{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,27]],"date-time":"2026-03-27T17:07:31Z","timestamp":1774631251784,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":53,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,4,3]],"date-time":"2019-04-03T00:00:00Z","timestamp":1554249600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,4,3]]},"DOI":"10.1145\/3314148.3314349","type":"proceedings-article","created":{"date-parts":[[2019,10,7]],"date-time":"2019-10-07T13:24:18Z","timestamp":1570454658000},"page":"49-61","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":37,"title":["eZTrust"],"prefix":"10.1145","author":[{"given":"Zirak","family":"Zaheer","sequence":"first","affiliation":[{"name":"University of Utah"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hyunseok","family":"Chang","sequence":"additional","affiliation":[{"name":"Nokia Bell Labs"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sarit","family":"Mukherjee","sequence":"additional","affiliation":[{"name":"Nokia Bell Labs"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jacobus","family":"Van der Merwe","sequence":"additional","affiliation":[{"name":"University of Utah"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2019,4,3]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Building Microservices: Designing Fine-Grained Systems","author":"Newman Sam","year":"2015","unstructured":"Sam Newman . 2015 . Building Microservices: Designing Fine-Grained Systems . O'Reilly Media, Inc. Sam Newman. 2015. Building Microservices: Designing Fine-Grained Systems. O'Reilly Media, Inc."},{"key":"e_1_3_2_1_2_1","first-page":"2016","year":"2018","unstructured":"2018 . Cisco Global Cloud Index: Forecast and Methodology 2016 - 2021 . White Paper. Cisco Systems, Inc. (2018). 2018. Cisco Global Cloud Index: Forecast and Methodology 2016-2021. White Paper. Cisco Systems, Inc. (2018).","journal-title":"Cisco Global Cloud Index: Forecast and Methodology"},{"key":"e_1_3_2_1_3_1","volume-title":"Zero Trust Networks","author":"Barth Doug","unstructured":"Doug Barth and Evan Gilman . 2017. Zero Trust Networks . O'Reilly Media, Inc. Doug Barth and Evan Gilman. 2017. Zero Trust Networks. O'Reilly Media, Inc."},{"key":"e_1_3_2_1_4_1","volume-title":"Proc. DC CAVES Workshop.","author":"Pettit Justin","year":"2010","unstructured":"Justin Pettit , Jesse Gross , Ben Pfaff , Martin Casado , and Simon Crosby . 2010 . Virtual Switching in an Era of Advanced Edges . In Proc. DC CAVES Workshop. Justin Pettit, Jesse Gross, Ben Pfaff, Martin Casado, and Simon Crosby. 2010. Virtual Switching in an Era of Advanced Edges. In Proc. DC CAVES Workshop."},{"key":"e_1_3_2_1_5_1","unstructured":"2018. VMware NSX. http:\/\/www.vmware.com\/products\/nsx.html. (2018).  2018. VMware NSX. http:\/\/www.vmware.com\/products\/nsx.html. (2018)."},{"key":"e_1_3_2_1_6_1","unstructured":"2018. OVSDB:Security Groups - OpenDaylight Project. https:\/\/wiki.opendaylight.org\/view\/OVSDB:Security_Groups. (2018).  2018. OVSDB:Security Groups - OpenDaylight Project. https:\/\/wiki.opendaylight.org\/view\/OVSDB:Security_Groups. (2018)."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2016.7524508"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOMW.2016.7562213"},{"key":"e_1_3_2_1_9_1","volume-title":"Proc. USENIX NSDI.","author":"Moshref Masoud","year":"2013","unstructured":"Masoud Moshref , Minlan Yu , Abhishek Sharma , and Ramesh Govindan . 2013 . Scalable Rule Management for Data Centers . In Proc. USENIX NSDI. Masoud Moshref, Minlan Yu, Abhishek Sharma, and Ramesh Govindan. 2013. Scalable Rule Management for Data Centers. In Proc. USENIX NSDI."