{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T18:01:07Z","timestamp":1773511267602,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":67,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,11,1]],"date-time":"2021-11-01T00:00:00Z","timestamp":1635724800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11]]},"DOI":"10.1145\/3472883.3486976","type":"proceedings-article","created":{"date-parts":[[2021,10,27]],"date-time":"2021-10-27T10:48:16Z","timestamp":1635331696000},"page":"518-532","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":17,"title":["Secure Namespaced Kernel Audit for Containers"],"prefix":"10.1145","author":[{"given":"Soo Yee","family":"Lim","sequence":"first","affiliation":[{"name":"University of British Columbia, Vancouver, British Columbia, Canada"}]},{"given":"Bogdan","family":"Stelea","sequence":"additional","affiliation":[{"name":"University of Bristol, Bristol, United Kingdom"}]},{"given":"Xueyuan","family":"Han","sequence":"additional","affiliation":[{"name":"Harvard University Cambridge, Massachusetts, USA"}]},{"given":"Thomas","family":"Pasquier","sequence":"additional","affiliation":[{"name":"University of British Columbia, Vancouver, British Columbia, Canada"}]}],"member":"320","published-online":{"date-parts":[[2021,11]]},"reference":[{"key":"e_1_3_2_2_1_1","volume-title":"online (accessed 29th","author":"Kafka Apche","year":"2021","unstructured":"[n.d.]. Apche Kafka . online (accessed 29th September 2021 ). https:\/\/kafka.apache.org\/. [n.d.]. Apche Kafka. online (accessed 29th September 2021). https:\/\/kafka.apache.org\/."},{"key":"e_1_3_2_2_2_1","volume-title":"online (accessed 29th","year":"2021","unstructured":"[n.d.]. AppArmor. online (accessed 29th September 2021 ). https:\/\/apparmor.net\/. [n.d.]. AppArmor. online (accessed 29th September 2021). https:\/\/apparmor.net\/."},{"key":"e_1_3_2_2_3_1","volume-title":"BPF ring buffer. online (accessed 29th","year":"2021","unstructured":"[n.d.]. BPF ring buffer. online (accessed 29th September 2021 ). https:\/\/www.kernel.org\/doc\/html\/latest\/bpf\/ringbuf.html. [n.d.]. BPF ring buffer. online (accessed 29th September 2021). https:\/\/www.kernel.org\/doc\/html\/latest\/bpf\/ringbuf.html."},{"key":"e_1_3_2_2_4_1","volume-title":"online (accessed 29th","year":"2021","unstructured":"[n.d.]. CamFlow. online (accessed 29th September 2021 ). https:\/\/camflow.org\/. [n.d.]. CamFlow. online (accessed 29th September 2021). https:\/\/camflow.org\/."},{"key":"e_1_3_2_2_5_1","volume-title":"online (accessed 29th","year":"2021","unstructured":"[n.d.]. Cilium. online (accessed 29th September 2021 ). https:\/\/cilium.io\/. [n.d.]. Cilium. online (accessed 29th September 2021). https:\/\/cilium.io\/."},{"key":"e_1_3_2_2_6_1","volume-title":"online (accessed 29th","year":"2021","unstructured":"[n.d.]. CVE-2020-8835. online (accessed 29th September 2021 ). https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE- 2020- 8835. [n.d.]. CVE-2020-8835. online (accessed 29th September 2021). https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE- 2020- 8835."},{"key":"e_1_3_2_2_7_1","volume-title":"online (accessed 29th","year":"2021","unstructured":"[n.d.]. CVE-2021-29154. online (accessed 29th September 2021 ). https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-29154. [n.d.]. CVE-2021-29154. online (accessed 29th September 2021). https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-29154."},{"key":"e_1_3_2_2_8_1","volume-title":"eBPF. online (accessed 29th","year":"2021","unstructured":"[n.d.]. eBPF. online (accessed 29th September 2021 ). https:\/\/ebpf.io\/. [n.d.]. eBPF. online (accessed 29th September 2021). https:\/\/ebpf.io\/."