{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,17]],"date-time":"2026-04-17T02:46:34Z","timestamp":1776393994781,"version":"3.51.2"},"publisher-location":"New York, NY, USA","reference-count":86,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,7,10]],"date-time":"2023-07-10T00:00:00Z","timestamp":1688947200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Bundesministerium f\u00fcr Wirtschaft und Klimaschutz","award":["03EI6053K"],"award-info":[{"award-number":["03EI6053K"]}]},{"DOI":"10.13039\/501100001659","name":"Deutsche Forschungsgemeinschaft","doi-asserted-by":"publisher","award":["390621612"],"award-info":[{"award-number":["390621612"]}],"id":[{"id":"10.13039\/501100001659","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,7,10]]},"DOI":"10.1145\/3579856.3590329","type":"proceedings-article","created":{"date-parts":[[2023,7,5]],"date-time":"2023-07-05T14:52:13Z","timestamp":1688568733000},"page":"797-811","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":18,"title":["Secrets Revealed in Container Images: An Internet-wide Study on Occurrence and Impact"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9733-540X","authenticated-orcid":false,"given":"Markus","family":"Dahlmanns","sequence":"first","affiliation":[{"name":"Communication and Distributed Systems, RWTH Aachen University, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-6627-1708","authenticated-orcid":false,"given":"Constantin","family":"Sander","sequence":"additional","affiliation":[{"name":"Communication and Distributed Systems, RWTH Aachen University, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-4390-6121","authenticated-orcid":false,"given":"Robin","family":"Decker","sequence":"additional","affiliation":[{"name":"Communication and Distributed Systems, RWTH Aachen University, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7252-4186","authenticated-orcid":false,"given":"Klaus","family":"Wehrle","sequence":"additional","affiliation":[{"name":"Communication and Distributed Systems, RWTH Aachen University, Germany"}]}],"member":"320","published-online":{"date-parts":[[2023,7,10]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"crossref","unstructured":"David Adrian Karthikeyan Bhargavan 2015. Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice. In ACM CCS.  David Adrian Karthikeyan Bhargavan 2015. Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice. In ACM CCS.","DOI":"10.1145\/2810103.2813707"},{"key":"e_1_3_2_1_2_1","volume-title":"A security analysis of Amazon\u2019s Elastic Compute Cloud service","author":"Balduzzi Marco","year":"2012","unstructured":"Marco Balduzzi , Jonas Zaddach , 2012. A security analysis of Amazon\u2019s Elastic Compute Cloud service . IEEE\/IFIP DSN ( 2012 ). Marco Balduzzi, Jonas Zaddach, 2012. A security analysis of Amazon\u2019s Elastic Compute Cloud service. IEEE\/IFIP DSN (2012)."},{"key":"e_1_3_2_1_3_1","volume-title":"Assessing the Use of Insecure ICS Protocols via IXP Network Traffic Analysis","author":"Barbieri Giovanni","unstructured":"Giovanni Barbieri , Mauro Conti , 2021. Assessing the Use of Insecure ICS Protocols via IXP Network Traffic Analysis . In IEEE ICCCN. Giovanni Barbieri, Mauro Conti, 2021. Assessing the Use of Insecure ICS Protocols via IXP Network Traffic Analysis. In IEEE ICCCN."},{"key":"e_1_3_2_1_4_1","volume-title":"Docker Container Security in Cloud Computing","author":"Brady Kelly","unstructured":"Kelly Brady , Seung Moon , 2020. Docker Container Security in Cloud Computing . In IEEE CCWC. Kelly Brady, Seung Moon, 2020. Docker Container Security in Cloud Computing. In IEEE CCWC."},{"key":"e_1_3_2_1_5_1","unstructured":"Stuart Burns. 2021. How to keep Docker secrets secret. https:\/\/www.techtarget.com\/searchitoperations\/tip\/How-to-keep-Docker-secrets-secret. (Accessed on 06\/13\/2022).  Stuart Burns. 2021. How to keep Docker secrets secret. https:\/\/www.techtarget.com\/searchitoperations\/tip\/How-to-keep-Docker-secrets-secret. (Accessed on 06\/13\/2022)."},{"key":"e_1_3_2_1_6_1","unstructured":"Joao\u00a0M. Ceron Justyna\u00a0J. Chromik 2020. Online Discoverability and Vulnerabilities of ICS\/SCADA Devices in the Netherlands. arXiv:2011.02019.  Joao\u00a0M. Ceron Justyna\u00a0J. Chromik 2020. Online Discoverability and Vulnerabilities of ICS\/SCADA Devices in the Netherlands. arXiv:2011.02019."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"crossref","unstructured":"Taejoong Chung Yabing Liu 2016. Measuring and Applying Invalid SSL Certificates: The Silent Majority. In ACM IMC.  