},{"key":"e_1_3_2_1_10_1","unstructured":"Stijn Vanveerdeghem. 2018. VMware NSX - Context-Aware Micro-segmentation. https:\/\/blogs.vmware.com\/networkvirtualization\/2018\/02\/context-aware-micro-segmentation-innovative-approach-application-user-identity-firewall.html. (2018).  Stijn Vanveerdeghem. 2018. VMware NSX - Context-Aware Micro-segmentation. https:\/\/blogs.vmware.com\/networkvirtualization\/2018\/02\/context-aware-micro-segmentation-innovative-approach-application-user-identity-firewall.html. (2018)."},{"key":"e_1_3_2_1_11_1","unstructured":"Roie Ben Haim. 2016. NSX Identity Firewall - Deep Dive. http:\/\/www.routetocloud.com\/2016\/11\/nsx-identity-firewall-deep-dive\/. (2016).  Roie Ben Haim. 2016. NSX Identity Firewall - Deep Dive. http:\/\/www.routetocloud.com\/2016\/11\/nsx-identity-firewall-deep-dive\/. (2016)."},{"key":"e_1_3_2_1_12_1","unstructured":"2018. Sysdig. https:\/\/sysdig.com. (2018).  2018. Sysdig. https:\/\/sysdig.com. (2018)."},{"key":"e_1_3_2_1_13_1","unstructured":"2018. Prometheus. https:\/\/prometheus.io. (2018).  2018. Prometheus. https:\/\/prometheus.io. (2018)."},{"key":"e_1_3_2_1_14_1","unstructured":"2018. Lumogon. https:\/\/github.com\/puppetlabs\/lumogon. (2018).  2018. Lumogon. https:\/\/github.com\/puppetlabs\/lumogon. (2018)."},{"key":"e_1_3_2_1_15_1","unstructured":"2017. A thorough introduction to eBPF. https:\/\/lwn.net\/Articles\/740157\/. (2017).  2017. A thorough introduction to eBPF. https:\/\/lwn.net\/Articles\/740157\/. (2017)."},{"key":"e_1_3_2_1_16_1","volume-title":"Proc. USENIX NSDI.","author":"Ben","unstructured":"Ben Pfaff et al. 2015. The Design and Implementation of Open vSwitch . In Proc. USENIX NSDI. Ben Pfaff et al. 2015. The Design and Implementation of Open vSwitch. In Proc. USENIX NSDI."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/SmartCloud.2016.22"},{"key":"e_1_3_2_1_18_1","unstructured":"2018. Trireme. https:\/\/github.com\/aporeto-inc\/trireme-lib. (2018).  2018. Trireme. https:\/\/github.com\/aporeto-inc\/trireme-lib. (2018)."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3098822.3098842"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1519144.1519146"},{"key":"e_1_3_2_1_21_1","unstructured":"2018. Cilium. https:\/\/cilium.io. (2018).  2018. Cilium. https:\/\/cilium.io. (2018)."},{"key":"e_1_3_2_1_22_1","unstructured":"2018. vArmour DSS Distributed Security System. https:\/\/www.varmour.com\/pdf\/data-sheet\/vArmour-DSS-Data-Sheet.pdf. (2018).  2018. vArmour DSS Distributed Security System. https:\/\/www.varmour.com\/pdf\/data-sheet\/vArmour-DSS-Data-Sheet.pdf. (2018)."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2620728.2620735"},{"key":"e_1_3_2_1_24_1","volume-title":"Microservices: From Design to Deployment. Nginx","author":"Richardson Chris","year":"2016","unstructured":"Chris Richardson and Floyd Smith . 2016 . Microservices: From Design to Deployment. Nginx , Inc . (2016). Chris Richardson and Floyd Smith. 2016. Microservices: From Design to Deployment. Nginx, Inc. (2016)."},{"key":"e_1_3_2_1_25_1","unstructured":"2018. Istio. https:\/\/istio.io. (2018).  2018. Istio. https:\/\/istio.io. (2018)."},{"key":"e_1_3_2_1_26_1","unstructured":"2018. Consul. https:\/\/www.consul.io. (2018).  2018. Consul. https:\/\/www.consul.io. (2018)."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/IC2EW.2016.10"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/IMIS.2015.31"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/316188.316216"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2629460"},{"key":"e_1_3_2_1_31_1","volume-title":"Proc. USENIX ATC.","author":"Kashyap Sanidhya","year":"2016","unstructured":"Sanidhya Kashyap , Changwoo Min , Byoungyoung Lee , and Tae-soo Kim. 2016 . Instant OS Updates via Userspace Checkpoint-and-Restart . In Proc. USENIX ATC. Sanidhya Kashyap, Changwoo Min, Byoungyoung Lee, and Tae-soo Kim. 2016. Instant OS Updates via Userspace Checkpoint-and-Restart. In Proc. USENIX ATC."