},{"key":"e_1_3_2_2_9_1","volume-title":"ftrace documentation. online (accessed 29th","year":"2021","unstructured":"[n.d.]. ftrace documentation. online (accessed 29th September 2021 ). https:\/\/www.kernel.org\/doc\/html\/v4.17\/trace\/ftrace.html. [n.d.]. ftrace documentation. online (accessed 29th September 2021). https:\/\/www.kernel.org\/doc\/html\/v4.17\/trace\/ftrace.html."},{"key":"e_1_3_2_2_10_1","volume-title":"online (accessed 29th","year":"2021","unstructured":"[n.d.]. Grafana. online (accessed 29th September 2021 ). https:\/\/grafana.com\/. [n.d.]. Grafana. online (accessed 29th September 2021). https:\/\/grafana.com\/."},{"key":"e_1_3_2_2_11_1","volume-title":"online (accessed 29th","year":"2021","unstructured":"[n.d.]. Nagios. online (accessed 29th September 2021 ). https:\/\/www. nagios.org\/. [n.d.]. Nagios. online (accessed 29th September 2021). https:\/\/www. nagios.org\/."},{"key":"e_1_3_2_2_12_1","volume-title":"Open Policy Agent. online (accessed 29th","year":"2021","unstructured":"[n.d.]. Open Policy Agent. online (accessed 29th September 2021 ). https:\/\/www.openpolicyagent.org\/. [n.d.]. Open Policy Agent. online (accessed 29th September 2021). https:\/\/www.openpolicyagent.org\/."},{"key":"e_1_3_2_2_13_1","volume-title":"Phoronix test suite. online (accessed 29th","year":"2021","unstructured":"[n.d.]. Phoronix test suite. online (accessed 29th September 2021 ). https:\/\/www.phoronix-test-suite.com\/. [n.d.]. Phoronix test suite. online (accessed 29th September 2021). https:\/\/www.phoronix-test-suite.com\/."},{"key":"e_1_3_2_2_14_1","volume-title":"online (accessed 29th","author":"RCU.","year":"2021","unstructured":"2021. RCU. online (accessed 29th September 2021 ). https:\/\/www.kernel.org\/doc\/Documentation\/RCU\/whatisRCU.txt. 2021. RCU. online (accessed 29th September 2021). https:\/\/www.kernel.org\/doc\/Documentation\/RCU\/whatisRCU.txt."},{"key":"e_1_3_2_2_15_1","volume-title":"Workshop on the Theory and Practice of Provenance (TaPP 15)","author":"Bates Adam","year":"2015","unstructured":"Adam Bates , Kevin RB Butler , and Thomas Moyer . 2015 . Take only what you need: leveraging mandatory access control policy to reduce provenance storage costs . In Workshop on the Theory and Practice of Provenance (TaPP 15) . USENIX. Adam Bates, Kevin RB Butler, and Thomas Moyer. 2015. Take only what you need: leveraging mandatory access control policy to reduce provenance storage costs. In Workshop on the Theory and Practice of Provenance (TaPP 15). USENIX."},{"key":"e_1_3_2_2_16_1","volume-title":"Kevin RB Butler, and Thomas Moyer. [n.d.]. LPM source code. online (accessed 29th","author":"Bates Adam","year":"2021","unstructured":"Adam Bates , Dave Jing Tian , Kevin RB Butler, and Thomas Moyer. [n.d.]. LPM source code. online (accessed 29th September 2021 ). https:\/\/bitbucket.org\/uf_sensei\/redhat-linux-provenance-release\/. Adam Bates, Dave Jing Tian, Kevin RB Butler, and Thomas Moyer. [n.d.]. LPM source code. online (accessed 29th September 2021). https:\/\/bitbucket.org\/uf_sensei\/redhat-linux-provenance-release\/."},{"key":"e_1_3_2_2_17_1","volume-title":"Security Symposium. USENIX, 319--334","author":"Bates Adam","year":"2015","unstructured":"Adam Bates , Dave Jing Tian , Kevin RB Butler , and Thomas Moyer . 2015 . Trustworthy whole-system provenance for the linux kernel . In Security Symposium. USENIX, 319--334 . Adam Bates, Dave Jing Tian, Kevin RB Butler, and Thomas Moyer. 2015. Trustworthy whole-system provenance for the linux kernel. In Security Symposium. USENIX, 319--334."