Taejoong Chung Yabing Liu 2016. Measuring and Applying Invalid SSL Certificates: The Silent Majority. In ACM IMC.","DOI":"10.1145\/2987443.2987454"},{"key":"e_1_3_2_1_8_1","volume-title":"To Docker or Not to Docker: A Security Perspective","author":"Combe Theo","year":"2016","unstructured":"Theo Combe , Antony Martin , 2016. To Docker or Not to Docker: A Security Perspective . IEEE Cloud Comp . 3, 5 ( 2016 ). Theo Combe, Antony Martin, 2016. To Docker or Not to Docker: A Security Perspective. IEEE Cloud Comp. 3, 5 (2016)."},{"key":"e_1_3_2_1_9_1","unstructured":"COMSYS. 2023. Docker Secret Analysis Code. https:\/\/github.com\/COMSYS\/docker-secret-analysis.  COMSYS. 2023. Docker Secret Analysis Code. https:\/\/github.com\/COMSYS\/docker-secret-analysis."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"crossref","unstructured":"Ang Cui and Salvatore\u00a0J. Stolfo. 2010. A Quantitative Analysis of the Insecurity of Embedded Network Devices: Results of a Wide-Area Scan. In ACM ACSAC.  Ang Cui and Salvatore\u00a0J. Stolfo. 2010. A Quantitative Analysis of the Insecurity of Embedded Network Devices: Results of a Wide-Area Scan. In ACM ACSAC.","DOI":"10.1145\/1920261.1920276"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"crossref","unstructured":"Markus Dahlmanns Johannes Lohm\u00f6ller 2020. Easing the Conscience with OPC UA: An Internet-Wide Study on Insecure Deployments. In ACM IMC.  Markus Dahlmanns Johannes Lohm\u00f6ller 2020. Easing the Conscience with OPC UA: An Internet-Wide Study on Insecure Deployments. In ACM IMC.","DOI":"10.1145\/3419394.3423666"},{"key":"e_1_3_2_1_12_1","volume-title":"Missed Opportunities: Measuring the Untapped TLS Support in the Industrial Internet of Things. In ACM ASIACCS.","author":"Dahlmanns Markus","year":"2022","unstructured":"Markus Dahlmanns , Johannes Lohm\u00f6ller , 2022 . Missed Opportunities: Measuring the Untapped TLS Support in the Industrial Internet of Things. In ACM ASIACCS. New York, NY, USA . Markus Dahlmanns, Johannes Lohm\u00f6ller, 2022. Missed Opportunities: Measuring the Untapped TLS Support in the Industrial Internet of Things. In ACM ASIACCS. New York, NY, USA."},{"key":"e_1_3_2_1_13_1","unstructured":"Jean-Laurent de Morlhon. 2020. Scaling Docker\u2019s Business to Serve Millions More Developers: Storage - Docker. https:\/\/www.docker.com\/blog\/scaling-dockers-business-to-serve-millions-more-developers-storage\/. (Accessed on 08\/17\/2022).  Jean-Laurent de Morlhon. 2020. Scaling Docker\u2019s Business to Serve Millions More Developers: Storage - Docker. https:\/\/www.docker.com\/blog\/scaling-dockers-business-to-serve-millions-more-developers-storage\/. (Accessed on 08\/17\/2022)."},{"key":"e_1_3_2_1_14_1","unstructured":"deepfence. 2022. SecretScanner. https:\/\/github.com\/deepfence\/SecretScanner. (Accessed on 10\/11\/2022).  deepfence. 2022. SecretScanner. https:\/\/github.com\/deepfence\/SecretScanner. (Accessed on 10\/11\/2022)."},{"key":"e_1_3_2_1_16_1","unstructured":"Docker Inc.2022. Docker Documentation: Best practices for writing Dockerfiles. https:\/\/docs.docker.com\/develop\/develop-images\/dockerfile_best-practices\/. (Accessed on 11\/11\/2022).  Docker Inc.2022. Docker Documentation: Best practices for writing Dockerfiles. https:\/\/docs.docker.com\/develop\/develop-images\/dockerfile_best-practices\/. (Accessed on 11\/11\/2022)."},{"key":"e_1_3_2_1_17_1","unstructured":"Docker Inc.2022. Docker Documentation: Deploy a registry server. https:\/\/docs.docker.com\/registry\/deploying\/. (Accessed on 11\/30\/2022).  Docker Inc.2022. Docker Documentation: Deploy a registry server. https:\/\/docs.docker.com\/registry\/deploying\/. (Accessed on 11\/30\/2022)."},{"key":"e_1_3_2_1_18_1","unstructured":"Docker Inc.2022. Docker Documentation: Dockerfile reference. https:\/\/docs.docker.com\/engine\/reference\/builder\/. (Accessed on 08\/11\/2022).  Docker Inc.2022. Docker Documentation: Dockerfile reference. https:\/\/docs.docker.com\/engine\/reference\/builder\/. (Accessed on 08\/11\/2022)."},{"key":"e_1_3_2_1_19_1","unstructured":"Docker Inc.2022. Docker Documentation: HTTP API. https:\/\/docs.docker.com\/registry\/spec\/api\/. (Accessed on 08\/09\/2022).  Docker Inc.2022. Docker Documentation: HTTP API. https:\/\/docs.docker.com\/registry\/spec\/api\/. (Accessed on 08\/09\/2022)."