{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T15:46:20Z","timestamp":1774367180081,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":71,"publisher":"ACM","license":[{"start":{"date-parts":[[2018,12,3]],"date-time":"2018-12-03T00:00:00Z","timestamp":1543795200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"National Key Research and Development Program of China","award":["2016YFB0800102"],"award-info":[{"award-number":["2016YFB0800102"]}]},{"name":"National Natural Science Foundation of China","award":["61802398"],"award-info":[{"award-number":["61802398"]}]},{"name":"National Cryptography Development Fund","award":["MMJJ20180222"],"award-info":[{"award-number":["MMJJ20180222"]}]},{"name":"U.S. ONR","award":["N00014-16-1-3214 and N00014-16-1-3216"],"award-info":[{"award-number":["N00014-16-1-3214 and N00014-16-1-3216"]}]},{"DOI":"10.13039\/100000001","name":"NSF","doi-asserted-by":"publisher","award":["CNS-1815650"],"award-info":[{"award-number":["CNS-1815650"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2018,12,3]]},"DOI":"10.1145\/3274694.3274720","type":"proceedings-article","created":{"date-parts":[[2018,12,4]],"date-time":"2018-12-04T13:07:01Z","timestamp":1543928821000},"page":"418-429","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":117,"title":["A Measurement Study on Linux Container Security"],"prefix":"10.1145","author":[{"given":"Xin","family":"Lin","sequence":"first","affiliation":[{"name":"School of Cyber Security, University of Chinese Academy of Sciences Beijing, China and Institute of Information Engineering, CAS, Beijing, China and Data Assurance and Communication Security Research Center, CAS, Beijing, China"}]},{"given":"Lingguang","family":"Lei","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, CAS Beijing, China and Data Assurance and Communication Security Research Center, CAS, Beijing, China"}]},{"given":"Yuewu","family":"Wang","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, CAS Beijing, China and Data Assurance and Communication Security Research Center, CAS, Beijing, China"}]},{"given":"Jiwu","family":"Jing","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, CAS Beijing, China and Data Assurance and Communication Security Research Center, CAS, Beijing, China"}]},{"given":"Kun","family":"Sun","sequence":"additional","affiliation":[{"name":"George Mason University Fairfax, USA"}]},{"given":"Quan","family":"Zhou","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, CAS Beijing, China and Data Assurance and Communication Security Research Center, CAS, Beijing, China"}]}],"member":"320","published-online":{"date-parts":[[2018,12,3]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Aaron Adams. 2015. Xen SMEP (and SMAP) bypass. https:\/\/www.nccgroup.trust\/uk\/aboutus\/newsroom-and-events\/blogs\/2015\/april\/xen-smep-and-smap-bypass\/  Aaron Adams. 2015. Xen SMEP (and SMAP) bypass. https:\/\/www.nccgroup.trust\/uk\/aboutus\/newsroom-and-events\/blogs\/2015\/april\/xen-smep-and-smap-bypass\/"},{"key":"e_1_3_2_1_2_1","unstructured":"The Kubernetes Authors. 2018. Production-Grade Container Orchestration. https:\/\/kubernetes.io\/  The Kubernetes Authors. 2018. Production-Grade Container Orchestration. https:\/\/kubernetes.io\/"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2015.7346917"},{"key":"e_1_3_2_1_5_1","first-page":"13","article-title":"Paranoid penguin: an introduction to Novell AppArmor","volume":"2006","author":"Bauer Mick","year":"2006","unstructured":"Mick Bauer . 2006 . Paranoid penguin: an introduction to Novell AppArmor . Linux Journal 2006 , 148 (2006), 13 . Mick Bauer. 2006. Paranoid penguin: an introduction to Novell AppArmor. Linux Journal 2006, 148 (2006), 13.","journal-title":"Linux Journal"},{"key":"e_1_3_2_1_6_1","volume-title":"Analysis of Docker Security. CoRR abs\/1501.02967","author":"Bui Thanh","year":"2015","unstructured":"Thanh Bui . 