},{"key":"e_1_3_2_2_18_1","volume-title":"PROVDM: The PROV Data Model. Technical Report. W3C.","author":"Belhajjame Khalid","year":"2013","unstructured":"Khalid Belhajjame , Reza B'Far , James Cheney , Sam Coppens , Stephen Cresswell , Yolanda Gil , Paul Groth , Graham Klyne , Timothy Lebo , Jim McCusker , Simon Miles , James Myers , and Satya Sahoo . 2013 . PROVDM: The PROV Data Model. Technical Report. W3C. Khalid Belhajjame, Reza B'Far, James Cheney, Sam Coppens, Stephen Cresswell, Yolanda Gil, Paul Groth, Graham Klyne, Timothy Lebo, Jim McCusker, Simon Miles, James Myers, and Satya Sahoo. 2013. PROVDM: The PROV Data Model. Technical Report. W3C."},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3361525.3361552"},{"key":"e_1_3_2_2_20_1","volume-title":"online (accessed 29th","author":"Corbet Jonathan","year":"2021","unstructured":"Jonathan Corbet . 2016. LoadPin. online (accessed 29th September 2021 ). https:\/\/lwn.net\/Articles\/682302\/. Jonathan Corbet. 2016. LoadPin. online (accessed 29th September 2021). https:\/\/lwn.net\/Articles\/682302\/."},{"key":"e_1_3_2_2_21_1","volume-title":"A seccomp overview. Linux Weekly News","author":"Edge Jake","year":"2015","unstructured":"Jake Edge . 2015. A seccomp overview. Linux Weekly News ( 2015 ). Jake Edge. 2015. A seccomp overview. Linux Weekly News (2015)."},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/586110.586141"},{"key":"e_1_3_2_2_23_1","volume-title":"BPFContain: Fixing the Soft Underbelly of Container Security. arXiv","author":"Findlay William","year":"2021","unstructured":"William Findlay , David Barrera , and Anil Somayaji . 2021. BPFContain: Fixing the Soft Underbelly of Container Security. arXiv ( 2021 ). William Findlay, David Barrera, and Anil Somayaji. 2021. BPFContain: Fixing the Soft Underbelly of Container Security. arXiv (2021)."},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3411495.3421358"},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2017.49"},{"key":"e_1_3_2_2_26_1","volume-title":"SPADE: Support for Provenance Auditing in Distributed Environments. In International Middleware Conference. Springer-Verlag, 101--120","author":"Gehani Ashish","year":"2012","unstructured":"Ashish Gehani and Dawood Tariq . 2012 . SPADE: Support for Provenance Auditing in Distributed Environments. In International Middleware Conference. Springer-Verlag, 101--120 . Ashish Gehani and Dawood Tariq. 2012. SPADE: Support for Provenance Auditing in Distributed Environments. In International Middleware Conference. Springer-Verlag, 101--120."},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.5555\/3101290.3101295"},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3314221.3314590"},{"key":"e_1_3_2_2_29_1","volume-title":"UNICORN: Runtime Provenance-based Detector for Advanced Persistent Threats. In Network and Distributed System Security Symposium (NDSS'20)","author":"Han Xueyuan","year":"2020","unstructured":"Xueyuan Han , Thomas Pasquier , Adam Bates , James Mickens , and Margo Seltzer . 2020 . UNICORN: Runtime Provenance-based Detector for Advanced Persistent Threats. In Network and Distributed System Security Symposium (NDSS'20) . Internet Society. Xueyuan Han, Thomas Pasquier, Adam Bates, James Mickens, and Margo Seltzer. 2020. UNICORN: Runtime Provenance-based Detector for Advanced Persistent Threats. In Network and Distributed System Security Symposium (NDSS'20). Internet Society."},{"key":"e_1_3_2_2_30_1","volume-title":"Workshop on Hot Topics in Cloud Computing (HotCloud'17)","author":"Han Xueyuan","year":"2017","unstructured":"Xueyuan Han , Thomas Pasquier , Tanvi Ranjan , Mark Goldstein , and Margo Seltzer . 