{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:10:26Z","timestamp":1750219826331,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":25,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,8,24]],"date-time":"2023-08-24T00:00:00Z","timestamp":1692835200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001691","name":"Japan Society for the Promotion of Science","doi-asserted-by":"publisher","award":["JP21K11832"],"award-info":[{"award-number":["JP21K11832"]}],"id":[{"id":"10.13039\/501100001691","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,8,24]]},"DOI":"10.1145\/3609510.3609820","type":"proceedings-article","created":{"date-parts":[[2023,7,31]],"date-time":"2023-07-31T16:08:44Z","timestamp":1690819724000},"page":"58-64","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Reducing Attack Surface with Container Transplantation for Lightweight Sandboxing"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0000-7381-7589","authenticated-orcid":false,"given":"Yuki","family":"Nakata","sequence":"first","affiliation":[{"name":"SAKURA internet Inc., Hokkaido, Japan"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-5665-5246","authenticated-orcid":false,"given":"Shintaro","family":"Suzuki","sequence":"additional","affiliation":[{"name":"Future University Hakodate, Hokkaido, Japan"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6034-3406","authenticated-orcid":false,"given":"Katsuya","family":"Matsubara","sequence":"additional","affiliation":[{"name":"Future University Hakodate, Hokkaido, Japan"}]}],"member":"320","published-online":{"date-parts":[[2023,8,24]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Towards oblivious sandboxing with Capsicum. FreeBSD Journal","author":"Anderson Jonathan","year":"2017","unstructured":"Jonathan Anderson , Stanley Godfrey , and Robert NM Watson . 2017. Towards oblivious sandboxing with Capsicum. FreeBSD Journal ( 2017 ). Jonathan Anderson, Stanley Godfrey, and Robert NM Watson. 2017. Towards oblivious sandboxing with Capsicum. FreeBSD Journal (2017)."},{"key":"e_1_3_2_1_2_1","volume-title":"Proceedings of the 2020 6th International Workshop on Container Technologies and Container Clouds","author":"de Velp Guillaume Everarts","year":"2021","unstructured":"Guillaume Everarts de Velp , Etienne Rivi\u00e8re , and Ramin Sadre . 2021 . Understanding the Performance of Container Execution Environments . In Proceedings of the 2020 6th International Workshop on Container Technologies and Container Clouds ( Delft, Netherlands) (WOC'20). Association for Computing Machinery, New York, NY, USA, 37--42. https:\/\/doi.org\/10.1145\/3429885.3429967 10.1145\/3429885.3429967 Guillaume Everarts de Velp, Etienne Rivi\u00e8re, and Ramin Sadre. 2021. Understanding the Performance of Container Execution Environments. In Proceedings of the 2020 6th International Workshop on Container Technologies and Container Clouds (Delft, Netherlands) (WOC'20). Association for Computing Machinery, New York, NY, USA, 37--42. https:\/\/doi.org\/10.1145\/3429885.3429967"},{"key":"e_1_3_2_1_3_1","unstructured":"Open Infrastructure Foundation. [n. d.]. Kata Containers - Open Source Container Runtime Software. https:\/\/katacontainers.io\/ (Accessed on 2023\/07\/16).  Open Infrastructure Foundation. [n. d.]. Kata Containers - Open Source Container Runtime Software. https:\/\/katacontainers.io\/ (Accessed on 2023\/07\/16)."},{"key":"e_1_3_2_1_4_1","volume-title":"ContainerLeaks: Emerging Security Threats of Information Leakages in Container Clouds. In 2017 47th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN). 237--248","author":"Gao X.","year":"2017","unstructured":"X. Gao , Z. Gu , M. Kayaalp , D. Pendarakis , and H. Wang . 2017 . ContainerLeaks: Emerging Security Threats of Information Leakages in Container Clouds. In 2017 47th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN). 237--248 . https:\/\/doi.org\/10.1109\/DSN. 2017 .49 10.1109\/DSN.2017.49 X. Gao, Z. Gu, M. Kayaalp, D. Pendarakis, and H. Wang. 2017. ContainerLeaks: Emerging Security Threats of Information Leakages in Container Clouds. In 2017 47th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN). 