{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,17]],"date-time":"2026-03-17T02:12:48Z","timestamp":1773713568861,"version":"3.50.1"},"reference-count":33,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"2","license":[{"start":{"date-parts":[[2026,3,1]],"date-time":"2026-03-01T00:00:00Z","timestamp":1772323200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"name":"Project SERICS through PNRR MUR Program"},{"name":"European Union – NextGenerationEU","award":["PE00000014"],"award-info":[{"award-number":["PE00000014"]}]},{"name":"European Union’s Horizon Europe Programme","award":["101070473"],"award-info":[{"award-number":["101070473"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2026,3]]},"DOI":"10.1109\/tdsc.2025.3641311","type":"journal-article","created":{"date-parts":[[2025,12,8]],"date-time":"2025-12-08T18:43:24Z","timestamp":1765219404000},"page":"3784-3797","source":"Crossref","is-referenced-by-count":0,"title":["Exploiting Kubernetes\u2019 Image Pull Implementation to Deny Node Availability"],"prefix":"10.1109","volume":"23","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7291-7780","authenticated-orcid":false,"given":"Luis Augusto Dias","family":"Knob","sequence":"first","affiliation":[{"name":"DAISY, Center for Cybersecurity, Fondazione Bruno Kessler, Trento, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-1273-3936","authenticated-orcid":false,"given":"Matteo","family":"Franzil","sequence":"additional","affiliation":[{"name":"Department of Information Engineering and Computer Science, University of Trento, Trento, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5640-6507","authenticated-orcid":false,"given":"Domenico","family":"Siracusa","sequence":"additional","affiliation":[{"name":"Department of Information Engineering and Computer Science, University of Trento, Trento, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/2890784"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/3579639"},{"key":"ref3","first-page":"5971","article-title":"Cross container attacks: The bewildered eBPF on clouds","volume-title":"Proc. 32nd USENIX Secur. Symp.","author":"He","year":"2023"},{"key":"ref4","first-page":"7517","article-title":"Attacks are forwarded: Breaking the isolation of MicroVM-based containers through operation forwarding","volume-title":"Proc. 32nd USENIX Secur. Symp.","author":"Xiao","year":"2023"},{"issue":"3","key":"ref5","first-page":"457","article-title":"An anomaly-based detection system for monitoring kubernetes infrastructures","volume-title":"IEEE Latin America Trans.","volume":"21","author":"Almaraz-Rivera","year":"2023"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/3539606"},{"issue":"5","key":"ref7","first-page":"46","article-title":"Understanding the security implications of kubernetes networking","volume-title":"IEEE Secur. Privacy","volume":"19","author":"Minna","year":"2021"},{"key":"ref8","article-title":"Kubernetes - Production-grade container orchestration","year":"2023"},{"key":"ref9","first-page":"358","article-title":"Open source FaaS performance aspects","volume-title":"Proc. 43rd Int. Conf. Telecommun. Signal Process.","author":"Balla","year":"2020"},{"key":"ref10","article-title":"gRPC","year":"2023"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1007\/s10586-021-03517-8"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1002\/spe.2885"},{"key":"ref13","first-page":"2397","article-title":"Robbery on DevOps: Understanding and mitigating illicit cryptomining on continuous integration service platforms","volume-title":"Proc. IEEE Symp. Secur. Privacy","author":"Li","year":"2022"},{"issue":"3","key":"ref14","first-page":"2820","article-title":"Computing without borders: The way towards liquid computing","volume-title":"IEEE Trans. Cloud Comput.","volume":"11","author":"Iorio","year":"2023"},{"key":"ref15","article-title":"CloudNative security and usage report 2023","year":"2023"},{"key":"ref16","article-title":"Liqo","year":"2019"},{"key":"ref17","article-title":"MAGI system","author":"Knob","year":"2023"},{"key":"ref18","article-title":"On exploiting gzip\u2019s content-dependent compression","author":"Knob","year":"2023"},{"key":"ref19","article-title":"Phoronix test suite","year":"2023"},{"key":"ref20","article-title":"containerdsnoop","author":"Knob","year":"2023"},{"key":"ref21","article-title":"Imagesnoop","author":"Knob","year":"2023"},{"key":"ref22","article-title":"Microservices demo","year":"2023"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382228"},{"key":"ref24","doi-asserted-by":"crossref","DOI":"10.14722\/ndss.2023.24996","article-title":"HeteroScore: Evaluating and mitigating cloud security threats brought by heterogeneity","volume-title":"Proc. Netw. Distrib. Syst. Secur. Symp.","author":"Fang","year":"2023"},{"key":"ref25","doi-asserted-by":"crossref","DOI":"10.14722\/ndss.2022.23149","article-title":"Repttack: Exploiting cloud schedulers to guide co-location attacks","volume-title":"Proc. Netw. Distrib. Syst. Secur. Symp.","author":"Fang","year":"2022"},{"issue":"3","key":"ref26","first-page":"1686","article-title":"CODA: Runtime detection of application-layer CPU-Exhaustion DoS attacks in containers","volume-title":"IEEE Trans. Services Comput.","volume":"16","author":"Zhan","year":"2023"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1504\/ijcc.2020.105885"},{"key":"ref28","first-page":"1","article-title":"Extreme gradient boosting based anomaly detection for kubernetes orchestration","volume-title":"Proc. 27th Int. Conf. Inf. Technol.","author":"Yolchuyev","year":"2023"},{"key":"ref29","article-title":"OPA gatekeeper","year":"2025"},{"key":"ref30","article-title":"Falco","year":"2025"},{"key":"ref31","article-title":"Falcosidekick","year":"2025"},{"key":"ref32","article-title":"Tetragon","year":"2023"},{"key":"ref33","article-title":"Tracee","year":"2025"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/8858\/11434575\/11283066.pdf?arnumber=11283066","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,17]],"date-time":"2026-03-17T01:15:17Z","timestamp":1773710117000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11283066\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,3]]},"references-count":33,"journal-issue":{"issue":"2"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2025.3641311","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,3]]}}}