2015. Analysis of Docker Security. CoRR abs\/1501.02967 ( 2015 ). arXiv:1501.02967 http:\/\/arxiv.org\/abs\/1501.02967 Thanh Bui. 2015. Analysis of Docker Security. CoRR abs\/1501.02967 (2015). arXiv:1501.02967 http:\/\/arxiv.org\/abs\/1501.02967"},{"key":"e_1_3_2_1_7_1","volume-title":"Security Assurance Requirements for Linux Application Container Deployments. US Department of Commerce","author":"Chandramouli Ramaswamy","unstructured":"Ramaswamy Chandramouli . 2017. Security Assurance Requirements for Linux Application Container Deployments. US Department of Commerce , National Institute of Standards and Technology . Ramaswamy Chandramouli. 2017. Security Assurance Requirements for Linux Application Container Deployments. US Department of Commerce, National Institute of Standards and Technology."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/SCC.2016.123"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3053029"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/MCC.2016.100"},{"key":"e_1_3_2_1_11_1","unstructured":"Amazon Company. 2018. AWS Fargate. https:\/\/aws.amazon.com\/fargate\/?nc1=h_ls  Amazon Company. 2018. AWS Fargate. https:\/\/aws.amazon.com\/fargate\/?nc1=h_ls"},{"key":"e_1_3_2_1_12_1","unstructured":"MITRE Corporation. 2018. About CVE. https:\/\/cve.mitre.org\/about\/index.html  MITRE Corporation. 2018. About CVE. https:\/\/cve.mitre.org\/about\/index.html"},{"key":"e_1_3_2_1_13_1","unstructured":"MITRE Corporation. 2018. About CWE. https:\/\/cwe.mitre.org\/about\/index.html  MITRE Corporation. 2018. About CWE. https:\/\/cwe.mitre.org\/about\/index.html"},{"key":"e_1_3_2_1_14_1","unstructured":"MITRE Corporation. 2018. CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). https:\/\/cwe.mitre.org\/data\/definitions\/78.html  MITRE Corporation. 2018. CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). https:\/\/cwe.mitre.org\/data\/definitions\/78.html"},{"key":"e_1_3_2_1_15_1","unstructured":"Exploit Database. 2018. About The Exploit Database. https:\/\/www.exploit-db.com\/about-exploit-db\/  Exploit Database. 2018. About The Exploit Database. https:\/\/www.exploit-db.com\/about-exploit-db\/"},{"key":"e_1_3_2_1_16_1","unstructured":"Jake Edge. 2013. Kernel address space layout randomization. https:\/\/lwn.net\/Articles\/569635\/  Jake Edge. 2013. Kernel address space layout randomization. https:\/\/lwn.net\/Articles\/569635\/"},{"key":"e_1_3_2_1_17_1","volume-title":"Eleazar Aguirre Anaya, and Ra\u00fal Acosta Bermejo","author":"Fraga Rolando S\u00e1nchez","year":"2014","unstructured":"Rolando S\u00e1nchez Fraga , Eleazar Aguirre Anaya, and Ra\u00fal Acosta Bermejo . 2014 . Taxonomy for Denial-of-Service Vulnerabilities in the Linux Kernel . (2014). Rolando S\u00e1nchez Fraga, Eleazar Aguirre Anaya, and Ra\u00fal Acosta Bermejo. 2014. Taxonomy for Denial-of-Service Vulnerabilities in the Linux Kernel. (2014)."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/CLOUD.2010.23"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"crossref","unstructured":"Daniel Gruss Moritz Lipp Michael Schwarz Richard Fellner Clementine Maurice and Stefan Mangard. 2017. KASLR is Dead: Long Live KASLR. (2017) 161--176.  Daniel Gruss Moritz Lipp Michael Schwarz Richard Fellner Clementine Maurice and Stefan Mangard. 2017. KASLR is Dead: Long Live KASLR. (2017) 161--176.","DOI":"10.1007\/978-3-319-62105-0_11"},{"key":"e_1_3_2_1_20_1","unstructured":"Jayanth Gummaraju Tarun Desikan and Yoshio Turner. 2015. Over 30% of official images in docker hub contain high priority security vulnerabilities.  Jayanth Gummaraju Tarun Desikan and Yoshio Turner. 2015. Over 30% of official images in docker hub contain high priority security vulnerabilities."