{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T05:38:52Z","timestamp":1769924332920,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":55,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,7,10]],"date-time":"2023-07-10T00:00:00Z","timestamp":1688947200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,7,10]]},"DOI":"10.1145\/3579856.3582835","type":"proceedings-article","created":{"date-parts":[[2023,7,5]],"date-time":"2023-07-05T14:52:13Z","timestamp":1688568733000},"page":"812-826","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":8,"title":["Securing Container-based Clouds with Syscall-aware Scheduling"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5000-6393","authenticated-orcid":false,"given":"Michael V.","family":"Le","sequence":"first","affiliation":[{"name":"IBM Research, United States of America"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0290-5367","authenticated-orcid":false,"given":"Salman","family":"Ahmed","sequence":"additional","affiliation":[{"name":"IBM Research, United States of America"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1537-0525","authenticated-orcid":false,"given":"Dan","family":"Williams","sequence":"additional","affiliation":[{"name":"Virginia Tech, United States of America and IBM Research, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6143-1064","authenticated-orcid":false,"given":"Hani","family":"Jamjoom","sequence":"additional","affiliation":[{"name":"IBM, United States of America"}]}],"member":"320","published-online":{"date-parts":[[2023,7,10]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Firecracker: Lightweight Virtualization for Serverless Applications. In 17th USENIX Symposium on Networked Systems Design and Implementation","author":"Agache Alexandru","year":"2020","unstructured":"Alexandru Agache , Marc Brooker , Alexandra Iordache , Anthony Liguori , Rolf Neugebauer , Phil Piwonka , and Diana-Maria Popa . 2020 . Firecracker: Lightweight Virtualization for Serverless Applications. In 17th USENIX Symposium on Networked Systems Design and Implementation . Santa Clara, CA, 419\u2013434. Alexandru Agache, Marc Brooker, Alexandra Iordache, Anthony Liguori, Rolf Neugebauer, Phil Piwonka, and Diana-Maria Popa. 2020. Firecracker: Lightweight Virtualization for Serverless Applications. In 17th USENIX Symposium on Networked Systems Design and Implementation. Santa Clara, CA, 419\u2013434."},{"key":"e_1_3_2_1_2_1","volume-title":"sysbench - scriptable database and system performance benchmark. https:\/\/github.com\/akopytov\/sysbench. Accessed","author":"Kopytov Alexey","year":"2022","unstructured":"Alexey Kopytov . 2022. sysbench - scriptable database and system performance benchmark. https:\/\/github.com\/akopytov\/sysbench. Accessed 2022 . Alexey Kopytov. 2022. sysbench - scriptable database and system performance benchmark. https:\/\/github.com\/akopytov\/sysbench. Accessed 2022."},{"key":"e_1_3_2_1_3_1","unstructured":"Aqua. 2018. Aqua Introduces Runtime Protection Against \"Zero Day\" Vulnerabilities for Containerized Applications. https:\/\/www.prnewswire.com\/news-releases\/aqua-introduces-runtime-protection-against-zero-day-vulnerabilities-for-containerized\u2013applications-300682406.html. Accessed 2022.  Aqua. 2018. Aqua Introduces Runtime Protection Against \"Zero Day\" Vulnerabilities for Containerized Applications. https:\/\/www.prnewswire.com\/news-releases\/aqua-introduces-runtime-protection-against-zero-day-vulnerabilities-for-containerized\u2013applications-300682406.html. Accessed 2022."