefix":"10.1109","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3844-2467","authenticated-orcid":false,"given":"Yunlong","family":"Xing","sequence":"first","affiliation":[{"name":"Center for Secure Information Systems, George Mason University, Fairfax, VA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3648-1750","authenticated-orcid":false,"given":"Xinda","family":"Wang","sequence":"additional","affiliation":[{"name":"Center for Secure Information Systems, George Mason University, Fairfax, VA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2811-3536","authenticated-orcid":false,"given":"Sadegh","family":"Torabi","sequence":"additional","affiliation":[{"name":"Center for Secure Information Systems, George Mason University, Fairfax, VA, USA"}]},{"given":"Zeyu","family":"Zhang","sequence":"additional","affiliation":[{"name":"Center for Secure Information Systems, George Mason University, Fairfax, VA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1936-0562","authenticated-orcid":false,"given":"Lingguang","family":"Lei","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4152-2107","authenticated-orcid":false,"given":"Kun","family":"Sun","sequence":"additional","affiliation":[{"name":"Center for Secure Information Systems, George Mason University, Fairfax, VA, USA"}]}],"member":"263","reference":[{"key":"ref1","article-title":"Sysdig 2021 container security and usage report","year":"2021"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-60876-1_11"},{"key":"ref11","first-page":"443","article-title":"Confine: Automated system call policy generation for container attack surface reduction","volume-title":"Proc. 23rd Int. Symp. Res. Attacks Intrusions Defenses","author":"Ghavamnia"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2017.16"},{"key":"ref13","article-title":"Temporal system call specialization for attack surface reduction","volume-title":"Proc. 29th USENIX Secur. Symp.","author":"Ghavamnia"},{"key":"ref16","article-title":"Docker security in the future","author":"Walsh"},{"key":"ref32","article-title":"NoSQL Exploitation Framework","author":"Alexander"},{"key":"ref39","article-title":"Kernel debugging with Kprobes","author":"Panchamukhi"},{"key":"ref44","article-title":"Enhancements to the Linux kernel for blocking buffer overflow based attacks","volume-title":"Proc. 4th Annu. Linux Showcase Conf.","author":"Bernaschi"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.15"},{"key":"ref46","first-page":"869","article-title":"Debloating software through {Piece-Wise} compilation and loading","volume-title":"Proc. 27th USENIX Secur. Symp.","author":"Quach"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359823"},{"key":"ref48","first-page":"1697","article-title":"Less is more: Quantifying the security benefits of debloating web applications","volume-title":"Proc. 28th USENIX Secur. Symp.","author":"Azad"},{"key":"ref49","first-page":"1733","article-title":"RAZOR: A framework for post-deployment software debloating","volume-title":"Proc. 28th USENIX Secur. Symp.","author":"Qian"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-39650-5_19"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2008.69"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1984.5010256"},{"key":"ref53","article-title":"Traps and pitfalls: Practical problems in system call interposition based security tools","volume-title":"Proc. Netw. Distrib. Syst. Secur. Symp.","author":"Garfinkel"},{"key":"ref54","article-title":"Ostia: A delegating architecture for secure system call interposition","volume-title":"Proc. Netw. Distrib. Syst. Secur. Symp.","author":"Garfinkel"},{"key":"ref55","first-page":"139","article-title":"Practical and effective sandboxing for non-root users","volume-title":"Proc. USENIX Annu. Tech. Conf.","author":"Kim"},{"key":"ref56","doi-asserted-by":"crossref","DOI":"10.1145\/2093548.2093572","article-title":"Capsicum: Practical capabilities for UNIX","volume-title":"Proc. USENIX Secur. Symp.","author":"Watson"},{"key":"ref57","first-page":"257","article-title":"Improving host security with system call policies","volume-title":"Proc. USENIX Secur. Symp.","author":"Provos"},{"key":"ref59","first-page":"163","article-title":"Linux capabilities: Making them work","volume-title":"Proc. Linux Symp.","author":"Hallyn","year":"2008"},{"key":"ref63","article-title":"Tailored application-specific system call tables","author":"Zeng","year":"2014"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2001.924296"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2001.924295"},{"key":"ref66","first-page":"61","article-title":"Detecting manipulated remote call streams","volume-title":"Proc. USENIX Secur. Symp.","author":"Giffin"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1145\/586110.586145"},{"key":"ref68","first-page":"11","article-title":"Automating mimicry attacks using static binary analysis","volume-title":"Proc. USENIX Secur. Symp.","author":"Kruegel"},{"key":"ref69","article-title":"High accuracy attack provenance via binary-based execution partition","volume-title":"Proc. Netw. Distrib. Syst. Secur. Symp.","author":"Lee"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-11599-3_5"},{"key":"ref71","article-title":"Analysis of docker security","author":"Bui","year":"2015"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2015.7346917"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2015.7346869"},{"key":"ref74","first-page":"239","article-title":"Protecting against unexpected system calls","volume-title":"Proc. USENIX Secur. Symp.","author":"Linn"},{"key":"ref75","article-title":"Towards least privilege containers with cimplifier","author":"Rastogi","year":"2016"},{"key":"ref76","article-title":"Docker-Slim: Lean and mean docker containers","author":"Quest","year":"2018"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1145\/1972551.1972557"},{"key":"ref78","article-title":"Attack surface metrics and automated compile-time OS kernel tailoring","volume-title":"Proc. Netw. Distrib. Syst. Secur. Symp.","author":"Kurmus"},{"key":"ref79","first-page":"459","article-title":"sysfilter: Automated system call filtering for commodity software","volume-title":"Proc. 23rd Int. Symp. Res. Attacks Intrusions Defenses","author":"DeMarinis"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1145\/3474123.3486762"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"https:\/\/ieeexplore.ieee.org\/ielam\/8858\/10530496\/10105304-aam.pdf","content-type":"application\/pdf","content-version":"am","intended-application":"syndication"},{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8858\/10530496\/10105304.pdf?arnumber=10105304","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,5,15]],"date-time":"2024-05-15T05:23:07Z","timestamp":1715750587000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10105304\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,5]]},"references-count":41,"journal-issue":{"issue":"3"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2023.3268124","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,5]]}}}