{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,4]],"date-time":"2026-02-04T17:19:04Z","timestamp":1770225544552,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":42,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,12,4]],"date-time":"2023-12-04T00:00:00Z","timestamp":1701648000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100006374","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62202465"],"award-info":[{"award-number":["62202465"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Strategic Priority Research Program of Chinese Academy of Sciences","award":["XDC02010900"],"award-info":[{"award-number":["XDC02010900"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,12,4]]},"DOI":"10.1145\/3627106.3627137","type":"proceedings-article","created":{"date-parts":[[2023,12,2]],"date-time":"2023-12-02T18:13:22Z","timestamp":1701540802000},"page":"229-240","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["Log2Policy: An Approach to Generate Fine-Grained Access Control Rules for Microservices from Scratch"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-8141-8183","authenticated-orcid":false,"given":"Shaowen","family":"Xu","sequence":"first","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, China and School of Cyber Security, University of Chinese Academy of Sciences, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8565-1923","authenticated-orcid":false,"given":"Qihang","family":"Zhou","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-7493-6462","authenticated-orcid":false,"given":"Heqing","family":"Huang","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8376-3235","authenticated-orcid":false,"given":"Xiaoqi","family":"Jia","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, China and School of Cyber Security, University of Chinese Academy of Sciences, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2783-3232","authenticated-orcid":false,"given":"Haichao","family":"Du","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-1308-1462","authenticated-orcid":false,"given":"Yang","family":"Chen","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, China and School of Cyber Security, University of Chinese Academy of Sciences, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-2170-7434","authenticated-orcid":false,"given":"Yamin","family":"Xie","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, China"}]}],"member":"320","published-online":{"date-parts":[[2023,12,4]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2022. CVE Feed. https:\/\/kubernetes.io\/docs\/reference\/issues-security."},{"key":"e_1_3_2_1_2_1","unstructured":"2022. EdwinVW\/Pitstop: This Repo Contains a Sample Application Based on a Garage Management System for Pitstop. https:\/\/github.com\/EdwinVW\/pitstop."},{"key":"e_1_3_2_1_3_1","unstructured":"2022. Feature\/Wildcard Matching. https:\/\/github.com\/istio\/istio\/pull\/35641."},{"key":"e_1_3_2_1_4_1","unstructured":"2022. Istio. https:\/\/istio.io\/latest\/."},{"key":"e_1_3_2_1_5_1","unstructured":"2022. Locust.Io. https:\/\/locust.io\/."},{"key":"e_1_3_2_1_6_1","unstructured":"2022. Microservices-Demo. https:\/\/github.com\/GoogleCloudPlatform."},{"key":"e_1_3_2_1_7_1","unstructured":"2022. Microservices-Demo\/Microservices-Demo: Deployment Scripts & Config for Sock Shop. https:\/\/github.com\/microservices-demo\/microservices-demo."},{"key":"e_1_3_2_1_8_1","unstructured":"2022. Production-Grade Container Orchestration. https:\/\/kubernetes.io\/."},{"key":"e_1_3_2_1_9_1","unstructured":"2022. PyTorch. https:\/\/www.pytorch.org."},{"key":"e_1_3_2_1_10_1","unstructured":"2022. Security Bulletins. https:\/\/istio.io\/latest\/news\/security\/."},{"key":"e_1_3_2_1_11_1","unstructured":"2022. Tencent Cloud. https:\/\/cloud.tencent.com\/?fromSource=gwzcw.7287448.7287448.7287448&utm_medium=cpc&utm_id=gwzcw.7287448.7287448.7287448. (Accessed on 05\/10\/2023)."},{"key":"e_1_3_2_1_12_1","unstructured":"2022. Tencent-Cloud-Mesh\/Mesh-Demo: A Demo Helps You Have a Quick Start to Tencent Cloud Mesh. https:\/\/github.com\/Tencent-Cloud-Mesh\/mesh-demo."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"crossref","unstructured":"Manar A Hassan T and Eduardo B. 2018. A Deep Learning Approach for Extracting Attributes of ABAC Policies. In the 23nd SACMAT. 137\u2013148.","DOI":"10.1145\/3205977.3205984"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2004.4798290"},{"key":"e_1_3_2_1_15_1","unstructured":"Lars Buitinck and Gilles Louppe. 2013. API Design for Machine Learning Software: Experiences from the Scikit-Learn Project."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/2408776.2408795"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3318216.3363375"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"crossref","unstructured":"Carlos Cotrini Thilo Weghorn and David Basin. 2018. Mining ABAC Rules from Sparse Logs. In 2018 EuroS&P. 31\u201346.","DOI":"10.1109\/EuroSP.2018.00011"},{"key":"e_1_3_2_1_19_1","unstructured":"Martin Ester Kriegel 1996. A density-based algorithm for discovering clusters in large spatial databases with noise.. In kdd Vol.\u00a096. 226\u2013231."},{"key":"e_1_3_2_1_20_1","volume-title":"Confine: Automated system call policy generation for container attack surface reduction. In 2020 RAID.","author":"Seyedhamed","year":"2020","unstructured":"Seyedhamed G, Tapti P, Azzedine B, 2020. Confine: Automated system call policy generation for container attack surface reduction. In 2020 RAID."