},{"key":"e_1_3_2_1_32_1","unstructured":"2015. IO visor bcc. https:\/\/github.com\/iovisor\/bcc. (2015).  2015. IO visor bcc. https:\/\/github.com\/iovisor\/bcc. (2015)."},{"key":"e_1_3_2_1_33_1","unstructured":"2018. Docker-SDK. https:\/\/docker-py.readthedocs.io\/en\/stable\/. (2018).  2018. Docker-SDK. https:\/\/docker-py.readthedocs.io\/en\/stable\/. (2018)."},{"key":"e_1_3_2_1_34_1","unstructured":"2018. Redis. https:\/\/redis.io. (2018).  2018. Redis. https:\/\/redis.io. (2018)."},{"key":"e_1_3_2_1_35_1","volume-title":"Proc. NetDev 1.1.","author":"Borkmann Daniel","year":"2016","unstructured":"Daniel Borkmann . 2016 . On getting tc classifier fully programmable with cls bpf . In Proc. NetDev 1.1. Daniel Borkmann. 2016. On getting tc classifier fully programmable with cls bpf. In Proc. NetDev 1.1."},{"key":"e_1_3_2_1_36_1","volume-title":"Proc. NetDev 1.2.","author":"Borkmann Daniel","year":"2016","unstructured":"Daniel Borkmann . 2016 . Advanced programmability and recent updates with tc's cls bpf . In Proc. NetDev 1.2. Daniel Borkmann. 2016. Advanced programmability and recent updates with tc's cls bpf. In Proc. NetDev 1.2."},{"key":"e_1_3_2_1_37_1","volume-title":"Proc. USENIX Security Symposium.","author":"Rescorla Eric","year":"2003","unstructured":"Eric Rescorla . 2003 . Security holes... Who cares? In Proc. USENIX Security Symposium. Eric Rescorla. 2003. Security holes... Who cares? In Proc. USENIX Security Symposium."},{"key":"e_1_3_2_1_38_1","volume-title":"Proc. USENIX LISA.","author":"Beattie Steve","year":"2002","unstructured":"Steve Beattie , Seth Arnold , Crispin Cowan , Perry Wagle , Chris Wright , and Adam Shostack . 2002 . Timing the Application of Security Patches for Optimal Uptime . In Proc. USENIX LISA. Steve Beattie, Seth Arnold, Crispin Cowan, Perry Wagle, Chris Wright, and Adam Shostack. 2002. Timing the Application of Security Patches for Optimal Uptime. In Proc. USENIX LISA."},{"key":"e_1_3_2_1_39_1","unstructured":"2018. Clair: Vulnerability Static Analysis for Containers. https:\/\/github.com\/coreos\/clair\/. (2018).  2018. Clair: Vulnerability Static Analysis for Containers. https:\/\/github.com\/coreos\/clair\/. (2018)."},{"key":"e_1_3_2_1_40_1","volume-title":"Proc. USENIX ATC.","author":"Tak Byungchul","year":"2017","unstructured":"Byungchul Tak , Canturk Isci , Sastry Duri , Nilton Bila , Shripad Nadgowda , and James Doran . 2017 . Understanding Security Implications of Using Containers in the Cloud . In Proc. USENIX ATC. Byungchul Tak, Canturk Isci, Sastry Duri, Nilton Bila, Shripad Nadgowda, and James Doran. 2017. Understanding Security Implications of Using Containers in the Cloud. In Proc. USENIX ATC."},{"key":"e_1_3_2_1_41_1","unstructured":"2018. CloudLab. https:\/\/cloudlab.us. (2018).  2018. CloudLab. https:\/\/cloudlab.us. (2018)."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243157.3243161"},{"key":"e_1_3_2_1_43_1","unstructured":"Thomas Graf. 2018. Why is the Kernel Community Replacing Ipt-ables with BPF? https:\/\/cilium.io\/blog\/2018\/04\/17\/why-is-the-kernel-community-replacing-iptables\/. (2018).  Thomas Graf. 2018. Why is the Kernel Community Replacing Ipt-ables with BPF? https:\/\/cilium.io\/blog\/2018\/04\/17\/why-is-the-kernel-community-replacing-iptables\/. (2018)."