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2664168.2664179"},{"key":"e_1_3_2_1_5_1","volume-title":"Compliance-Aware Provisioning of Containers on Cloud. In 2017 IEEE 10th International Conference on Cloud Computing (CLOUD). 696\u2013700","author":"Bahrami M.","unstructured":"M. Bahrami , A. Malvankar , K.\u00a0 K. Budhraja , C. Kundu , M. Singhal , and A. Kundu . 2017 . Compliance-Aware Provisioning of Containers on Cloud. In 2017 IEEE 10th International Conference on Cloud Computing (CLOUD). 696\u2013700 . M. Bahrami, A. Malvankar, K.\u00a0K. Budhraja, C. Kundu, M. Singhal, and A. Kundu. 2017. Compliance-Aware Provisioning of Containers on Cloud. In 2017 IEEE 10th International Conference on Cloud Computing (CLOUD). 696\u2013700."},{"key":"e_1_3_2_1_6_1","volume-title":"11th USENIX Symposium on OSDI. 285\u2013300","author":"Boutin Eric","year":"2014","unstructured":"Eric Boutin , Jaliya Ekanayake , Wei Lin , Bing Shi , Jingren Zhou , Zhengping Qian , Ming Wu , and Lidong Zhou . 2014 . Apollo: Scalable and coordinated scheduling for cloud-scale computing . In 11th USENIX Symposium on OSDI. 285\u2013300 . Eric Boutin, Jaliya Ekanayake, Wei Lin, Bing Shi, Jingren Zhou, Zhengping Qian, Ming Wu, and Lidong Zhou. 2014. Apollo: Scalable and coordinated scheduling for cloud-scale computing. In 11th USENIX Symposium on OSDI. 285\u2013300."},{"key":"e_1_3_2_1_7_1","volume-title":"https:\/\/github.com\/brianfrankcooper\/YCSB. Accessed","author":"Cooper Brian","year":"2022","unstructured":"Brian Cooper . 2022. YSCB - Yahoo! Cloud Serving Benchmark . https:\/\/github.com\/brianfrankcooper\/YCSB. Accessed 2022 . Brian Cooper. 2022. YSCB - Yahoo! Cloud Serving Benchmark. https:\/\/github.com\/brianfrankcooper\/YCSB. Accessed 2022."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"crossref","unstructured":"Claudio Canella Mario Werner Daniel Gruss and Michael Schwarz. 2020. Automating Seccomp Filter Generation for Linux Applications. arxiv:2012.02554\u00a0[cs.CR]  Claudio Canella Mario Werner Daniel Gruss and Michael Schwarz. 2020. Automating Seccomp Filter Generation for Linux Applications. arxiv:2012.02554\u00a0[cs.CR]","DOI":"10.1145\/3474123.3486762"},{"key":"e_1_3_2_1_9_1","volume-title":"Definition of Security Metrics for the Cloud Computing and Security-Aware Virtual Machine Placement Algorithms. In Int. Conf. on Cyber-Enabled Distributed Computing and Knowledge Discovery. 125\u2013131","author":"Caron E.","unstructured":"E. Caron , A.\u00a0 D. Le , A. Lefray , and C. Toinard . 2013 . Definition of Security Metrics for the Cloud Computing and Security-Aware Virtual Machine Placement Algorithms. In Int. Conf. on Cyber-Enabled Distributed Computing and Knowledge Discovery. 125\u2013131 . E. Caron, A.\u00a0D. Le, A. Lefray, and C. Toinard. 2013. Definition of Security Metrics for the Cloud Computing and Security-Aware Virtual Machine Placement Algorithms. In Int. Conf. on Cyber-Enabled Distributed Computing and Knowledge Discovery. 125\u2013131."},{"key":"e_1_3_2_1_10_1","volume-title":"ACM Symp. on Cloud Computing. 121\u2013134","author":"Chung Andrew","year":"2018","unstructured":"Andrew Chung , Jun\u00a0Woo Park , and Gregory\u00a0 R Ganger . 2018 . Stratus: Cost-aware container scheduling in the public cloud . In ACM Symp. on Cloud Computing. 121\u2013134 . Andrew Chung, Jun\u00a0Woo Park, and Gregory\u00a0R Ganger. 2018. Stratus: Cost-aware container scheduling in the public cloud. In ACM Symp. on Cloud Computing. 121\u2013134."},{"key":"e_1_3_2_1_11_1","volume-title":"23rd Int. Symp. on Research in Attacks, Intrusions and Defenses. 