2017 . Frappuccino: Fault-detection through runtime analysis of provenance . In Workshop on Hot Topics in Cloud Computing (HotCloud'17) . USENIX. Xueyuan Han, Thomas Pasquier, Tanvi Ranjan, Mark Goldstein, and Margo Seltzer. 2017. Frappuccino: Fault-detection through runtime analysis of provenance. In Workshop on Hot Topics in Cloud Computing (HotCloud'17). USENIX."},{"key":"e_1_3_2_2_31_1","volume-title":"SIGL: Securing Software Installations Through Deep Graph Learning. In Security Symposium. USENIX.","author":"Han Xueyuan","year":"2021","unstructured":"Xueyuan Han , Xiao Yu , Thomas Pasquier , Ding Li , Junghwan Rhee , James Mickens , Margo Seltzer , and Haifeng Chen . 2021 . SIGL: Securing Software Installations Through Deep Graph Learning. In Security Symposium. USENIX. Xueyuan Han, Xiao Yu, Thomas Pasquier, Ding Li, Junghwan Rhee, James Mickens, Margo Seltzer, and Haifeng Chen. 2021. SIGL: Securing Software Installations Through Deep Graph Learning. In Security Symposium. USENIX."},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23141"},{"key":"e_1_3_2_2_33_1","volume-title":"Tactical Provenance Analysis for Endpoint Detection and Response Systems. In Symposium on Security and Privacy (S&P'20)","author":"Hassan Wajih Ul","year":"2020","unstructured":"Wajih Ul Hassan , Adam Bates , and Daniel Marino . 2020 . Tactical Provenance Analysis for Endpoint Detection and Response Systems. In Symposium on Security and Privacy (S&P'20) . IEEE. Wajih Ul Hassan, Adam Bates, and Daniel Marino. 2020. Tactical Provenance Analysis for Endpoint Detection and Response Systems. In Symposium on Security and Privacy (S&P'20). IEEE."},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24270"},{"key":"e_1_3_2_2_35_1","volume-title":"Control Group v2. online (accessed 29th","author":"Heo Tejun","year":"2021","unstructured":"Tejun Heo . [n.d.]. Control Group v2. online (accessed 29th September 2021 ). https:\/\/www.kernel.org\/doc\/html\/latest\/admin-guide\/cgroup-v2.html. Tejun Heo. [n.d.]. Control Group v2. online (accessed 29th September 2021). https:\/\/www.kernel.org\/doc\/html\/latest\/admin-guide\/cgroup-v2.html."},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/996943.996944"},{"key":"e_1_3_2_2_37_1","volume-title":"Dseom: A framework for dynamic security evaluation and optimization of MTD in container-based cloud","author":"Jin Hai","year":"2019","unstructured":"Hai Jin , Zhi Li , Deqing Zou , and Bin Yuan . 2019 . Dseom: A framework for dynamic security evaluation and optimization of MTD in container-based cloud . IEEE Transactions on Dependable and Secure Computing ( 2019). Hai Jin, Zhi Li, Deqing Zou, and Bin Yuan. 2019. Dseom: A framework for dynamic security evaluation and optimization of MTD in container-based cloud. IEEE Transactions on Dependable and Secure Computing (2019)."},{"key":"e_1_3_2_2_38_1","volume-title":"Namespacing and Stacking the LSM. In Linux Plumbers Conference.","author":"Johansen John","year":"2017","unstructured":"John Johansen and Casey Schaufler . 2017 . Namespacing and Stacking the LSM. In Linux Plumbers Conference. John Johansen and Casey Schaufler. 2017. Namespacing and Stacking the LSM. In Linux Plumbers Conference."},{"key":"e_1_3_2_2_39_1","volume-title":"Postmark: A new file system benchmark. Technical Report. Technical Report TR3022, Network Appliance.","author":"Katcher Jeffrey","year":"1997","unstructured":"Jeffrey Katcher . 1997 . Postmark: A new file system benchmark. Technical Report. Technical Report TR3022, Network Appliance. Jeffrey Katcher. 1997. Postmark: A new file system benchmark. Technical Report. Technical Report TR3022, Network Appliance."},{"key":"e_1_3_2_2_40_1","volume-title":"Network and Distributed System Security Symposium (NDSS'13)","author":"Lee Kyu Hyung","year":"2013","unstructured":"Kyu Hyung Lee , Xiangyu Zhang , and Dongyan Xu . 