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"crossref","unstructured":"Yunlong Guo Aimin Yu Xiaoli Gong Lixin Zhao Lijun Cai and Dan Meng. 2019. Building trust in container environment. In 2019 TrustCom. 1\u20139.","DOI":"10.1109\/TrustCom\/BigDataSE.2019.00011"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"crossref","unstructured":"Shohreh H Samuel L and Ville L. 2016. Security in container-based virtualization through vTPM. In In the 9th IEEE\/ACM UCC. 214\u2013219.","DOI":"10.1145\/2996890.3009903"},{"key":"e_1_3_2_1_23_1","unstructured":"Vincent\u00a0C. Hu David Ferraiolo Rick Kuhn 2014. Guide to Attribute Based Access Control (ABAC) Definition and Considerations. Technical Report."},{"key":"e_1_3_2_1_24_1","unstructured":"Viktor Jovanoski and Nada Lavra\u010d. 2001. Classification rule learning with APRIORI-C. In Progress in Artificial Intelligence: Knowledge Extraction Multi-agent Systems Logic Programming and Constraint Solving 10th Portuguese Conference on Artificial Intelligence EPIA 2001 Porto Portugal December 17\u201320 2001 Proceedings 10. Springer 44\u201351."},{"key":"e_1_3_2_1_25_1","volume-title":"An Automatic Attribute-Based Access Control Policy Extraction From Access Logs","author":"Leila","year":"2022","unstructured":"Leila K, Maryam A, James J, 2022. An Automatic Attribute-Based Access Control Policy Extraction From Access Logs. IEEE TDSC (2022)."},{"key":"e_1_3_2_1_26_1","volume-title":"An Unsupervised Learning Based Approach for Mining Attribute Based Access Control Policies. In 2018 IEEE International Conference on Big Data. 1427\u20131436","author":"Karimi Leila","year":"2018","unstructured":"Leila Karimi and James Joshi. 2018. An Unsupervised Learning Based Approach for Mining Attribute Based Access Control Policies. In 2018 IEEE International Conference on Big Data. 1427\u20131436."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.is.2020.101494"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/SOSE.2019.00026"},{"key":"e_1_3_2_1_29_1","unstructured":"Xing Li Yan Chen Zhiqiang Lin 2021. Automatic Policy Generation for Inter-Service Access Control of Microservices. (2021) 19."},{"key":"e_1_3_2_1_30_1","unstructured":"Shang-Pin Ma Chen-Yuan Fan Yen Chuang 2018. Using Service Dependency Graph to Analyze and Test Microservices. In 2018 IEEE COMPSAC. 81\u201386."},{"key":"e_1_3_2_1_31_1","unstructured":"Tomas Mikolov Kai Chen Greg Corrado and Jeffrey Dean. 2013. Efficient Estimation of Word Representations in Vector Space."},{"key":"e_1_3_2_1_32_1","unstructured":"Tomas Mikolov Ilya Sutskever Kai Chen Greg Corrado and Jeffrey Dean. 2013. Distributed Representations of Words and Phrases and Their Compositionality."},{"key":"e_1_3_2_1_33_1","volume-title":"Scikit-learn: Machine learning in Python. the JMLR 12","author":"Pedregosa Fabian","year":"2011","unstructured":"Fabian Pedregosa, Ga\u00ebl Varoquaux, Alexandre Gramfort, 2011. Scikit-learn: Machine learning in Python. the JMLR 12 (2011), 2825\u20132830."},{"key":"e_1_3_2_1_34_1","unstructured":"4\u00a0Minute Read. [n. d.]. Performance and Scalability. https:\/\/istio.io\/latest\/docs\/ops\/deployment\/performance-and-scalability\/."},{"key":"e_1_3_2_1_35_1","unstructured":"Chris Richardson. 2019. Microservice Patterns. Manning Publications New York NY."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866423.1866433"},{"key":"e_1_3_2_1_37_1","volume-title":"DBSCAN Revisited","author":"Schubert Erich","year":"2017","unstructured":"Erich Schubert, J\u00f6rg Sander, Martin Ester, 2017. DBSCAN Revisited, Revisited: Why and How You Should (Still) Use DBSCAN. ACM TDS (2017)."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"crossref","unstructured":"Murugiah Souppaya John Morello and Karen Scarfone. 2017. Application container security guide. Technical Report. National Institute of Standards and Technology.","DOI":"10.6028\/NIST.SP.800-190"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2020.107275"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363191"},{"key":"e_1_3_2_1_41_1","volume-title":"the 20th FSE. 1.","author":"Xiao Xusheng","unstructured":"Xusheng Xiao, Amit Paradkar, Suresh Thummalapenta, and Tao Xie. 2012. Automated Extraction of Security Policies from Natural-Language Software Documents. In In the 20th FSE. 1."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2014.2369048"}],"event":{"name":"ACSAC '23: Annual Computer Security Applications Conference","location":"Austin TX USA","acronym":"ACSAC '23"},"container-title":["Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3627106.3627137","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3627106.3627137","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T17:39:42Z","timestamp":1755884382000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3627106.3627137"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,12,4]]},"references-count":42,"alternative-id":["10.1145\/3627106.3627137","10.1145\/3627106"],"URL":"https:\/\/doi.org\/10.1145\/3627106.3627137","relation":{},"subject":[],"published":{"date-parts":[[2023,12,4]]},"assertion":[{"value":"2023-12-04","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}