{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,29]],"date-time":"2026-01-29T20:51:55Z","timestamp":1769719915338,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":35,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,8,26]],"date-time":"2019-08-26T00:00:00Z","timestamp":1566777600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,8,26]]},"DOI":"10.1145\/3339252.3340502","type":"proceedings-article","created":{"date-parts":[[2019,8,9]],"date-time":"2019-08-09T12:21:03Z","timestamp":1565353263000},"page":"1-6","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":15,"title":["Leveraging Kernel Security Mechanisms to Improve Container Security"],"prefix":"10.1145","author":[{"given":"Maxime","family":"B\u00e9lair","sequence":"first","affiliation":[{"name":"Orange Labs, IMT Atlantique, Caen, France"}]},{"given":"Sylvie","family":"Laniepce","sequence":"additional","affiliation":[{"name":"Orange Labs, Caen, France"}]},{"given":"Jean-Marc","family":"Menaud","sequence":"additional","affiliation":[{"name":"IMT Atlantique, STACK, INRIA, LS2N, Nantes, France"}]}],"member":"320","published-online":{"date-parts":[[2019,8,26]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Amazon. 2019. AWS Firecracker GitHub Repository. https:\/\/github.com\/firecracker-microvm\/firecracker. (2019).  Amazon. 2019. AWS Firecracker GitHub Repository. https:\/\/github.com\/firecracker-microvm\/firecracker. (2019)."},{"key":"e_1_3_2_1_2_1","unstructured":"Pratyush Anand. 2017. A presentation of eBPF. https:\/\/opensource.com\/article\/17\/9\/intro-ebpf. (2017).  Pratyush Anand. 2017. A presentation of eBPF. https:\/\/opensource.com\/article\/17\/9\/intro-ebpf. (2017)."},{"key":"e_1_3_2_1_3_1","volume-title":"Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation (OSDI'16)","author":"Arnautov Sergei","year":"2016"},{"key":"e_1_3_2_1_4_1","volume-title":"Paranoid Penguin: An Introduction to Novell AppArmor. Linux J.","author":"Bauer Mick","year":"2006"},{"key":"e_1_3_2_1_5_1","volume-title":"Integrity verification of Docker containers for a lightweight cloud environment. Future Generation Computer Systems","author":"Benedictis Marco De","year":"2019"},{"key":"e_1_3_2_1_6_1","unstructured":"Theo De Raadt. 2015. pledge() a new mitigation mechanism (Hackfest '15). Qu\u00e9bec. https:\/\/www.openbsd.org\/papers\/hackfest2015-pledge\/mgp00001.html  Theo De Raadt. 2015. pledge() a new mitigation mechanism (Hackfest '15). Qu\u00e9bec. https:\/\/www.openbsd.org\/papers\/hackfest2015-pledge\/mgp00001.html"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/224057.224076"},{"key":"e_1_3_2_1_8_1","volume-title":"An Updated Performance Comparison of Virtual Machines and Linux Containers. technology 25","author":"Felter Wes","year":"2014"},{"key":"e_1_3_2_1_9_1","unstructured":"Free Software Foundation. 2019. Chroot man page (2). http:\/\/man7.org\/linux\/man-pages\/man2\/chroot.2.html (2019).  Free Software Foundation. 2019. Chroot man page (2). http:\/\/man7.org\/linux\/man-pages\/man2\/chroot.2.html (2019)."},{"key":"e_1_3_2_1_10_1","unstructured":"OpenStack Foundation. 2019. Kata Containers Website. https:\/\/katacontainers.io\/. (2019).  OpenStack Foundation. 2019. Kata Containers Website. https:\/\/katacontainers.io\/. (2019)."},{"key":"e_1_3_2_1_11_1","unstructured":"freedesktop.org. 2017. Presentation of Seccomp BPF. https:\/\/dri.freedesktop.org\/docs\/drm\/userspace-api\/seccomp_filter.html. (2017).  freedesktop.org. 2017. Presentation of Seccomp BPF. https:\/\/dri.freedesktop.org\/docs\/drm\/userspace-api\/seccomp_filter.html. (2017)."},{"key":"e_1_3_2_1_12_1","unstructured":"Nick Frichette. 2019. PoC for CVE-2019-5736-PoC. https:\/\/github.com\/Frichetten\/CVE-2019-5736-PoC. (2019).  Nick Frichette. 2019. PoC for CVE-2019-5736-PoC. https:\/\/github.com\/Frichetten\/CVE-2019-5736-PoC. (2019)."},{"key":"e_1_3_2_1_13_1","unstructured":"Google. 2019. GVisor GitHub repository. https:\/\/github.com\/google\/gvisor. (2019).  Google. 2019. GVisor GitHub repository. https:\/\/github.com\/google\/gvisor. (2019)."},{"key":"e_1_3_2_1_14_1","unstructured":"Google. 2019. Kubernetes GitHub repository. https:\/\/github.com\/kubernetes\/kubernetes. (2019).  Google. 2019. Kubernetes GitHub repository. https:\/\/github.com\/kubernetes\/kubernetes. (2019)."},{"key":"e_1_3_2_1_15_1","volume-title":"Task Oriented Management Obviates Your Onus on Linux. Linux Conference 2004 3","author":"Harada Toshiharu","year":"2004"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/54289.871709"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2015.43"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2487726.2488370"},{"key":"e_1_3_2_1_19_1","unstructured":"Isovalent Inc. 2019. Cilium GitHub repository. https:\/\/github.com\/cilium\/cilium. (2019).  