},{"key":"e_1_3_2_1_44_1","unstructured":"2017. The Heartbleed Bug. http:\/\/heartbleed.com. (2017).  2017. The Heartbleed Bug. http:\/\/heartbleed.com. (2017)."},{"key":"e_1_3_2_1_45_1","unstructured":"2018. Snort. https:\/\/snort.org. (2018).  2018. Snort. https:\/\/snort.org. (2018)."},{"key":"e_1_3_2_1_46_1","unstructured":"2014. FBI Snort Signatures (Heartbleed). https:\/\/ics-cert.us-cert.gov\/UPDATE-FBI-Snort-Signatures-Heartbleed-April-2014. (2014).  2014. FBI Snort Signatures (Heartbleed). https:\/\/ics-cert.us-cert.gov\/UPDATE-FBI-Snort-Signatures-Heartbleed-April-2014. (2014)."},{"key":"e_1_3_2_1_47_1","unstructured":"2017. Sock Shop -- A Microservices Demo Application. https:\/\/microservices-demo.github.io. (2017).  2017. Sock Shop -- A Microservices Demo Application. https:\/\/microservices-demo.github.io. (2017)."},{"key":"e_1_3_2_1_48_1","unstructured":"2018. Docker Security. https:\/\/docs.docker.com\/engine\/security\/security\/. (2018).  2018. Docker Security. https:\/\/docs.docker.com\/engine\/security\/security\/. (2018)."},{"key":"e_1_3_2_1_49_1","volume-title":"Meltem S\u00f6nmez Turan, and Nicky Mouha","author":"McKay Kerry A.","year":"2017","unstructured":"Kerry A. McKay , Larry Bassham , Meltem S\u00f6nmez Turan, and Nicky Mouha . 2017 . Report on Lightweight Cryptography . (2017). Kerry A. McKay, Larry Bassham, Meltem S\u00f6nmez Turan, and Nicky Mouha. 2017. Report on Lightweight Cryptography. (2017)."},{"key":"e_1_3_2_1_50_1","unstructured":"Ying Li. 2017. Introducing Docker Secrets Management. https:\/\/blog.docker.com\/2017\/02\/docker-secrets-management\/. (2017).  Ying Li. 2017. Introducing Docker Secrets Management. https:\/\/blog.docker.com\/2017\/02\/docker-secrets-management\/. (2017)."},{"key":"e_1_3_2_1_51_1","unstructured":"2018. Distribute Credentials Securely Using Secrets. https:\/\/kubernetes.io\/docs\/tasks\/inject-data-application\/distribute-credentials-secure\/. (2018).  2018. Distribute Credentials Securely Using Secrets. https:\/\/kubernetes.io\/docs\/tasks\/inject-data-application\/distribute-credentials-secure\/. (2018)."},{"key":"e_1_3_2_1_52_1","unstructured":"2018. Netronome Agilio CX. https:\/\/www.netronome.com\/products\/agilio-cx\/. (2018).  2018. Netronome Agilio CX. https:\/\/www.netronome.com\/products\/agilio-cx\/. (2018)."},{"key":"e_1_3_2_1_53_1","volume-title":"Proc. NetDev 1.2.","author":"Kicinski Jakub","year":"2016","unstructured":"Jakub Kicinski and Nicolaas Viljoen . 2016 . eBPF Hardware Offload to SmartNICs: cls bpf and XDP . In Proc. NetDev 1.2. Jakub Kicinski and Nicolaas Viljoen. 2016. eBPF Hardware Offload to SmartNICs: cls bpf and XDP. In Proc. NetDev 1.2."}],"event":{"name":"SOSR '19: Symposium on SDN Research","location":"San Jose CA USA","acronym":"SOSR '19","sponsor":["SIGCOMM ACM Special Interest Group on Data Communication"]},"container-title":["Proceedings of the 2019 ACM Symposium on SDN Research"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3314148.3314349","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3314148.3314349","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:54:24Z","timestamp":1750204464000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3314148.3314349"}},"subtitle":["Network-Independent Zero-Trust Perimeterization for Microservices"],"short-title":[],"issued":{"date-parts":[[2019,4,3]]},"references-count":53,"alternative-id":["10.1145\/3314148.3314349","10.1145\/3314148"],"URL":"https:\/\/doi.org\/10.1145\/3314148.3314349","relation":{},"subject":[],"published":{"date-parts":[[2019,4,3]]},"assertion":[{"value":"2019-04-03","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}