459\u2013474","author":"DeMarinis Nicholas","year":"2020","unstructured":"Nicholas DeMarinis , Kent Williams-King , Di Jin , Rodrigo Fonseca , and Vasileios\u00a0 P. Kemerlis . 2020 . sysfilter: Automated System Call Filtering for Commodity Software . In 23rd Int. Symp. on Research in Attacks, Intrusions and Defenses. 459\u2013474 . Nicholas DeMarinis, Kent Williams-King, Di Jin, Rodrigo Fonseca, and Vasileios\u00a0P. Kemerlis. 2020. sysfilter: Automated System Call Filtering for Commodity Software. In 23rd Int. Symp. on Research in Attacks, Intrusions and Defenses. 459\u2013474."},{"key":"e_1_3_2_1_12_1","volume-title":"https:\/\/dirtycow.ninja. Accessed","author":"Dirty COW","year":"2022","unstructured":"dirtycow. 2022. Dirty COW (CVE-2016-5195). https:\/\/dirtycow.ninja. Accessed 2022 . dirtycow. 2022. Dirty COW (CVE-2016-5195). https:\/\/dirtycow.ninja. Accessed 2022."},{"key":"e_1_3_2_1_13_1","volume-title":"NATS-Bench: Benchmarking NAS Algorithms for Architecture Topology and Size","author":"Dong Xuanyi","year":"2021","unstructured":"Xuanyi Dong , Lu Liu , Katarzyna Musial , and Bogdan Gabrys . 2021. NATS-Bench: Benchmarking NAS Algorithms for Architecture Topology and Size . IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI) ( 2021 ). Xuanyi Dong, Lu Liu, Katarzyna Musial, and Bogdan Gabrys. 2021. NATS-Bench: Benchmarking NAS Algorithms for Architecture Topology and Size. IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI) (2021)."},{"key":"e_1_3_2_1_14_1","volume-title":"Int. Conf. on Learning Representations.","author":"Dong Xuanyi","year":"2020","unstructured":"Xuanyi Dong and Yi Yang . 2020 . NAS-Bench-201: Extending the Scope of Reproducible Neural Architecture Search . In Int. Conf. on Learning Representations. Xuanyi Dong and Yi Yang. 2020. NAS-Bench-201: Extending the Scope of Reproducible Neural Architecture Search. In Int. Conf. on Learning Representations."},{"key":"e_1_3_2_1_15_1","volume-title":"Network and Distributed Systems Security (NDSS) Symposium.","author":"Fang Chongzhou","year":"2022","unstructured":"Chongzhou Fang , Han Wang , Najmeh Nazari , Behnam Omidi , Avesta Sasan , Khaled\u00a0 N. Khasawneh , Setareh Rafatirad , and Houman Homayoun . 2022 . REPTTACK: Exploiting Cloud Schedulers to Guide Co-Location Attacks . In Network and Distributed Systems Security (NDSS) Symposium. Chongzhou Fang, Han Wang, Najmeh Nazari, Behnam Omidi, Avesta Sasan, Khaled\u00a0N. Khasawneh, Setareh Rafatirad, and Houman Homayoun. 2022. REPTTACK: Exploiting Cloud Schedulers to Guide Co-Location Attacks. In Network and Distributed Systems Security (NDSS) Symposium."},{"key":"e_1_3_2_1_16_1","first-page":"965","article-title":"Virtual machine placement","volume":"9","author":"Fine Kevin","year":"2018","unstructured":"Kevin Fine and Ezekiel Kruglick . 2018 . Virtual machine placement . US Patent 9 , 965 ,309. Kevin Fine and Ezekiel Kruglick. 2018. Virtual machine placement. US Patent 9,965,309.","journal-title":"US Patent"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"crossref","first-page":"420","DOI":"10.1109\/TASE.2018.2826723","article-title":"Model predictive control for energy-efficient, quality-aware, and secure virtual machine placement","volume":"16","author":"Gaggero Mauro","year":"2018","unstructured":"Mauro Gaggero and Luca Caviglione . 2018 . Model predictive control for energy-efficient, quality-aware, and secure virtual machine placement . IEEE Transactions on Automation Science and Engineering 16 , 1 (2018), 420 \u2013 432 . Mauro Gaggero and Luca Caviglione. 