2013 . High Accuracy Attack Provenance via Binary-based Execution Partition . In Network and Distributed System Security Symposium (NDSS'13) . Internet Society. Kyu Hyung Lee, Xiangyu Zhang, and Dongyan Xu. 2013. High Accuracy Attack Provenance via Binary-based Execution Partition. In Network and Distributed System Security Symposium (NDSS'13). Internet Society."},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363224"},{"key":"e_1_3_2_2_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/2939672.2939783"},{"key":"e_1_3_2_2_43_1","volume-title":"Annual Technical Conference (ATC'96)","author":"McVoy Larry W","year":"1996","unstructured":"Larry W McVoy , Carl Staelin , 1996 . lmbench: Portable Tools for Performance Analysis . In Annual Technical Conference (ATC'96) . USENIX, 279--294. Larry W McVoy, Carl Staelin, et al. 1996. lmbench: Portable Tools for Performance Analysis. In Annual Technical Conference (ATC'96). USENIX, 279--294."},{"key":"e_1_3_2_2_44_1","volume-title":"Poirot: Aligning Attack Behavior with Kernel Audit Records for Cyber Threat Hunting. In Conference on Computer and Communications Security (CCS'19)","author":"Milajerdi Sadegh M.","unstructured":"Sadegh M. Milajerdi , Birhanu Eshete , Rigel Gjomemo , and V. N. Venkatakrishnan . 2019 . Poirot: Aligning Attack Behavior with Kernel Audit Records for Cyber Threat Hunting. In Conference on Computer and Communications Security (CCS'19) . ACM. Sadegh M. Milajerdi, Birhanu Eshete, Rigel Gjomemo, and V. N. Venkatakrishnan. 2019. Poirot: Aligning Attack Behavior with Kernel Audit Records for Cyber Threat Hunting. In Conference on Computer and Communications Security (CCS'19). ACM."},{"key":"e_1_3_2_2_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"e_1_3_2_2_46_1","volume-title":"Linux Security Modules: General Security Support for the Linux Kernel. In Security Symposium. USENIX.","author":"Morris James","year":"2002","unstructured":"James Morris , Stephen Smalley , and Greg Kroah-Hartman . 2002 . Linux Security Modules: General Security Support for the Linux Kernel. In Security Symposium. USENIX. James Morris, Stephen Smalley, and Greg Kroah-Hartman. 2002. Linux Security Modules: General Security Support for the Linux Kernel. In Security Symposium. USENIX."},{"key":"e_1_3_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPEC.2016.7761589"},{"key":"e_1_3_2_2_48_1","volume-title":"Provenance-aware Storage Systems. In Annual Technical Conference (ATC'06)","author":"Muniswamy-Reddy Kiran-Kumar","year":"2006","unstructured":"Kiran-Kumar Muniswamy-Reddy , David A Holland , Uri Braun , and Margo Seltzer . 2006 . Provenance-aware Storage Systems. In Annual Technical Conference (ATC'06) . USENIX, 43--56. Kiran-Kumar Muniswamy-Reddy, David A Holland, Uri Braun, and Margo Seltzer. 2006. Provenance-aware Storage Systems. In Annual Technical Conference (ATC'06). USENIX, 43--56."},{"key":"e_1_3_2_2_49_1","volume-title":"BPF Portability and CO-RE. online (accessed 29th","author":"Nakryiko Andrii","year":"2021","unstructured":"Andrii Nakryiko . [n.d.]. BPF Portability and CO-RE. online (accessed 29th September 2021 ). https:\/\/facebookmicrosites.github.io\/bpf\/blog\/2020\/02\/19\/bpf-portability-and-co-re.html. Andrii Nakryiko. [n.d.]. BPF Portability and CO-RE. online (accessed 29th September 2021). https:\/\/facebookmicrosites.github.io\/bpf\/blog\/2020\/02\/19\/bpf-portability-and-co-re.html."},{"key":"e_1_3_2_2_50_1","volume-title":"Symposium on Operating Systems Design and Implementation (OSDI'20)","author":"Nelson Luke","year":"2020","unstructured":"Luke Nelson , Jacob Van Geffen , Emina Torlak , and Xi Wang . 