},{"key":"e_1_3_2_1_21_1","volume-title":"Linux Symposium","volume":"8","author":"Hallyn Serge E","year":"2008","unstructured":"Serge E Hallyn and Andrew G Morgan . 2008 . Linux capabilities: Making them work . In Linux Symposium , Vol. 8 . Serge E Hallyn and Andrew G Morgan. 2008. Linux capabilities: Making them work. In Linux Symposium, Vol. 8."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2004.06.011"},{"key":"e_1_3_2_1_23_1","unstructured":"Qualys Research Team in Security Labs. 2017. The Stack Clash. https:\/\/www.qualys.com\/2017\/06\/19\/stack-clash\/stack-clash.txt  Qualys Research Team in Security Labs. 2017. The Stack Clash. https:\/\/www.qualys.com\/2017\/06\/19\/stack-clash\/stack-clash.txt"},{"key":"e_1_3_2_1_24_1","unstructured":"Docker Inc. 2018. AppArmor security profiles for Docker. https:\/\/docs.docker.com\/engine\/security\/apparmor\/  Docker Inc. 2018. AppArmor security profiles for Docker. https:\/\/docs.docker.com\/engine\/security\/apparmor\/"},{"key":"e_1_3_2_1_25_1","unstructured":"Docker Inc. 2018. Docker overview. https:\/\/docs.docker.com\/engine\/docker-overview\/  Docker Inc. 2018. Docker overview. https:\/\/docs.docker.com\/engine\/docker-overview\/"},{"key":"e_1_3_2_1_26_1","unstructured":"Docker Inc. 2018. Docker Seccomp Profile. https:\/\/github.com\/moby\/moby\/blob\/master\/profiles\/seccomp\/default.json  Docker Inc. 2018. Docker Seccomp Profile. https:\/\/github.com\/moby\/moby\/blob\/master\/profiles\/seccomp\/default.json"},{"key":"e_1_3_2_1_27_1","unstructured":"Docker Inc. 2018. Install Docker CE from binaries. https:\/\/docs.docker.com\/install\/linux\/docker-ce\/binaries\/  Docker Inc. 2018. Install Docker CE from binaries. https:\/\/docs.docker.com\/install\/linux\/docker-ce\/binaries\/"},{"key":"e_1_3_2_1_28_1","unstructured":"Docker Inc. 2018. Protect the Docker daemon socket. https:\/\/docs.docker.com\/engine\/security\/https\/  Docker Inc. 2018. Protect the Docker daemon socket. https:\/\/docs.docker.com\/engine\/security\/https\/"},{"key":"e_1_3_2_1_29_1","unstructured":"Docker Inc. 2018. Seccomp security profiles for Docker. https:\/\/docs.docker.com\/engine\/security\/seccomp\/  Docker Inc. 2018. Seccomp security profiles for Docker. https:\/\/docs.docker.com\/engine\/security\/seccomp\/"},{"key":"e_1_3_2_1_30_1","unstructured":"Docker Inc. 2018. WHAT IS A CONTAINER. https:\/\/www.docker.com\/what-container  Docker Inc. 2018. WHAT IS A CONTAINER. https:\/\/www.docker.com\/what-container"},{"key":"e_1_3_2_1_31_1","unstructured":"Docker Inc. 2018. WHAT IS DOCKER. https:\/\/www.docker.com\/what-docker  Docker Inc. 2018. WHAT IS DOCKER. https:\/\/www.docker.com\/what-docker"},{"key":"e_1_3_2_1_32_1","unstructured":"Red Hat Inc. 2018. Red Hat OpenShift Online. https:\/\/www.openshift.com\/products\/online\/  Red Hat Inc. 2018. Red Hat OpenShift Online. https:\/\/www.openshift.com\/products\/online\/"},{"key":"e_1_3_2_1_33_1","unstructured":"VMware Inc. 2018. VMWare Airwatch BYOD. http:\/\/acestandard.org\/zh-hans\/solutions\/bring-your-own-device-byod  VMware Inc. 2018. VMWare Airwatch BYOD. http:\/\/acestandard.org\/zh-hans\/solutions\/bring-your-own-device-byod"},{"key":"e_1_3_2_1_34_1","unstructured":"Wikimedia Foundation Inc. 2018. Docker (software). https:\/\/en.wikipedia.org\/wiki\/Docker_(software)  Wikimedia Foundation Inc. 2018. Docker (software). https:\/\/en.wikipedia.org\/wiki\/Docker_(software)"},{"key":"e_1_3_2_1_35_1","unstructured":"Wikimedia Foundation Inc. 2018. LXC. https:\/\/en.wikipedia.org\/wiki\/LXC  Wikimedia Foundation Inc. 2018. LXC. https:\/\/en.wikipedia.org\/wiki\/LXC"},{"key":"e_1_3_2_1_36_1","unstructured":"Wikimedia Foundation Inc. 2018. Supervisor Mode Access Prevention. https:\/\/en.wikipedia.org\/wiki\/Supervisor_Mode_Access_Prevention  Wikimedia Foundation Inc. 2018. Supervisor Mode Access