2018. Model predictive control for energy-efficient, quality-aware, and secure virtual machine placement. IEEE Transactions on Automation Science and Engineering 16, 1 (2018), 420\u2013432.","journal-title":"IEEE Transactions on Automation Science and Engineering"},{"key":"e_1_3_2_1_18_1","volume-title":"23rd International Symposium on Research in Attacks, Intrusions and Defenses ({ RAID}","author":"Ghavamnia Seyedhamed","year":"2020","unstructured":"Seyedhamed Ghavamnia , Tapti Palit , Azzedine Benameur , and Michalis Polychronakis . 2020 . Confine: Automated system call policy generation for container attack surface reduction . In 23rd International Symposium on Research in Attacks, Intrusions and Defenses ({ RAID} 2020). 443\u2013458. Seyedhamed Ghavamnia, Tapti Palit, Azzedine Benameur, and Michalis Polychronakis. 2020. Confine: Automated system call policy generation for container attack surface reduction. In 23rd International Symposium on Research in Attacks, Intrusions and Defenses ({ RAID} 2020). 443\u2013458."},{"key":"e_1_3_2_1_19_1","volume-title":"Temporal System Call Specialization for Attack Surface Reduction. In 29th USENIX Security Symposium. 1749\u20131766","author":"Ghavamnia Seyedhamed","year":"2020","unstructured":"Seyedhamed Ghavamnia , Tapti Palit , Shachee Mishra , and Michalis Polychronakis . 2020 . Temporal System Call Specialization for Attack Surface Reduction. In 29th USENIX Security Symposium. 1749\u20131766 . Seyedhamed Ghavamnia, Tapti Palit, Shachee Mishra, and Michalis Polychronakis. 2020. Temporal System Call Specialization for Attack Surface Reduction. In 29th USENIX Security Symposium. 1749\u20131766."},{"key":"e_1_3_2_1_20_1","volume-title":"12th USENIX Symposium on OSDI. 81\u201397","author":"Grandl Robert","year":"2016","unstructured":"Robert Grandl , Srikanth Kandula , Sriram Rao , Aditya Akella , and Janardhan Kulkarni . 2016 . GRAPHENE: Packing and dependency-aware scheduling for data-parallel clusters . In 12th USENIX Symposium on OSDI. 81\u201397 . Robert Grandl, Srikanth Kandula, Sriram Rao, Aditya Akella, and Janardhan Kulkarni. 2016. GRAPHENE: Packing and dependency-aware scheduling for data-parallel clusters. In 12th USENIX Symposium on OSDI. 81\u201397."},{"key":"e_1_3_2_1_21_1","volume-title":"44th IEEE Int. Conf. on Dependable Systems and Networks. 491\u2013502","author":"Gu Zhongshu","year":"2014","unstructured":"Zhongshu Gu , Brendan Saltaformaggio , Xiangyu Zhang , and Dongyan Xu . 2014 . Face-change: Application-driven dynamic kernel view switching in a virtual machine . In 44th IEEE Int. Conf. on Dependable Systems and Networks. 491\u2013502 . Zhongshu Gu, Brendan Saltaformaggio, Xiangyu Zhang, and Dongyan Xu. 2014. Face-change: Application-driven dynamic kernel view switching in a virtual machine. In 44th IEEE Int. Conf. on Dependable Systems and Networks. 491\u2013502."},{"key":"e_1_3_2_1_22_1","volume-title":"IFIP Annual Conference on Data and Applications Security and Privacy. Springer, 275\u2013292","author":"Han Jin","year":"2017","unstructured":"Jin Han , Wanyu Zang , Songqing Chen , and Meng Yu . 2017 . Reducing security risks of clouds through virtual machine placement . In IFIP Annual Conference on Data and Applications Security and Privacy. Springer, 275\u2013292 . Jin Han, Wanyu Zang, Songqing Chen, and Meng Yu. 2017. Reducing security risks of clouds through virtual machine placement. In IFIP Annual Conference on Data and Applications Security and Privacy. Springer, 275\u2013292."},{"key":"e_1_3_2_1_23_1","first-page":"95","article-title":"Using virtual machine allocation policies to defend against co-resident attacks in cloud computing","volume":"14","author":"Han Yi","year":"2015","unstructured":"Yi Han , Jeffrey Chan , Tansu Alpcan , and Christopher Leckie . 