},{"key":"e_1_3_2_1_20_1","unstructured":"Docker Inc.2022. Docker Documentation: Image Manifest. https:\/\/docs.docker.com\/registry\/spec\/manifest-v2-2\/. (Accessed on 08\/09\/2022).  Docker Inc.2022. Docker Documentation: Image Manifest. https:\/\/docs.docker.com\/registry\/spec\/manifest-v2-2\/. (Accessed on 08\/09\/2022)."},{"key":"e_1_3_2_1_21_1","unstructured":"Docker Inc.2022. Docker Hub Container Image Library. https:\/\/hub.docker.com\/. (Accessed on 06\/07\/2022).  Docker Inc.2022. Docker Hub Container Image Library. https:\/\/hub.docker.com\/. (Accessed on 06\/07\/2022)."},{"key":"e_1_3_2_1_22_1","unstructured":"Docker Inc.2022. Increase Rate Limits - Docker. https:\/\/www.docker.com\/increase-rate-limits\/. (Accessed on 08\/17\/2022).  Docker Inc.2022. Increase Rate Limits - Docker. https:\/\/www.docker.com\/increase-rate-limits\/. (Accessed on 08\/17\/2022)."},{"key":"e_1_3_2_1_23_1","unstructured":"Docker Inc.2022. Manage sensitive data with Docker secrets. https:\/\/docs.docker.com\/engine\/swarm\/secrets\/. (Accessed on 06\/15\/2022).  Docker Inc.2022. Manage sensitive data with Docker secrets. https:\/\/docs.docker.com\/engine\/swarm\/secrets\/. (Accessed on 06\/15\/2022)."},{"key":"e_1_3_2_1_24_1","unstructured":"Docker Inc.2022. What is a Container? - Docker. https:\/\/www.docker.com\/resources\/what-container\/. (Accessed on 08\/09\/2022).  Docker Inc.2022. What is a Container? - Docker. https:\/\/www.docker.com\/resources\/what-container\/. (Accessed on 08\/09\/2022)."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"crossref","unstructured":"Zakir Durumeric David Adrian 2015. A Search Engine Backed by Internet-Wide Scanning. In ACM CCS.  Zakir Durumeric David Adrian 2015. A Search Engine Backed by Internet-Wide Scanning. In ACM CCS.","DOI":"10.1145\/2810103.2813703"},{"key":"e_1_3_2_1_26_1","unstructured":"Zakir Durumeric Eric Wustrow 2013. ZMap: Fast Internet-wide Scanning and Its Security Applications. In USENIX SEC.  Zakir Durumeric Eric Wustrow 2013. ZMap: Fast Internet-wide Scanning and Its Security Applications. In USENIX SEC."},{"key":"e_1_3_2_1_27_1","volume-title":"Git Leaks: Boosting Detection Effectiveness Through Endpoint Visibility","author":"Farinella Carlo","year":"2021","unstructured":"Carlo Farinella , Ali Ahmed , 2021 . Git Leaks: Boosting Detection Effectiveness Through Endpoint Visibility . In IEEE TrustCom . Carlo Farinella, Ali Ahmed, 2021. Git Leaks: Boosting Detection Effectiveness Through Endpoint Visibility. In IEEE TrustCom."},{"key":"e_1_3_2_1_28_1","volume-title":"ACM ICSE.","author":"Feng Runhan","unstructured":"Runhan Feng , Ziyang Yan , 2022. Automated Detection of Password Leakage from Public GitHub Repositories . In ACM ICSE. New York, NY, USA . Runhan Feng, Ziyang Yan, 2022. Automated Detection of Password Leakage from Public GitHub Repositories. In ACM ICSE. New York, NY, USA."},{"key":"e_1_3_2_1_29_1","volume-title":"A deeper understanding of SSH: Results from Internet-wide scans","author":"Gasser Oliver","unstructured":"Oliver Gasser , Ralph Holz , 2014. A deeper understanding of SSH: Results from Internet-wide scans . In IEEE NOMS. Oliver Gasser, Ralph Holz, 2014. A deeper understanding of SSH: Results from Internet-wide scans. In IEEE NOMS."},{"key":"e_1_3_2_1_30_1","volume-title":"ShoVAT: Shodan-Based Vulnerability Assessment Tool for Internet-Facing Services. Sec. and Commun. Netw. 9, 15","author":"Genge B\u00e9la","year":"2016","unstructured":"B\u00e9la Genge and C\u0103lin En\u0103chescu . 2016. ShoVAT: Shodan-Based Vulnerability Assessment Tool for Internet-Facing Services. Sec. and Commun. Netw. 9, 15 ( 2016 ). B\u00e9la Genge and C\u0103lin En\u0103chescu. 2016. ShoVAT: Shodan-Based Vulnerability Assessment Tool for Internet-Facing Services. Sec. and Commun. Netw. 9, 15 (2016)."},{"key":"e_1_3_2_1_31_1","unstructured":"GitGuardian. 2022. Git Security Scanning & Secrets Detection. https:\/\/www.gitguardian.com\/. (Accessed on 06\/17\/2022).  GitGuardian. 2022. Git Security Scanning & Secrets Detection. https:\/\/www.gitguardian.com\/. (Accessed on 06\/17\/2022)."},{"key":"e_1_3_2_1_32_1","volume-title":"ACM ASIACCS.","author":"Glanz Leonid","unstructured":"Leonid Glanz , Patrick M\u00fcller , 2020. Hidden in Plain Sight: Obfuscated Strings Threatening Your Privacy . In ACM ASIACCS. New York, NY, USA . Leonid Glanz, Patrick M\u00fcller, 2020. Hidden in Plain Sight: Obfuscated Strings Threatening Your Privacy. In ACM ASIACCS. New York, NY, USA."