Isovalent Inc. 2019. Cilium GitHub repository. https:\/\/github.com\/cilium\/cilium. (2019)."},{"key":"e_1_3_2_1_20_1","volume-title":"Proceeding of the Free and Open Source software Developers' European Meeting (FOSDEM '18).","author":"Johansen Jhon","year":"2018"},{"key":"e_1_3_2_1_21_1","unstructured":"Daniel Lezcano St\u00e9phane Hallyn and Graber St\u00e9phane. 2018. LXC GitHub repository. https:\/\/github.com\/lxc\/lxc. (2018).  Daniel Lezcano St\u00e9phane Hallyn and Graber St\u00e9phane. 2018. LXC GitHub repository. https:\/\/github.com\/lxc\/lxc. (2018)."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3132747.3132763"},{"key":"e_1_3_2_1_23_1","volume-title":"Docker: Lightweight Linux Containers for Consistent Development and Deployment. Linux J.","author":"Merkel Dirk","year":"2014"},{"key":"e_1_3_2_1_24_1","unstructured":"Mesosphere. 2019. Marathon. https:\/\/github.com\/mesosphere\/marathon. (2019).  Mesosphere. 2019. Marathon. https:\/\/github.com\/mesosphere\/marathon. (2019)."},{"key":"e_1_3_2_1_25_1","unstructured":"NIST. 2019. NIST report for CVE-2019-5736. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-5736. (2019).  NIST. 2019. NIST report for CVE-2019-5736. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-5736. (2019)."},{"key":"e_1_3_2_1_26_1","unstructured":"Rami Rosen. 2013. Resource management:Linux kernel Namespaces and cgroups. https:\/\/www.cs.ucsb.edu\/ rich\/class\/cs293b-cloud\/papers\/lxcnamespace.pdf. (2013).  Rami Rosen. 2013. Resource management:Linux kernel Namespaces and cgroups. https:\/\/www.cs.ucsb.edu\/ rich\/class\/cs293b-cloud\/papers\/lxcnamespace.pdf. (2013)."},{"key":"e_1_3_2_1_27_1","volume-title":"Proceedings of the 13th Conference on USENIX Security Symposium -","volume":"13","author":"Sailer Reiner","year":"2004"},{"key":"e_1_3_2_1_28_1","volume-title":"File access-control per container with Landlock (FOSDEM '18)","author":"Salaun Micka\u00ebl","year":"2018"},{"key":"e_1_3_2_1_29_1","unstructured":"Micka\u00ebl Sala\u00fcn. 2018. Landlock Documentation about administrator rights. https:\/\/github.com\/landlock-lsm\/linux\/blob\/landlock-v8\/Documentation\/security\/landlock\/index.rst. (2018).  Micka\u00ebl Sala\u00fcn. 2018. Landlock Documentation about administrator rights. https:\/\/github.com\/landlock-lsm\/linux\/blob\/landlock-v8\/Documentation\/security\/landlock\/index.rst. (2018)."},{"key":"e_1_3_2_1_30_1","unstructured":"Ravi Sandhu. 2013. Access Control Models. https:\/\/www.profsandhu.com\/cs6393_s13\/L2.pdf. (2013).  Ravi Sandhu. 2013. Access Control Models. https:\/\/www.profsandhu.com\/cs6393_s13\/L2.pdf. (2013)."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"crossref","unstructured":"Michael Schwarz Samuel Weiser and Daniel Gruss. 2019. Practical Enclave Malware with Intel SGX. (2019).  Michael Schwarz Samuel Weiser and Daniel Gruss. 2019. Practical Enclave Malware with Intel SGX. (2019).","DOI":"10.1007\/978-3-030-22038-9_9"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3297858.3304016"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"crossref","unstructured":"M. Souppaya J. Morello and K. Scarfon. 2017. Application container security guide. (2017).  M. Souppaya J. Morello and K. Scarfon. 2017. Application container security guide. (2017).","DOI":"10.6028\/NIST.SP.800-190"},{"key":"e_1_3_2_1_35_1","volume-title":"Proceedings of the 27th USENIX Conference on Security Symposium (SEC'18)","author":"Sun Yuqiong","year":"2018"},{"key":"e_1_3_2_1_36_1","volume-title":"Proceedings of the 11th USENIX Security Symposium. USENIX Association","author":"Wright Chris","year":"2002"}],"event":{"name":"ARES '19: 14th International Conference on Availability, Reliability and Security","location":"Canterbury CA United Kingdom","acronym":"ARES '19"},"container-title":["Proceedings of the 14th International Conference on Availability, Reliability and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3339252.3340502","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3339252.3340502","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:44:17Z","timestamp":1750203857000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3339252.3340502"}},"subtitle":["a Survey"],"short-title":[],"issued":{"date-parts":[[2019,8,26]]},"references-count":35,"alternative-id":["10.1145\/3339252.3340502","10.1145\/3339252"],"URL":"https:\/\/doi.org\/10.1145\/3339252.3340502","relation":{},"subject":[],"published":{"date-parts":[[2019,8,26]]},"assertion":[{"value":"2019-08-26","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}