2015 . Using virtual machine allocation policies to defend against co-resident attacks in cloud computing . IEEE Trans. on Dependable and Secure Computing 14 , 1 (2015), 95 \u2013 108 . Yi Han, Jeffrey Chan, Tansu Alpcan, and Christopher Leckie. 2015. Using virtual machine allocation policies to defend against co-resident attacks in cloud computing. IEEE Trans. on Dependable and Secure Computing 14, 1 (2015), 95\u2013108.","journal-title":"IEEE Trans. on Dependable and Secure Computing"},{"key":"e_1_3_2_1_24_1","volume-title":"Proceedings of the ACM Conference on Computer and Communications Security. 380\u2013394","author":"Heo Kihong","year":"2018","unstructured":"Kihong Heo , Woosuk Lee , Pardis Pashakhaloo , and Mayur Naik . 2018 . Effective Program Debloating via Reinforcement Learning . In Proceedings of the ACM Conference on Computer and Communications Security. 380\u2013394 . Kihong Heo, Woosuk Lee, Pardis Pashakhaloo, and Mayur Naik. 2018. Effective Program Debloating via Reinforcement Learning. In Proceedings of the ACM Conference on Computer and Communications Security. 380\u2013394."},{"key":"e_1_3_2_1_25_1","volume-title":"influxdb-comparisons. https:\/\/github.com\/influxdata\/influxdb-comparisons. Accessed","year":"2022","unstructured":"InfluxData. 2022. influxdb-comparisons. https:\/\/github.com\/influxdata\/influxdb-comparisons. Accessed 2022 . InfluxData. 2022. influxdb-comparisons. https:\/\/github.com\/influxdata\/influxdb-comparisons. Accessed 2022."},{"key":"e_1_3_2_1_26_1","volume-title":"Computer Security \u2013 ESORICS","author":"Jang Sunwoo","year":"2022","unstructured":"Sunwoo Jang , Somin Song , Byungchul Tak , Sahil Suneja , Michael\u00a0 V. Le , Chuan Yue , and Dan Williams . 2022. SecQuant: Quantifying Container System Call Exposure . In Computer Security \u2013 ESORICS 2022 . 145\u2013166. Sunwoo Jang, Somin Song, Byungchul Tak, Sahil Suneja, Michael\u00a0V. Le, Chuan Yue, and Dan Williams. 2022. SecQuant: Quantifying Container System Call Exposure. In Computer Security \u2013 ESORICS 2022. 145\u2013166."},{"key":"e_1_3_2_1_27_1","volume-title":"https:\/\/katacontainers.io\/. Accessed","author":"Containers Kata","year":"2022","unstructured":"Kata Containers . 2022. Kata Containers . https:\/\/katacontainers.io\/. Accessed 2022 . Kata Containers. 2022. Kata Containers. https:\/\/katacontainers.io\/. Accessed 2022."},{"key":"e_1_3_2_1_28_1","volume-title":"byte-unixbench. https:\/\/github.com\/kdlucas\/byte-unixbench. Accessed","author":"Lucas Kelly","year":"2022","unstructured":"Kelly Lucas . 2022. byte-unixbench. https:\/\/github.com\/kdlucas\/byte-unixbench. Accessed 2022 . Kelly Lucas. 2022. byte-unixbench. https:\/\/github.com\/kdlucas\/byte-unixbench. Accessed 2022."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10586-019-02966-6"},{"key":"e_1_3_2_1_30_1","volume-title":"Prof-gen: Practical Study on System Call Whitelist Generation for Container Attack Surface Reduction. In 2021 IEEE 14th International Conference on Cloud Computing. 278\u2013287","author":"Kim Sungjin","year":"2021","unstructured":"Sungjin Kim , Byung\u00a0Joon Kim , and Dong\u00a0Hoon Lee . 2021 . Prof-gen: Practical Study on System Call Whitelist Generation for Container Attack Surface Reduction. In 2021 IEEE 14th International Conference on Cloud Computing. 278\u2013287 . Sungjin Kim, Byung\u00a0Joon Kim, and Dong\u00a0Hoon Lee. 2021. Prof-gen: Practical Study on System Call Whitelist Generation for Container Attack Surface Reduction. In 2021 IEEE 14th International Conference on Cloud Computing. 