},{"key":"e_1_3_2_1_33_1","volume-title":"PSA: Don\u2019t upload your important passwords to GitHub. https:\/\/arstechnica.com\/information-technology\/2013\/01\/psa-dont-upload-your-important-passwords-to-github\/. (Accessed on 06\/13\/2022).","author":"Goodin Dan","year":"2013","unstructured":"Dan Goodin . 2013 . PSA: Don\u2019t upload your important passwords to GitHub. https:\/\/arstechnica.com\/information-technology\/2013\/01\/psa-dont-upload-your-important-passwords-to-github\/. (Accessed on 06\/13\/2022). Dan Goodin. 2013. PSA: Don\u2019t upload your important passwords to GitHub. https:\/\/arstechnica.com\/information-technology\/2013\/01\/psa-dont-upload-your-important-passwords-to-github\/. (Accessed on 06\/13\/2022)."},{"key":"e_1_3_2_1_34_1","unstructured":"Dan Goodin. 2018. Thousands of servers found leaking 750MB worth of passwords and keys. https:\/\/arstechnica.com\/information-technology\/2018\/03\/thousands-of-servers-found-leaking-750-mb-worth-of-passwords-and-keys\/. (Accessed on 06\/13\/2022).  Dan Goodin. 2018. Thousands of servers found leaking 750MB worth of passwords and keys. https:\/\/arstechnica.com\/information-technology\/2018\/03\/thousands-of-servers-found-leaking-750-mb-worth-of-passwords-and-keys\/. (Accessed on 06\/13\/2022)."},{"key":"e_1_3_2_1_35_1","volume-title":"Analyzing Internet-connected industrial equipment","author":"Hansson Adam","unstructured":"Adam Hansson , Mohammad Khodari , 2018. Analyzing Internet-connected industrial equipment . In IEEE ICSigSys . Adam Hansson, Mohammad Khodari, 2018. Analyzing Internet-connected industrial equipment. In IEEE ICSigSys."},{"key":"e_1_3_2_1_36_1","unstructured":"Nadia Heninger Zakir Durumeric 2012. Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices. In USENIX SEC.  Nadia Heninger Zakir Durumeric 2012. Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices. In USENIX SEC."},{"key":"e_1_3_2_1_37_1","unstructured":"Michael Henriksen. 2022. Reconnaissance tool for GitHub organizations. https:\/\/github.com\/michenriksen\/gitrob. (Accessed on 06\/17\/2022).  Michael Henriksen. 2022. Reconnaissance tool for GitHub organizations. https:\/\/github.com\/michenriksen\/gitrob. (Accessed on 06\/17\/2022)."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"crossref","unstructured":"Jens Hiller Johanna Amann 2020. The Boon and Bane of Cross-Signing: Shedding Light on a Common Practice in Public Key Infrastructures. In ACM CCS.  Jens Hiller Johanna Amann 2020. The Boon and Bane of Cross-Signing: Shedding Light on a Common Practice in Public Key Infrastructures. In ACM CCS.","DOI":"10.1145\/3372297.3423345"},{"key":"e_1_3_2_1_39_1","volume-title":"TLS in the Wild: An Internet-wide Analysis of TLS-based Protocols for Electronic Communication. NDSS","author":"Holz Ralph","year":"2016","unstructured":"Ralph Holz , Johanna Amann , 2016. TLS in the Wild: An Internet-wide Analysis of TLS-based Protocols for Electronic Communication. NDSS ( 2016 ). Ralph Holz, Johanna Amann, 2016. TLS in the Wild: An Internet-wide Analysis of TLS-based Protocols for Electronic Communication. NDSS (2016)."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"crossref","unstructured":"Ralph Holz Lothar Braun 2011. The SSL Landscape: A Thorough Analysis of the x.509 PKI Using Active and Passive Measurements. In ACM IMC.  Ralph Holz Lothar Braun 2011. The SSL Landscape: A Thorough Analysis of the x.509 PKI Using Active and Passive Measurements. In ACM IMC.","DOI":"10.1145\/2068816.2068856"},{"key":"e_1_3_2_1_41_1","article-title":". Tracking the Deployment of TLS 1.3 on the Web: A Story of Experimentation and Centralization","volume":"50","author":"Holz Ralph","year":"2020","unstructured":"Ralph Holz , Jens Hiller , 2020 . Tracking the Deployment of TLS 1.3 on the Web: A Story of Experimentation and Centralization . ACM SIGCOMM Comput. Commun. Rev. 50 , 3 (2020). Ralph Holz, Jens Hiller, 2020. Tracking the Deployment of TLS 1.3 on the Web: A Story of Experimentation and Centralization. ACM SIGCOMM Comput. Commun. Rev. 50, 3 (2020).","journal-title":"ACM SIGCOMM Comput. Commun. Rev."},{"key":"e_1_3_2_1_42_1","volume-title":"Security Analysis and Threats Detection Techniques on Docker Container","author":"Huang Delu","unstructured":"Delu Huang , Handong Cui , 2019. Security Analysis and Threats Detection Techniques on Docker Container . In IEEE ICCC. Delu Huang, Handong Cui, 2019. Security Analysis and Threats Detection Techniques on Docker Container. In IEEE ICCC."},{"key":"e_1_3_2_1_43_1","unstructured":"Henri Hubert. 