2020 . Specification and verification in the field: Applying formal methods to BPF just-in-time compilers in the Linux kernel . In Symposium on Operating Systems Design and Implementation (OSDI'20) . USENIX, 41--61. Luke Nelson, Jacob Van Geffen, Emina Torlak, and Xi Wang. 2020. Specification and verification in the field: Applying formal methods to BPF just-in-time compilers in the Linux kernel. In Symposium on Operating Systems Design and Implementation (OSDI'20). USENIX, 41--61."},{"key":"e_1_3_2_2_51_1","volume-title":"Practical Whole-System Provenance Capture. In Symposium on Cloud Computing (SoCC'17)","author":"Pasquier Thomas","year":"2017","unstructured":"Thomas Pasquier , Xueyuan Han , Mark Goldstein , Thomas Moyer , David Eyers , Margo Seltzer , and Jean Bacon . 2017 . Practical Whole-System Provenance Capture. In Symposium on Cloud Computing (SoCC'17) . ACM. Thomas Pasquier, Xueyuan Han, Mark Goldstein, Thomas Moyer, David Eyers, Margo Seltzer, and Jean Bacon. 2017. Practical Whole-System Provenance Capture. In Symposium on Cloud Computing (SoCC'17). ACM."},{"key":"e_1_3_2_2_52_1","volume-title":"Runtime Analysis of Whole-System Provenance. In Conference on Computer and Communications Security (CCS'18)","author":"Pasquier Thomas","year":"2018","unstructured":"Thomas Pasquier , Xueyuan Han , Thomas Moyer , Adam Bates , Olivier Hermant , David Eyers , Jean Bacon , and Margo Seltzer . 2018 . Runtime Analysis of Whole-System Provenance. In Conference on Computer and Communications Security (CCS'18) . ACM. Thomas Pasquier, Xueyuan Han, Thomas Moyer, Adam Bates, Olivier Hermant, David Eyers, Jean Bacon, and Margo Seltzer. 2018. Runtime Analysis of Whole-System Provenance. In Conference on Computer and Communications Security (CCS'18). ACM."},{"key":"e_1_3_2_2_53_1","volume-title":"Hi-Fi source code. online (accessed 29th","author":"Pohly Devin J","year":"2021","unstructured":"Devin J Pohly , Stephen McLaughlin , Patrick McDaniel , and Kevin Butler . [n.d.]. Hi-Fi source code. online (accessed 29th September 2021 ). https:\/\/github.com\/djpohly\/linux. Devin J Pohly, Stephen McLaughlin, Patrick McDaniel, and Kevin Butler. [n.d.]. Hi-Fi source code. online (accessed 29th September 2021). https:\/\/github.com\/djpohly\/linux."},{"key":"e_1_3_2_2_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420989"},{"key":"e_1_3_2_2_55_1","volume-title":"Security Symposium","volume":"13","author":"Sailer Reiner","year":"2004","unstructured":"Reiner Sailer , Xiaolan Zhang , Trent Jaeger , and Leendert Van Doorn . 2004 . Design and Implementation of a TCG-based Integrity Measurement Architecture . In Security Symposium , Vol. 13 . USENIX, 223--238. Reiner Sailer, Xiaolan Zhang, Trent Jaeger, and Leendert Van Doorn. 2004. Design and Implementation of a TCG-based Integrity Measurement Architecture. In Security Symposium, Vol. 13. USENIX, 223--238."},{"key":"e_1_3_2_2_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/2019599.2019604"},{"key":"e_1_3_2_2_57_1","volume-title":"Kernel Runtime Security Instrumentation. online (accessed 29th","author":"Singh KP","year":"2021","unstructured":"KP Singh . 2019. Kernel Runtime Security Instrumentation. online (accessed 29th September 2021 ). https:\/\/lwn.net\/Articles\/798918\/. KP Singh. 2019. Kernel Runtime Security Instrumentation. online (accessed 29th September 2021). https:\/\/lwn.net\/Articles\/798918\/."},{"key":"e_1_3_2_2_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/1272996.1273025"},{"key":"e_1_3_2_2_60_1","volume-title":"Security Symposium. USENIX.","author":"Sun Yuqiong","year":"2018","unstructured":"Yuqiong Sun , David Safford , Mimi Zohar , Dimitrios Pendarakis , Zhongshu Gu , and Trent Jaeger . 