278\u2013287."},{"key":"e_1_3_2_1_31_1","volume-title":"The Kubernetes Security Profiles Operator. https:\/\/github.com\/kubernetes-sigs\/security-profiles-operator. Accessed","author":"Kubernetes SIGs.","year":"2022","unstructured":"Kubernetes SIGs. 2022. The Kubernetes Security Profiles Operator. https:\/\/github.com\/kubernetes-sigs\/security-profiles-operator. Accessed 2022 . Kubernetes SIGs. 2022. The Kubernetes Security Profiles Operator. https:\/\/github.com\/kubernetes-sigs\/security-profiles-operator. Accessed 2022."},{"key":"e_1_3_2_1_32_1","volume-title":"Proc. of the 15th European Conference on Computer Systems.","author":"Kuo Hsuan Chi","year":"2020","unstructured":"Hsuan Chi Kuo , Dan Williams , Ricardo Koller , and Sibin Mohan . 2020 . A Linux in unikernel clothing . In Proc. of the 15th European Conference on Computer Systems. Hsuan Chi Kuo, Dan Williams, Ricardo Koller, and Sibin Mohan. 2020. A Linux in unikernel clothing. In Proc. of the 15th European Conference on Computer Systems."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3379469"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"crossref","unstructured":"Anil Kurmus Sergej Dechand and R. Kapitza. 2014. Quantifiable Run-Time Kernel Attack Surface Reduction. In Detection of Intrusions and Malware and Vulnerability Assessment. 212\u2013234.  Anil Kurmus Sergej Dechand and R. Kapitza. 2014. Quantifiable Run-Time Kernel Attack Surface Reduction. In Detection of Intrusions and Malware and Vulnerability Assessment. 212\u2013234.","DOI":"10.1007\/978-3-319-08509-8_12"},{"key":"e_1_3_2_1_35_1","volume-title":"International Conference on Security and Cryptography. 321\u2013326","author":"Li Min","year":"2012","unstructured":"Min Li , Yulong Zhang , Kun Bai , Wanyu Zang , Meng Yu , and Xubin He . 2012 . Improving cloud survivability through dependency based virtual machine placement . In International Conference on Security and Cryptography. 321\u2013326 . Min Li, Yulong Zhang, Kun Bai, Wanyu Zang, Meng Yu, and Xubin He. 2012. Improving cloud survivability through dependency based virtual machine placement. In International Conference on Security and Cryptography. 321\u2013326."},{"key":"e_1_3_2_1_36_1","volume-title":"https:\/\/github.com\/docker-library\/docs\/tree\/master\/lightstreamer. Accessed","author":"Doc Lightstreamer","year":"2022","unstructured":"Lightstreamer. 2022. Lightstreamer Doc . https:\/\/github.com\/docker-library\/docs\/tree\/master\/lightstreamer. Accessed 2022 . Lightstreamer. 2022. Lightstreamer Doc. https:\/\/github.com\/docker-library\/docs\/tree\/master\/lightstreamer. Accessed 2022."},{"key":"e_1_3_2_1_37_1","volume-title":"The Dirty Pipe Vulnerability. https:\/\/dirtypipe.cm4all.com. Accessed","author":"Kellermann Max","year":"2022","unstructured":"Max Kellermann . 2022. The Dirty Pipe Vulnerability. https:\/\/dirtypipe.cm4all.com. Accessed 2022 . Max Kellermann. 2022. The Dirty Pipe Vulnerability. https:\/\/dirtypipe.cm4all.com. Accessed 2022."},{"key":"e_1_3_2_1_38_1","volume-title":"Kubernetes multi-container pods and container communication. https:\/\/www.mirantis.com\/blog\/multi-container-pods-and-container-communication-in-kubernetes\/. Accessed","author":"Chase Nick","year":"2022","unstructured":"Nick Chase . 2022. Kubernetes multi-container pods and container communication. https:\/\/www.mirantis.com\/blog\/multi-container-pods-and-container-communication-in-kubernetes\/. Accessed 2022 . Nick Chase. 