2021. Secrets exposed in Docker images: Hunting for secrets in Docker Hub. https:\/\/blog.gitguardian.com\/hunting-for-secrets-in-docker-hub\/. (Accessed on 06\/13\/2022).  Henri Hubert. 2021. Secrets exposed in Docker images: Hunting for secrets in Docker Hub. https:\/\/blog.gitguardian.com\/hunting-for-secrets-in-docker-hub\/. (Accessed on 06\/13\/2022)."},{"key":"e_1_3_2_1_44_1","first-page":"1","volume":"1131","author":"Jain Vipin","year":"2021","unstructured":"Vipin Jain , Baldev Singh , 2021 . Static Vulnerability Analysis of Docker Images. IOP: Mat. Sc. and Eng. 1131 , 1 (apr 2021). Vipin Jain, Baldev Singh, 2021. Static Vulnerability Analysis of Docker Images. IOP: Mat. Sc. and Eng. 1131, 1 (apr 2021).","journal-title":"Static Vulnerability Analysis of Docker Images. IOP: Mat. Sc. and Eng."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"crossref","unstructured":"Sabrina Kall and Slim Trabelsi. 2021. An Asynchronous Federated Learning Approach for a Security Source Code Scanner. In ICISSP Paolo Mori Gabriele Lenzini and Steven Furnell (Eds.).  Sabrina Kall and Slim Trabelsi. 2021. An Asynchronous Federated Learning Approach for a Security Source Code Scanner. In ICISSP Paolo Mori Gabriele Lenzini and Steven Furnell (Eds.).","DOI":"10.5220\/0010300305720579"},{"key":"e_1_3_2_1_46_1","unstructured":"Timo Kiravuo Seppo Tiilikainen 2015. Peeking Under the Skirts of a Nation: Finding ICS Vulnerabilities in the Critical Digital Infrastructure. In ECCWS.  Timo Kiravuo Seppo Tiilikainen 2015. Peeking Under the Skirts of a Nation: Finding ICS Vulnerabilities in the Critical Digital Infrastructure. In ECCWS."},{"key":"e_1_3_2_1_47_1","volume-title":"Poster: Committed by Accident \u2014- Prevention and Remediation Strategies Against Secret Leakage. https:\/\/www.ieee-security.org\/TC\/SP2022\/program-posters.html.","author":"Krause Alexander","year":"2022","unstructured":"Alexander Krause , Jan\u00a0 H. Klemmer , 2022 . Poster: Committed by Accident \u2014- Prevention and Remediation Strategies Against Secret Leakage. https:\/\/www.ieee-security.org\/TC\/SP2022\/program-posters.html. Alexander Krause, Jan\u00a0H. Klemmer, 2022. Poster: Committed by Accident \u2014- Prevention and Remediation Strategies Against Secret Leakage. https:\/\/www.ieee-security.org\/TC\/SP2022\/program-posters.html."},{"key":"e_1_3_2_1_48_1","volume-title":"Tracking Certificate Misissuance in the Wild","author":"Kumar Deepak","unstructured":"Deepak Kumar , Zhengping Wang , 2018. Tracking Certificate Misissuance in the Wild . In IEEE SP. Deepak Kumar, Zhengping Wang, 2018. Tracking Certificate Misissuance in the Wild. In IEEE SP."},{"key":"e_1_3_2_1_49_1","unstructured":"Mohit Kumar. 2013. Hundreds of SSH Private Keys exposed via GitHub Search. https:\/\/thehackernews.com\/2013\/01\/hundreds-of-ssh-private-keys-exposed.html. (Accessed on 06\/13\/2022).  Mohit Kumar. 2013. Hundreds of SSH Private Keys exposed via GitHub Search. https:\/\/thehackernews.com\/2013\/01\/hundreds-of-ssh-private-keys-exposed.html. (Accessed on 06\/13\/2022)."},{"key":"e_1_3_2_1_50_1","unstructured":"Detectify Labs. 2016. Slack bot token leakage exposing business critical information. https:\/\/labs.detectify.com\/2016\/04\/28\/slack-bot-token-leakage-exposing-business-critical-information\/. (Accessed on 06\/15\/2022).  Detectify Labs. 2016. Slack bot token leakage exposing business critical information. https:\/\/labs.detectify.com\/2016\/04\/28\/slack-bot-token-leakage-exposing-business-critical-information\/. (Accessed on 06\/15\/2022)."},{"key":"e_1_3_2_1_51_1","volume-title":"ACM WWW.","author":"Lee Hyunwoo","unstructured":"Hyunwoo Lee , Doowon Kim , 2021. TLS 1.3 in Practice : How TLS 1.3 Contributes to the Internet . In ACM WWW. New York, NY, USA . Hyunwoo Lee, Doowon Kim, 2021. TLS 1.3 in Practice: How TLS 1.3 Contributes to the Internet. In ACM WWW. New York, NY, USA."},{"key":"e_1_3_2_1_52_1","volume-title":"ACM ASIACCS.","author":"Lee Joonhee","unstructured":"Joonhee Lee , Hyunwoo Lee , 2021. Analyzing Spatial Differences in the TLS Security of Delegated Web Services . In ACM ASIACCS. New York, NY, USA . Joonhee Lee, Hyunwoo Lee, 2021. Analyzing Spatial Differences in the TLS Security of Delegated Web Services. In ACM ASIACCS. New York, NY, USA."},{"key":"e_1_3_2_1_53_1","volume-title":"Quantitatively Assessing and Visualising Industrial System Attack Surfaces. Master\u2019s thesis","author":"Leverett P.","unstructured":"\u00c9ireann\u00a0 P. Leverett . 