Prevention. https:\/\/en.wikipedia.org\/wiki\/Supervisor_Mode_Access_Prevention"},{"key":"e_1_3_2_1_37_1","unstructured":"Wikimedia Foundation Inc. 2018. XML external entity attack. https:\/\/en.wikipedia.org\/wiki\/XML_external_entity_attack  Wikimedia Foundation Inc. 2018. XML external entity attack. https:\/\/en.wikipedia.org\/wiki\/XML_external_entity_attack"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3058060.3058085"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1007\/11596981_172"},{"key":"e_1_3_2_1_40_1","volume-title":"Hypervisor-Based Active Data Protection for Integrity and Confidentiality of Dynamically Allocated Memory in Windows Kernel. CoRR abs\/1805.11847","author":"Korkin Igor","year":"2018","unstructured":"Igor Korkin . 2018. Hypervisor-Based Active Data Protection for Integrity and Confidentiality of Dynamically Allocated Memory in Windows Kernel. CoRR abs\/1805.11847 ( 2018 ). arXiv:1805.11847 http:\/\/arxiv.org\/abs\/1805.11847 Igor Korkin. 2018. Hypervisor-Based Active Data Protection for Integrity and Confidentiality of Dynamically Allocated Memory in Windows Kernel. CoRR abs\/1805.11847 (2018). arXiv:1805.11847 http:\/\/arxiv.org\/abs\/1805.11847"},{"key":"e_1_3_2_1_41_1","volume-title":"DIMVA 2017, Bonn, Germany, July 6-7, 2017, Proceedings. Springer, 230--251","author":"Lei Lingguang","year":"2017","unstructured":"Lingguang Lei , Jianhua Sun , Kun Sun , Chris Shenefiel , Rui Ma , Yuewu Wang , and Qi Li . 2017 . SPEAKER: Split-Phase Execution of Application Containers. In Detection of Intrusions and Malware, and Vulnerability Assessment - 14th International Conference , DIMVA 2017, Bonn, Germany, July 6-7, 2017, Proceedings. Springer, 230--251 . Lingguang Lei, Jianhua Sun, Kun Sun, Chris Shenefiel, Rui Ma, Yuewu Wang, and Qi Li. 2017. SPEAKER: Split-Phase Execution of Application Containers. In Detection of Intrusions and Malware, and Vulnerability Assessment - 14th International Conference, DIMVA 2017, Bonn, Germany, July 6-7, 2017, Proceedings. Springer, 230--251."},{"key":"e_1_3_2_1_42_1","first-page":"16","article-title":"A New Taxonomy of Linux\/Unix Operating System and Network Vulnerabilities","volume":"3","author":"Li Yi","year":"2006","unstructured":"Yi Li and Xin-Ming Li . 2006 . A New Taxonomy of Linux\/Unix Operating System and Network Vulnerabilities . Journal of Communication and Computer 3 , 8 (2006), 16 -- 19 . Yi Li and Xin-Ming Li. 2006. A New Taxonomy of Linux\/Unix Operating System and Network Vulnerabilities. Journal of Communication and Computer 3, 8 (2006), 16--19.","journal-title":"Journal of Communication and Computer"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSE.2009.372"},{"key":"e_1_3_2_1_44_1","unstructured":"Cellrox ltd. 2015. Cellrox Mobile Virtualization. http:\/\/www.cellrox.com\/  Cellrox ltd. 2015. Cellrox Mobile Virtualization. http:\/\/www.cellrox.com\/"},{"key":"e_1_3_2_1_45_1","unstructured":"Canonical Ltd. 2018. LXC Introduction. https:\/\/linuxcontainers.org\/lxc\/introduction\/#  Canonical Ltd. 2018. LXC Introduction. https:\/\/linuxcontainers.org\/lxc\/introduction\/#"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"crossref","unstructured":"Tao Lu and Jie Chen. 2017. Research of Penetration Testing Technology in Docker Environment. (2017).  