2022. Kubernetes multi-container pods and container communication. https:\/\/www.mirantis.com\/blog\/multi-container-pods-and-container-communication-in-kubernetes\/. Accessed 2022."},{"key":"e_1_3_2_1_39_1","volume-title":"https:\/\/github.com\/phunt\/zk-smoketest. Accessed","author":"Hunt Patrick","year":"2022","unstructured":"Patrick Hunt . 2022. ZooKeeper Smoketest . https:\/\/github.com\/phunt\/zk-smoketest. Accessed 2022 . Patrick Hunt. 2022. ZooKeeper Smoketest. https:\/\/github.com\/phunt\/zk-smoketest. Accessed 2022."},{"key":"e_1_3_2_1_40_1","volume-title":"https:\/\/rabbitmq.github.io\/rabbitmq-perf-test\/stable\/htmlsingle\/. Accessed","author":"PerfTest MQ.","year":"2022","unstructured":"Rabbit MQ. 2022. RabbitMQ PerfTest . https:\/\/rabbitmq.github.io\/rabbitmq-perf-test\/stable\/htmlsingle\/. Accessed 2022 . RabbitMQ. 2022. RabbitMQ PerfTest. https:\/\/rabbitmq.github.io\/rabbitmq-perf-test\/stable\/htmlsingle\/. Accessed 2022."},{"key":"e_1_3_2_1_41_1","volume-title":"Overview of RancherOS. https:\/\/rancher.com\/docs\/os\/v1.x\/en\/. Accessed","year":"2021","unstructured":"Rancher. 2021. Overview of RancherOS. https:\/\/rancher.com\/docs\/os\/v1.x\/en\/. Accessed 2021 . Rancher. 2021. Overview of RancherOS. https:\/\/rancher.com\/docs\/os\/v1.x\/en\/. Accessed 2021."},{"key":"e_1_3_2_1_42_1","unstructured":"Red Hat Inc.2021. Chapter 5. Red Hat Enterprise Linux CoreOS (RHCOS). https:\/\/access.redhat.com\/documentation\/en-us\/openshift_container_platform\/4.1\/html\/architecture\/architecture-rhcos. Accessed 2021.  Red Hat Inc.2021. Chapter 5. Red Hat Enterprise Linux CoreOS (RHCOS). https:\/\/access.redhat.com\/documentation\/en-us\/openshift_container_platform\/4.1\/html\/architecture\/architecture-rhcos. Accessed 2021."},{"key":"e_1_3_2_1_43_1","unstructured":"Red Hat Inc.2021. kpatch - live kernel patching. https:\/\/www.aquasec.com\/. Accessed 2021.  Red Hat Inc.2021. kpatch - live kernel patching. https:\/\/www.aquasec.com\/. Accessed 2021."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2133375.2133377"},{"key":"e_1_3_2_1_45_1","volume-title":"Benchmark for load testing FTP servers. https:\/\/github.com\/selectel\/ftpbench. Accessed","year":"2022","unstructured":"Selectel. 2022. Benchmark for load testing FTP servers. https:\/\/github.com\/selectel\/ftpbench. Accessed 2022 . Selectel. 2022. Benchmark for load testing FTP servers. https:\/\/github.com\/selectel\/ftpbench. Accessed 2022."},{"key":"e_1_3_2_1_46_1","unstructured":"Sysdig Inc. 2022. Security Tools for Containers Kubernetes and Cloud - Sysdig. https:\/\/sysdig.com\/. Accessed 2022.  Sysdig Inc. 2022. Security Tools for Containers Kubernetes and Cloud - Sysdig. https:\/\/sysdig.com\/. Accessed 2022."},{"key":"e_1_3_2_1_47_1","volume-title":"8th Workshop on Hot Topics in System Depend.","author":"Tartler Reinhard","year":"2012","unstructured":"Reinhard Tartler , Anil Kurmus , Bernhard Heinloth , Valentin Rothberg , Andreas Ruprecht , Daniela Dorneanu , R\u00fcdiger Kapitza , Wolfgang Schr\u00f6der-Preikschat , and Daniel Lohmann . 2012 . Automatic OS Kernel TCB Reduction by Leveraging Compile-Time Configurability . In 8th Workshop on Hot Topics in System Depend. Reinhard Tartler, Anil Kurmus, Bernhard Heinloth, Valentin Rothberg, Andreas Ruprecht, Daniela Dorneanu, R\u00fcdiger Kapitza, Wolfgang Schr\u00f6der-Preikschat, and Daniel Lohmann. 2012. Automatic OS Kernel TCB Reduction by Leveraging Compile-Time Configurability. In 8th Workshop on Hot Topics in System Depend."},{"key":"e_1_3_2_1_48_1","volume-title":"gVisor. https:\/\/gvisor.dev\/. Accessed","author":"Visor The Authors","year":"2022","unstructured":"The Authors of g Visor . 