2011. Quantitatively Assessing and Visualising Industrial System Attack Surfaces. Master\u2019s thesis . University of Cambridge . \u00c9ireann\u00a0P. Leverett. 2011. Quantitatively Assessing and Visualising Industrial System Attack Surfaces. Master\u2019s thesis. University of Cambridge."},{"key":"e_1_3_2_1_54_1","unstructured":"Guannan Liu Xing Gao 2022. Exploring the Unchartered Space of Container Registry Typosquatting. In USENIX SEC.  Guannan Liu Xing Gao 2022. Exploring the Unchartered Space of Container Registry Typosquatting. In USENIX SEC."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"crossref","unstructured":"Peiyu Liu Shouling Ji 2020. Understanding the Security Risks of Docker Hub. In ESORICS Liqun Chen Ninghui Li Kaitai Liang and Steve Schneider (Eds.). Cham.  Peiyu Liu Shouling Ji 2020. Understanding the Security Risks of Docker Hub. In ESORICS Liqun Chen Ninghui Li Kaitai Liang and Steve Schneider (Eds.). Cham.","DOI":"10.1007\/978-3-030-58951-6_13"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"crossref","unstructured":"S. Lounici M. Rosa 2021. Optimizing Leak Detection in Open-Source Platforms with Machine Learning Techniques. In ICISSP.  S. Lounici M. Rosa 2021. Optimizing Leak Detection in Open-Source Platforms with Machine Learning Techniques. In ICISSP.","DOI":"10.5220\/0010238101450159"},{"key":"e_1_3_2_1_58_1","volume-title":"How Bad Can It Git? Characterizing Secret Leakage in Public GitHub Repositories. NDSS","author":"Meli Michael","year":"2019","unstructured":"Michael Meli , Matthew\u00a0 R. McNiece , 2019. How Bad Can It Git? Characterizing Secret Leakage in Public GitHub Repositories. NDSS ( 2019 ). Michael Meli, Matthew\u00a0R. McNiece, 2019. How Bad Can It Git? Characterizing Secret Leakage in Public GitHub Repositories. NDSS (2019)."},{"key":"e_1_3_2_1_59_1","volume-title":"An Internet-wide view of ICS devices","author":"Mirian Ariana","unstructured":"Ariana Mirian , Zane Ma , 2016. An Internet-wide view of ICS devices . In IEEE PST. Ariana Mirian, Zane Ma, 2016. An Internet-wide view of ICS devices. In IEEE PST."},{"key":"e_1_3_2_1_60_1","volume-title":"Uncovering Vulnerable Industrial Control Systems from the Internet Core","author":"Nawrocki Marcin","unstructured":"Marcin Nawrocki , Thomas\u00a0 C. Schmidt , 2020. Uncovering Vulnerable Industrial Control Systems from the Internet Core . In IEEE\/IFIP NOMS. Marcin Nawrocki, Thomas\u00a0C. Schmidt, 2020. Uncovering Vulnerable Industrial Control Systems from the Internet Core. In IEEE\/IFIP NOMS."},{"key":"e_1_3_2_1_61_1","volume-title":"Containerization and the PaaS Cloud","author":"Pahl Claus","year":"2015","unstructured":"Claus Pahl . 2015. Containerization and the PaaS Cloud . IEEE Cloud Comp . 2, 3 ( 2015 ). Claus Pahl. 2015. Containerization and the PaaS Cloud. IEEE Cloud Comp. 2, 3 (2015)."},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"crossref","unstructured":"Akond Rahman Chris Parnin 2019. The Seven Sins: Security Smells in Infrastructure as Code Scripts. In ICSE.  Akond Rahman Chris Parnin 2019. The Seven Sins: Security Smells in Infrastructure as Code Scripts. In ICSE.","DOI":"10.1109\/ICSE.2019.00033"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/3408897"},{"key":"e_1_3_2_1_64_1","volume-title":"Different Kind of Smells: Security Smells in Infrastructure as Code Scripts","author":"Rahman Akond","year":"2021","unstructured":"Akond Rahman and Laurie Williams . 2021. Different Kind of Smells: Security Smells in Infrastructure as Code Scripts . IEEE S &P 19, 3 ( 2021 ). Akond Rahman and Laurie Williams. 2021. Different Kind of Smells: Security Smells in Infrastructure as Code Scripts. IEEE S&P 19, 3 (2021)."},{"key":"e_1_3_2_1_65_1","volume-title":"But be Aware: Security Smells in Python Gists","author":"Rahman Md\u00a0Rayhanur","unstructured":"Md\u00a0Rayhanur Rahman , Akond Rahman , 2019. Share , But be Aware: Security Smells in Python Gists . In IEEE ICSME. Md\u00a0Rayhanur Rahman, Akond Rahman, 2019. Share, But be Aware: Security Smells in Python Gists. In IEEE ICSME."},{"key":"e_1_3_2_1_66_1","unstructured":"RedHunt Labs. 2021. Scanning Millions Of Publicly Exposed Docker Containers \u2014 Thousands Of Secrets Leaked (Wave 5). https:\/\/redhuntlabs.com\/blog\/scanning-millions-of-publicly-exposed-docker-containers-thousands-of-secrets-leaked.html. (Accessed on 06\/13\/2022).  