237--248. https:\/\/doi.org\/10.1109\/DSN.2017.49"},{"key":"e_1_3_2_1_5_1","unstructured":"The gVisor Authors. 2021. gVisor. https:\/\/gvisor.dev\/ (Accessed on 2023\/07\/16).  The gVisor Authors. 2021. gVisor. https:\/\/gvisor.dev\/ (Accessed on 2023\/07\/16)."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/3447786.3456248"},{"key":"e_1_3_2_1_7_1","unstructured":"Henry M. Levy. 1984. Capability-Based Computer Systems. Butterworth-Heinemann USA.  Henry M. Levy. 1984. Capability-Based Computer Systems. Butterworth-Heinemann USA."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274720"},{"key":"e_1_3_2_1_9_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Lipp Moritz","year":"2018","unstructured":"Moritz Lipp , Michael Schwarz , Daniel Gruss , Thomas Prescher , Werner Haas , Anders Fogh , Jann Horn , Stefan Mangard , Paul Kocher , Daniel Genkin , Yuval Yarom , and Mike Hamburg . 2018 . Meltdown: Reading Kernel Memory from User Space . In 27th USENIX Security Symposium (USENIX Security 18) . USENIX Association, Baltimore, MD, 973--990. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/lipp Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown: Reading Kernel Memory from User Space. In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, Baltimore, MD, 973--990. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/lipp"},{"key":"e_1_3_2_1_10_1","unstructured":"Google LLC. [n. d.]. Cloud Functions --- Google Cloud. https:\/\/cloud.google.com\/functions (Accessed on 2023\/07\/16).  Google LLC. [n. d.]. Cloud Functions --- Google Cloud. https:\/\/cloud.google.com\/functions (Accessed on 2023\/07\/16)."},{"key":"#cr-split#-e_1_3_2_1_11_1.1","doi-asserted-by":"crossref","unstructured":"Katsuya Matsubara and Yuhei Takagawa. 2020. Adaptive OS Switching for Improving Availability During Web Traffic Surges: A Feasibility Study. In 2020 IEEE 44th Annual Computers Software and Applications Conference (COMPSAC). 1176--1182. https:\/\/doi.org\/10.1109\/COMPSAC48688.2020.00-97 10.1109\/COMPSAC48688.2020.00-97","DOI":"10.1109\/COMPSAC48688.2020.00-97"},{"key":"#cr-split#-e_1_3_2_1_11_1.2","doi-asserted-by":"crossref","unstructured":"Katsuya Matsubara and Yuhei Takagawa. 2020. Adaptive OS Switching for Improving Availability During Web Traffic Surges: A Feasibility Study. In 2020 IEEE 44th Annual Computers Software and Applications Conference (COMPSAC). 1176--1182. https:\/\/doi.org\/10.1109\/COMPSAC48688.2020.00-97","DOI":"10.1109\/COMPSAC48688.2020.00-97"},{"key":"e_1_3_2_1_12_1","volume-title":"Docker: Lightweight Linux Containers for Consistent Development and Deployment. Linux J.","author":"Merkel Dirk","year":"2014","unstructured":"Dirk Merkel . 2014 . Docker: Lightweight Linux Containers for Consistent Development and Deployment. Linux J. 2014, 239, Article 2 (March 2014). Dirk Merkel. 2014. Docker: Lightweight Linux Containers for Consistent Development and Deployment. Linux J. 2014, 239, Article 2 (March 2014)."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3447786.3456235"},{"key":"e_1_3_2_1_14_1","volume-title":"9th RoEduNet IEEE International Conference. 328--333","author":"Purdila Octavian","year":"2010","unstructured":"Octavian Purdila , Lucian Adrian Grijincu , and Nicolae Tapus . 2010 . LKL: The Linux kernel library . In 9th RoEduNet IEEE International Conference. 328--333 . Octavian Purdila, Lucian Adrian Grijincu, and Nicolae Tapus. 2010. LKL: The Linux kernel library. In 9th RoEduNet IEEE International Conference. 328--333."},{"key":"e_1_3_2_1_15_1","unstructured":"Inc. Salesforce.com. [n. d.]. Cloud Application Platform --- Heroku. https:\/\/www.heroku.com\/ (Accessed on 2023\/07\/16).  Inc. Salesforce.com. [n. d.]. Cloud Application Platform --- Heroku. https:\/\/www.heroku.com\/ (Accessed on 2023\/07\/16)."},{"key":"e_1_3_2_1_16_1","unstructured":"Computer security research at Memorial University. [n. d.]. musec\/libpreopen: Library for wrapping libc functions that require ambient authority. https:\/\/github.com\/musec\/libpreopen (Accessed on 2023\/07\/16).  Computer security research at Memorial University. [n. d.]