2022. gVisor. https:\/\/gvisor.dev\/. Accessed 2022 . The Authors of gVisor. 2022. gVisor. https:\/\/gvisor.dev\/. Accessed 2022."},{"key":"e_1_3_2_1_49_1","volume-title":"https:\/\/www.prnewswire.com\/news-releases\/twistlock-announces-twistlock-17-with-new-runtime-defense-architecture-300393120.html. Accessed","author":"With New Runtime Defense Twistlock","year":"2022","unstructured":"Twistlock. 2017. Twistlock 1.7 With New Runtime Defense Architecture. https:\/\/www.prnewswire.com\/news-releases\/twistlock-announces-twistlock-17-with-new-runtime-defense-architecture-300393120.html. Accessed 2022 . Twistlock. 2017. Twistlock 1.7 With New Runtime Defense Architecture. https:\/\/www.prnewswire.com\/news-releases\/twistlock-announces-twistlock-17-with-new-runtime-defense-architecture-300393120.html. Accessed 2022."},{"key":"e_1_3_2_1_50_1","volume-title":"wrk - a HTTP benchmarking tool. https:\/\/github.com\/wg\/wrk. Accessed","author":"Glozer Will","year":"2022","unstructured":"Will Glozer . 2022. wrk - a HTTP benchmarking tool. https:\/\/github.com\/wg\/wrk. Accessed 2022 . Will Glozer. 2022. wrk - a HTTP benchmarking tool. https:\/\/github.com\/wg\/wrk. Accessed 2022."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/3267809.3267845"},{"key":"e_1_3_2_1_52_1","volume-title":"10th Workshop on Hot Topics in Cloud Computing.","author":"Williams Dan","year":"2018","unstructured":"Dan Williams , Ricardo Koller , and Brandon Lum . 2018 . Say goodbye to virtualization for a safer cloud . In 10th Workshop on Hot Topics in Cloud Computing. Dan Williams, Ricardo Koller, and Brandon Lum. 2018. Say goodbye to virtualization for a safer cloud. In 10th Workshop on Hot Topics in Cloud Computing."},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/1618525.1618529"},{"key":"e_1_3_2_1_54_1","volume-title":"IEEE Military Communications Conf.1554\u20131559","author":"Yuchi Xuebiao","unstructured":"Xuebiao Yuchi and S. Shetty . 2015. Enabling security-aware virtual machine placement in IaaS clouds . In IEEE Military Communications Conf.1554\u20131559 . Xuebiao Yuchi and S. Shetty. 2015. Enabling security-aware virtual machine placement in IaaS clouds. In IEEE Military Communications Conf.1554\u20131559."},{"key":"e_1_3_2_1_55_1","volume-title":"IEEE 15th International Conference on High Performance Computing and Communications. 1078\u20131083","author":"Yu S.","unstructured":"S. Yu , X. Gui , F. Tian , P. Yang , and J. Zhao . 2013. A Security-Awareness Virtual Machine Placement Scheme in the Cloud . In IEEE 15th International Conference on High Performance Computing and Communications. 1078\u20131083 . S. Yu, X. Gui, F. Tian, P. Yang, and J. Zhao. 2013. A Security-Awareness Virtual Machine Placement Scheme in the Cloud. In IEEE 15th International Conference on High Performance Computing and Communications. 1078\u20131083."}],"event":{"name":"ASIA CCS '23: ACM ASIA Conference on Computer and Communications Security","location":"Melbourne VIC Australia","acronym":"ASIA CCS '23","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3579856.3582835","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:51:28Z","timestamp":1750182688000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3579856.3582835"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,7,10]]},"references-count":55,"alternative-id":["10.1145\/3579856.3582835","10.1145\/3579856"],"URL":"https:\/\/doi.org\/10.1145\/3579856.3582835","relation":{},"subject":[],"published":{"date-parts":[[2023,7,10]]},"assertion":[{"value":"2023-07-10","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}