2018 . Security namespace: making linux security frameworks available to containers . In Security Symposium. USENIX. Yuqiong Sun, David Safford, Mimi Zohar, Dimitrios Pendarakis, Zhongshu Gu, and Trent Jaeger. 2018. Security namespace: making linux security frameworks available to containers. In Security Symposium. USENIX."},{"key":"e_1_3_2_2_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243763"},{"key":"e_1_3_2_2_62_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00041"},{"key":"e_1_3_2_2_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/3147213.3147229"},{"key":"e_1_3_2_2_64_1","volume-title":"State of Containers Report 2019: 'Security' Remains A Challenge! online (accessed 29th","year":"2021","unstructured":"Veritis. 2019. State of Containers Report 2019: 'Security' Remains A Challenge! online (accessed 29th September 2021 ). https:\/\/www.veritis.com\/blog\/state-of-containers-report-2019-security-remains-a-challenge\/. Veritis. 2019. State of Containers Report 2019: 'Security' Remains A Challenge! online (accessed 29th September 2021). https:\/\/www.veritis.com\/blog\/state-of-containers-report-2019-security-remains-a-challenge\/."},{"key":"e_1_3_2_2_65_1","volume-title":"Ding Li, Kangkook Jee, Xiao Yu, Kexuan Zou, Junghwan Rhee, Zhengzhang Chen, Wei Cheng, Carl A. Gunter, and Haifeng Chen.","author":"Wang Qi","year":"2020","unstructured":"Qi Wang , Wajih Ul Hassan , Ding Li, Kangkook Jee, Xiao Yu, Kexuan Zou, Junghwan Rhee, Zhengzhang Chen, Wei Cheng, Carl A. Gunter, and Haifeng Chen. 2020 . You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis. In Network and Distributed System Security (NDSS '20). Internet Society . Qi Wang, Wajih Ul Hassan, Ding Li, Kangkook Jee, Xiao Yu, Kexuan Zou, Junghwan Rhee, Zhengzhang Chen, Wei Cheng, Carl A. Gunter, and Haifeng Chen. 2020. You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis. In Network and Distributed System Security (NDSS '20). Internet Society."},{"key":"e_1_3_2_2_66_1","volume-title":"Exploiting Concurrency Vulnerabilities in System Call Wrappers. Workshop on Offensive Technologies (WOOT'07)","author":"Watson Robert NM","year":"2007","unstructured":"Robert NM Watson . 2007 . Exploiting Concurrency Vulnerabilities in System Call Wrappers. Workshop on Offensive Technologies (WOOT'07) 7 (2007), 1--8. Robert NM Watson. 2007. Exploiting Concurrency Vulnerabilities in System Call Wrappers. Workshop on Offensive Technologies (WOOT'07) 7 (2007), 1--8."},{"key":"e_1_3_2_2_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/2428616.2430732"},{"key":"e_1_3_2_2_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/3433210.3453078"}],"event":{"name":"SoCC '21: ACM Symposium on Cloud Computing","location":"Seattle WA USA","acronym":"SoCC '21","sponsor":["SIGMOD ACM Special Interest Group on Management of Data","SIGOPS ACM Special Interest Group on Operating Systems"]},"container-title":["Proceedings of the ACM Symposium on Cloud Computing"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3472883.3486976","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3472883.3486976","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:11:57Z","timestamp":1750191117000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3472883.3486976"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11]]},"references-count":67,"alternative-id":["10.1145\/3472883.3486976","10.1145\/3472883"],"URL":"https:\/\/doi.org\/10.1145\/3472883.3486976","relation":{},"subject":[],"published":{"date-parts":[[2021,11]]},"assertion":[{"value":"2021-11-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}