. musec\/libpreopen: Library for wrapping libc functions that require ambient authority. https:\/\/github.com\/musec\/libpreopen (Accessed on 2023\/07\/16)."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3297858.3304016"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2911732"},{"key":"e_1_3_2_1_19_1","volume-title":"AsiaBSDCon 2019 Proceedings","author":"Takagawa Yuhei","year":"2019","unstructured":"Yuhei Takagawa and Katsuya Matsubara . 2019 . Yet another container migration on FreeBSD . AsiaBSDCon 2019 Proceedings (2019), 97--102. Yuhei Takagawa and Katsuya Matsubara. 2019. Yet another container migration on FreeBSD. AsiaBSDCon 2019 Proceedings (2019), 97--102."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3453933.3454011"},{"key":"#cr-split#-e_1_3_2_1_21_1.1","doi-asserted-by":"crossref","unstructured":"William Viktorsson Cristian Klein and Johan Tordsson. 2020. Security-Performance Trade-offs of Kubernetes Container Runtimes. In 2020 28th International Symposium on Modeling Analysis and Simulation of Computer and Telecommunication Systems (MASCOTS). 1--4. https:\/\/doi.org\/10.1109\/MASCOTS50786.2020.9285946 10.1109\/MASCOTS50786.2020.9285946","DOI":"10.1109\/MASCOTS50786.2020.9285946"},{"key":"#cr-split#-e_1_3_2_1_21_1.2","doi-asserted-by":"crossref","unstructured":"William Viktorsson Cristian Klein and Johan Tordsson. 2020. Security-Performance Trade-offs of Kubernetes Container Runtimes. In 2020 28th International Symposium on Modeling Analysis and Simulation of Computer and Telecommunication Systems (MASCOTS). 1--4. https:\/\/doi.org\/10.1109\/MASCOTS50786.2020.9285946","DOI":"10.1109\/MASCOTS50786.2020.9285946"},{"key":"e_1_3_2_1_22_1","volume-title":"Proceedings of the 19th USENIX Security Symposium. http:\/\/www.cl.cam.ac.uk\/research\/security\/capsicum\/papers\/2010usenix-security-capsicum-website.pdf","author":"Watson Robert N. M.","year":"2010","unstructured":"Robert N. M. Watson , Jonathan Anderson , Ben Laurie , and Kris Kennaway . 2010 . Capsicum: practical capabilities for UNIX . In Proceedings of the 19th USENIX Security Symposium. http:\/\/www.cl.cam.ac.uk\/research\/security\/capsicum\/papers\/2010usenix-security-capsicum-website.pdf Robert N. M. Watson, Jonathan Anderson, Ben Laurie, and Kris Kennaway. 2010. Capsicum: practical capabilities for UNIX. In Proceedings of the 19th USENIX Security Symposium. http:\/\/www.cl.cam.ac.uk\/research\/security\/capsicum\/papers\/2010usenix-security-capsicum-website.pdf"},{"volume-title":"11th USENIX Workshop on Hot Topics in Cloud Computing (Hot-Cloud 19)","author":"Young Ethan G.","key":"e_1_3_2_1_23_1","unstructured":"Ethan G. Young , Pengfei Zhu , Tyler Caraza-Harter , Andrea C. Arpaci-Dusseau , and Remzi H . Arpaci-Dusseau. 2019. The True Cost of Containing: A gVisor Case Study . In 11th USENIX Workshop on Hot Topics in Cloud Computing (Hot-Cloud 19) . USENIX Association, Renton, WA. Ethan G. Young, Pengfei Zhu, Tyler Caraza-Harter, Andrea C. Arpaci-Dusseau, and Remzi H. Arpaci-Dusseau. 2019. The True Cost of Containing: A gVisor Case Study. In 11th USENIX Workshop on Hot Topics in Cloud Computing (Hot-Cloud 19). USENIX Association, Renton, WA."}],"event":{"name":"APSys '23: 14th ACM SIGOPS Asia-Pacific Workshop on Systems","sponsor":["SIGOPS ACM Special Interest Group on Operating Systems"],"location":"Seoul Republic of Korea","acronym":"APSys '23"},"container-title":["Proceedings of the 14th ACM SIGOPS Asia-Pacific Workshop on Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3609510.3609820","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3609510.3609820","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:46:25Z","timestamp":1750178785000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3609510.3609820"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,8,24]]},"references-count":25,"alternative-id":["10.1145\/3609510.3609820","10.1145\/3609510"],"URL":"https:\/\/doi.org\/10.1145\/3609510.3609820","relation":{},"subject":[],"published":{"date-parts":[[2023,8,24]]},"assertion":[{"value":"2023-08-24","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}