RedHunt Labs. 2021. Scanning Millions Of Publicly Exposed Docker Containers \u2014 Thousands Of Secrets Leaked (Wave 5). https:\/\/redhuntlabs.com\/blog\/scanning-millions-of-publicly-exposed-docker-containers-thousands-of-secrets-leaked.html. (Accessed on 06\/13\/2022)."},{"key":"e_1_3_2_1_67_1","volume-title":"Secrets in Source Code: Reducing False Positives using Machine Learning","author":"Saha Aakanksha","unstructured":"Aakanksha Saha , Tamara Denning , 2020. Secrets in Source Code: Reducing False Positives using Machine Learning . In IEEE COMSNETS. Aakanksha Saha, Tamara Denning, 2020. Secrets in Source Code: Reducing False Positives using Machine Learning. In IEEE COMSNETS."},{"key":"e_1_3_2_1_68_1","unstructured":"Luca Schumann Trinh\u00a0Viet Doan 2022. Impact of Evolving Protocols and COVID-19 on Internet Traffic Shares. https:\/\/arxiv.org\/abs\/2201.00142.  Luca Schumann Trinh\u00a0Viet Doan 2022. Impact of Evolving Protocols and COVID-19 on Internet Traffic Shares. https:\/\/arxiv.org\/abs\/2201.00142."},{"key":"e_1_3_2_1_69_1","unstructured":"SecurityFail. 2022. kompromat. https:\/\/github.com\/SecurityFail\/kompromat. (Accessed on 11\/09\/2022).  SecurityFail. 2022. kompromat. https:\/\/github.com\/SecurityFail\/kompromat. (Accessed on 11\/09\/2022)."},{"key":"e_1_3_2_1_70_1","unstructured":"Mat\u00edas Sequeira. 2020. Low-hanging Secrets in Docker Hub and a Tool to Catch Them All. https:\/\/ioactive.com\/guest-blog-docker-hub-scanner-matias-sequeira\/. (Accessed on 06\/13\/2022).  Mat\u00edas Sequeira. 2020. Low-hanging Secrets in Docker Hub and a Tool to Catch Them All. https:\/\/ioactive.com\/guest-blog-docker-hub-scanner-matias-sequeira\/. (Accessed on 06\/13\/2022)."},{"key":"e_1_3_2_1_71_1","unstructured":"Shodan. 2013. Shodan. https:\/\/www.shodan.io.  Shodan. 2013. Shodan. https:\/\/www.shodan.io."},{"key":"e_1_3_2_1_72_1","volume-title":"Detecting and Mitigating Secret-Key Leaks in Source Code Repositories","author":"Sinha Vibha","unstructured":"Vibha Sinha , Diptikalyan Saha , 2015. Detecting and Mitigating Secret-Key Leaks in Source Code Repositories . In IEEE\/ACM MSR. Vibha Sinha, Diptikalyan Saha, 2015. Detecting and Mitigating Secret-Key Leaks in Source Code Repositories. In IEEE\/ACM MSR."},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"crossref","unstructured":"Drew Springall Zakir Durumeric 2016. Measuring the Security Harm of TLS Crypto Shortcuts. In ACM IMC.  Drew Springall Zakir Durumeric 2016. Measuring the Security Harm of TLS Crypto Shortcuts. In ACM IMC.","DOI":"10.1145\/2987443.2987480"},{"key":"e_1_3_2_1_74_1","unstructured":"Stack Overflow. 2022. Developer Survey 2021. https:\/\/insights.stackoverflow.com\/survey\/2021. (Accessed on 07\/11\/2022).  Stack Overflow. 2022. Developer Survey 2021. https:\/\/insights.stackoverflow.com\/survey\/2021. (Accessed on 07\/11\/2022)."},{"key":"e_1_3_2_1_75_1","unstructured":"The Linux Foundation. 2022. Kubernetes - Production-Grade Container Orchestration. https:\/\/kubernetes.io\/. (Accessed on 11\/12\/2022).  The Linux Foundation. 2022. Kubernetes - Production-Grade Container Orchestration. https:\/\/kubernetes.io\/. (Accessed on 11\/12\/2022)."},{"key":"e_1_3_2_1_76_1","unstructured":"TruffleSecurity. 2022. TruffleHog. https:\/\/github.com\/trufflesecurity\/trufflehog. (Accessed on 06\/17\/2022).  TruffleSecurity. 2022. TruffleHog. https:\/\/github.com\/trufflesecurity\/trufflehog. (Accessed on 06\/17\/2022)."},{"key":"e_1_3_2_1_77_1","unstructured":"Itamar Turner-Trauring. 21. Don\u2019t leak your Docker image\u2019s build secrets. https:\/\/pythonspeed.com\/articles\/docker-build-secrets\/. (Accessed on 06\/13\/2022).  Itamar Turner-Trauring. 21. Don\u2019t leak your Docker image\u2019s build secrets. https:\/\/pythonspeed.com\/articles\/docker-build-secrets\/. (Accessed on 06\/13\/2022)."},{"key":"e_1_3_2_1_78_1","volume-title":"ACM ARES.","author":"Ueda Takahiro","unstructured":"Takahiro Ueda , Takayuki Sasaki , 2022. An Internet-Wide View of Connected Cars: Discovery of Exposed Automotive Devices . In ACM ARES. New York, NY, USA . Takahiro Ueda, Takayuki Sasaki, 2022. An Internet-Wide View of Connected Cars: Discovery of Exposed Automotive Devices. In ACM ARES. New York, NY, USA."},{"key":"e_1_3_2_1_79_1","volume-title":"ACM EuroSys.","author":"Verma Abhishek","unstructured":"Abhishek Verma , Luis Pedrosa , 2015. Large-Scale Cluster Management at Google with Borg . In ACM EuroSys. New York, NY, USA . Abhishek Verma, Luis Pedrosa, 2015. Large-Scale Cluster Management at Google with Borg. In ACM EuroSys. New York, NY, USA."