Tao Lu and Jie Chen. 2017. Research of Penetration Testing Technology in Docker Environment. (2017).","DOI":"10.2991\/icmmcce-17.2017.238"},{"key":"e_1_3_2_1_47_1","unstructured":"Linux Man. 2017. Cgroup_namespaces-overview of Linux cgroup namespaces. http:\/\/www.man7.org\/linux\/man-pages\/man7\/cgroup_namespaces.7.html  Linux Man. 2017. Cgroup_namespaces-overview of Linux cgroup namespaces. http:\/\/www.man7.org\/linux\/man-pages\/man7\/cgroup_namespaces.7.html"},{"key":"e_1_3_2_1_48_1","unstructured":"Linux Man. 2018. Capabilities - overview of Linux capabilities. http:\/\/man7.org\/linux\/man-pages\/man7\/capabilities.7.html  Linux Man. 2018. Capabilities - overview of Linux capabilities. http:\/\/man7.org\/linux\/man-pages\/man7\/capabilities.7.html"},{"key":"e_1_3_2_1_49_1","unstructured":"Linux Man. 2018. Namespaces-overview of Linux namespaces. http:\/\/man7.org\/linux\/man-pages\/man7\/namespaces.7.html  Linux Man. 2018. Namespaces-overview of Linux namespaces. http:\/\/man7.org\/linux\/man-pages\/man7\/namespaces.7.html"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2018.03.011"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2015.7346869"},{"key":"e_1_3_2_1_52_1","volume-title":"Selinux: Nsa's open source security enhanced linux.","author":"McCarty Bill","year":"2005","unstructured":"Bill McCarty . 2005 . Selinux: Nsa's open source security enhanced linux. Vol. 238 . O'Reilly . http:\/\/www.oreilly.de\/catalog\/selinux\/index.html Bill McCarty. 2005. Selinux: Nsa's open source security enhanced linux. Vol. 238. O'Reilly. http:\/\/www.oreilly.de\/catalog\/selinux\/index.html"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.5555\/2600239.2600241"},{"key":"e_1_3_2_1_54_1","unstructured":"Microsoft. 2018. Azure Kubernetes Service. https:\/\/azure.microsoft.com\/en-us\/services\/kubernetes-service\/  Microsoft. 2018. Azure Kubernetes Service. https:\/\/azure.microsoft.com\/en-us\/services\/kubernetes-service\/"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/997150.997156"},{"key":"e_1_3_2_1_56_1","unstructured":"A Mouat. 2015. Docker Security Using Containers Safely in Production.  A Mouat. 2015. Docker Security Using Containers Safely in Production."},{"key":"e_1_3_2_1_57_1","unstructured":"IAN MUSCAT. 2017. What is Server Side Request Forgery (SSRF). https:\/\/www.acunetix.com\/blog\/articles\/server-side-request-forgery-vulnerability\/  IAN MUSCAT. 2017. What is Server Side Request Forgery (SSRF). https:\/\/www.acunetix.com\/blog\/articles\/server-side-request-forgery-vulnerability\/"},{"key":"e_1_3_2_1_58_1","volume-title":"Department of Commerce","author":"NIST","year":"2018","unstructured":"NIST U.S. Department of Commerce . 2018 . NVD. https:\/\/nvd.nist.gov\/ NIST U.S. Department of Commerce. 2018. NVD. https:\/\/nvd.nist.gov\/"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2015.7232966"},{"key":"e_1_3_2_1_60_1","unstructured":"K. C. Quest. 2018. docker-slim: Lean and mean docker containers. https:\/\/github.com\/docker-slim\/docker-slim  K. C. Quest. 2018. docker-slim: Lean and mean docker containers. https:\/\/github.com\/docker-slim\/docker-slim"},{"key":"e_1_3_2_1_61_1","volume-title":"Somesh Jha, and Patrick D. McDaniel.","author":"Rastogi Vaibhav","year":"2016","unstructured":"Vaibhav Rastogi , Drew Davidson , Lorenzo De Carli , Somesh Jha, and Patrick D. McDaniel. 2016 . Towards Least Privilege Containers with Cimplifier. CoRR abs\/1602.08410 (2016). arXiv:1602.08410 http:\/\/arxiv.org\/abs\/1602.08410 Vaibhav Rastogi, Drew Davidson, Lorenzo De Carli, Somesh Jha, and Patrick D. McDaniel. 2016. Towards Least Privilege Containers with Cimplifier. CoRR abs\/1602.08410 (2016). arXiv:1602.08410 http:\/\/arxiv.org\/abs\/1602.08410"},{"key":"e_1_3_2_1_62_1","volume-title":"NordSec 2014, Troms\u00f8, Norway, October 15-17, 2014, Proceedings. 77--93","author":"Reshetova Elena","unstructured":"Elena Reshetova , Janne Karhunen , Thomas Nyman , and N. Asokan . 2014. Security of OS-Level Virtualization Technologies. In Secure IT Systems - 19th Nordic Conference , NordSec 2014, Troms\u00f8, Norway, October 15-17, 2014, Proceedings. 77--93 . Elena Reshetova, Janne Karhunen, Thomas Nyman, and N. Asokan. 2014. Security of OS-Level Virtualization Technologies. In Secure IT Systems - 19th Nordic Conference, NordSec 2014, Troms\u00f8, Norway, October 15-17, 2014, Proceedings. 77--93."},{"key":"e_1_3_2_1_63_1","unstructured":"Samsung. 2018. Samsung Knox Workspace. https:\/\/www.samsungknox.com\/en\/solutions\/it-solutions\/knox-workspace  Samsung. 2018. Samsung Knox Workspace. https:\/\/www.samsungknox.com\/en\/solutions\/it-solutions\/knox-workspace"},{"key":"e_1_3_2_1_64_1","unstructured":"Sconway. 2017. Kubernetes Continues to Move from Development to Production. https:\/\/www.cncf.io\/blog\/2017\/12\/06\/cloud-native-technologies-scaling-production-applications\/  Sconway. 2017. Kubernetes Continues to Move from Development to Production. https:\/\/www.cncf.io\/blog\/2017\/12\/06\/cloud-native-technologies-scaling-production-applications\/"},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/3029806.3029832"},{"key":"e_1_3_2_1_66_1","volume-title":"Byte-unixbench: A Unix benchmark suite. Technical report","author":"Smith Ben","year":"2011","unstructured":"Ben Smith , Rick Grehan , Tom Yager , and DC Niemi . 2011 . Byte-unixbench: A Unix benchmark suite. Technical report (2011). Ben Smith, Rick Grehan, Tom Yager, and DC Niemi. 2011. Byte-unixbench: A Unix benchmark suite. Technical report (2011)."},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2421012"},{"key":"e_1_3_2_1_68_1","unstructured":"James Turnbull. 2014. The Docker Book: Containerization is the new virtualization. James Turnbull.  James Turnbull. 2014. The Docker Book: Containerization is the new virtualization. James Turnbull."},{"key":"e_1_3_2_1_69_1","unstructured":"Nick Wilfahrt. 2016. Dirtycow vulnerability Details. https:\/\/github.com\/dirtycow\/dirtycow.github.io\/wiki\/VulnerabilityDetails  Nick Wilfahrt. 2016. Dirtycow vulnerability Details. https:\/\/github.com\/dirtycow\/dirtycow.github.io\/wiki\/VulnerabilityDetails"},{"key":"e_1_3_2_1_70_1","first-page":"4","article-title":"A Taxonomy of Software Vulnerabilities in Unix\/Linux Systems","volume":"31","author":"Yi L. I.","year":"2005","unstructured":"L. I. Yi , L. I. Xinming , and Xianggang Jiang . 2005 . A Taxonomy of Software Vulnerabilities in Unix\/Linux Systems . Computer Engineering 31 , 6 (2005), 4 -- 6 . L. I. Yi, L. I. Xinming, and Xianggang Jiang. 2005. A Taxonomy of Software Vulnerabilities in Unix\/Linux Systems. Computer Engineering 31, 6 (2005), 4--6.","journal-title":"Computer Engineering"},{"key":"e_1_3_2_1_71_1","volume-title":"ROP Attack and Defense Technology based on ARM. Information Security & Communications Privacy","author":"Yi QIAN","year":"2012","unstructured":"QIAN Yi , WANG Yi-jun, and XUE Zhi . 2012. ROP Attack and Defense Technology based on ARM. Information Security & Communications Privacy ( 2012 ). QIAN Yi, WANG Yi-jun, and XUE Zhi. 2012. ROP Attack and Defense Technology based on ARM. Information Security & Communications Privacy (2012)."},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1080\/03088839.2016.1253883"}],"event":{"name":"ACSAC '18: 2018 Annual Computer Security Applications Conference","location":"San Juan PR USA","acronym":"ACSAC '18","sponsor":["ACSA Applied Computing Security Assoc"]},"container-title":["Proceedings of the 34th Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3274694.3274720","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3274694.3274720","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3274694.3274720","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T00:57:56Z","timestamp":1750208276000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3274694.3274720"}},"subtitle":["Attacks and Countermeasures"],"short-title":[],"issued":{"date-parts":[[2018,12,3]]},"references-count":71,"alternative-id":["10.1145\/3274694.3274720","10.1145\/3274694"],"URL":"https:\/\/doi.org\/10.1145\/3274694.3274720","relation":{},"subject":[],"published":{"date-parts":[[2018,12,3]]},"assertion":[{"value":"2018-12-03","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}