},{"key":"e_1_3_2_1_80_1","unstructured":"Jinpeng Wei Xiaolan Zhang 2009. Managing Security of Virtual Machine Images in a Cloud Environment. In ACM CCSW.  Jinpeng Wei Xiaolan Zhang 2009. Managing Security of Virtual Machine Images in a Cloud Environment. In ACM CCSW."},{"key":"e_1_3_2_1_81_1","unstructured":"Jonathan\u00a0Codi West and Tyler Moore. 2022. Longitudinal Study of Internet-Facing OpenSSH Update Patterns. In PAM Oliver Hohlfeld Giovane Moura and Cristel Pelsser (Eds.). Cham.  Jonathan\u00a0Codi West and Tyler Moore. 2022. Longitudinal Study of Internet-Facing OpenSSH Update Patterns. In PAM Oliver Hohlfeld Giovane Moura and Cristel Pelsser (Eds.). Cham."},{"key":"e_1_3_2_1_82_1","unstructured":"Jordan Writght. 2014. Why Deleting Sensitive Information from Github Doesn\u2019t Save You. https:\/\/jordan-wright.com\/blog\/2014\/12\/30\/why-deleting-sensitive-information-from-github-doesnt-save-you\/. (Accessed on 06\/13\/2022).  Jordan Writght. 2014. Why Deleting Sensitive Information from Github Doesn\u2019t Save You. https:\/\/jordan-wright.com\/blog\/2014\/12\/30\/why-deleting-sensitive-information-from-github-doesnt-save-you\/. (Accessed on 06\/13\/2022)."},{"key":"e_1_3_2_1_83_1","volume-title":"The Landscape of Industrial Control Systems (ICS) Devices on the Internet","author":"Xu Wei","unstructured":"Wei Xu , Yaodong Tao , 2018. The Landscape of Industrial Control Systems (ICS) Devices on the Internet . In IEEE Cyber SA. Wei Xu, Yaodong Tao, 2018. The Landscape of Industrial Control Systems (ICS) Devices on the Internet. In IEEE Cyber SA."},{"key":"e_1_3_2_1_84_1","volume-title":"Severity Vulnerabilities, and Bugs","author":"Zerouali Ahmed","unstructured":"Ahmed Zerouali , Tom Mens , 2019. On the Relation between Outdated Docker Containers , Severity Vulnerabilities, and Bugs . In IEEE SANER. Ahmed Zerouali, Tom Mens, 2019. On the Relation between Outdated Docker Containers, Severity Vulnerabilities, and Bugs. In IEEE SANER."},{"key":"e_1_3_2_1_85_1","volume-title":"On the usage of JavaScript, Python and Ruby packages in Docker Hub images. Sc. of Comp. Prog. 207","author":"Zerouali Ahmed","year":"2021","unstructured":"Ahmed Zerouali , Tom Mens , 2021. On the usage of JavaScript, Python and Ruby packages in Docker Hub images. Sc. of Comp. Prog. 207 ( 2021 ). Ahmed Zerouali, Tom Mens, 2021. On the usage of JavaScript, Python and Ruby packages in Docker Hub images. Sc. of Comp. Prog. 207 (2021)."},{"key":"e_1_3_2_1_86_1","volume-title":"Large-Scale Analysis of the Docker Hub Dataset","author":"Zhao Nannan","unstructured":"Nannan Zhao , Vasily Tarasov , 2019. Large-Scale Analysis of the Docker Hub Dataset . In IEEE CLUSTER. Nannan Zhao, Vasily Tarasov, 2019. Large-Scale Analysis of the Docker Hub Dataset. In IEEE CLUSTER."},{"key":"e_1_3_2_1_87_1","volume-title":"Slimmer: Weight Loss Secrets for Docker Registries","author":"Zhao Nannan","year":"2019","unstructured":"Nannan Zhao , Vasily Tarasov , 2019 . Slimmer: Weight Loss Secrets for Docker Registries . In IEEE CLOUD. Nannan Zhao, Vasily Tarasov, 2019. Slimmer: Weight Loss Secrets for Docker Registries. In IEEE CLOUD."},{"key":"e_1_3_2_1_88_1","unstructured":"Zeljka Zorz. 2014. 10 000 GitHub users inadvertently reveal their AWS secret access keys. https:\/\/www.helpnetsecurity.com\/2014\/03\/24\/10000-github-users-inadvertently-reveal-their-aws-secret-access-keys\/. (Accessed on 06\/13\/2022).  Zeljka Zorz. 2014. 10 000 GitHub users inadvertently reveal their AWS secret access keys. https:\/\/www.helpnetsecurity.com\/2014\/03\/24\/10000-github-users-inadvertently-reveal-their-aws-secret-access-keys\/. (Accessed on 06\/13\/2022)."}],"event":{"name":"ASIA CCS '23: ACM ASIA Conference on Computer and Communications Security","location":"Melbourne VIC Australia","acronym":"ASIA CCS '23","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3579856.3590329","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T18:08:16Z","timestamp":1750183696000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3579856.3590329"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,7,10]]},"references-count":86,"alternative-id":["10.1145\/3579856.3590329","10.1145\/3579856"],"URL":"https:\/\/doi.org\/10.1145\/3579856.3590329","relation":{},"subject":[],"published":{"date-parts":[[2023,7,10]]},"assertion":[{"value":"2023-07-10","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}