{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,22]],"date-time":"2026-01-22T02:06:39Z","timestamp":1769047599385,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":16,"publisher":"ACM","funder":[{"DOI":"10.13039\/501100000780","name":"European Commission","doi-asserted-by":"publisher","award":["01070141"],"award-info":[{"award-number":["01070141"]}],"id":[{"id":"10.13039\/501100000780","id-type":"DOI","asserted-by":"publisher"}]},{"name":"European Union NextGenerationEU","award":["PE00000018,PE00000014"],"award-info":[{"award-number":["PE00000018,PE00000014"]}]},{"DOI":"10.13039\/501100021856","name":"Ministero dell'Universit\u00e0 e della Ricerca","doi-asserted-by":"publisher","award":["2022LA8XBH"],"award-info":[{"award-number":["2022LA8XBH"]}],"id":[{"id":"10.13039\/501100021856","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,8,25]]},"DOI":"10.1145\/3708821.3735343","type":"proceedings-article","created":{"date-parts":[[2025,8,13]],"date-time":"2025-08-13T06:30:56Z","timestamp":1755066656000},"page":"1800-1802","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["POSTER: Policy-driven security-aware scheduling in Kubernetes"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6459-0810","authenticated-orcid":false,"given":"Matthew","family":"Rossi","sequence":"first","affiliation":[{"name":"Universit\u00e0 degli Studi di Bergamo, Bergamo, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-4026-8589","authenticated-orcid":false,"given":"Michele","family":"Beretta","sequence":"additional","affiliation":[{"name":"Universit\u00e0 degli Studi di Bergamo, Bergamo, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7534-6055","authenticated-orcid":false,"given":"Dario","family":"Facchinetti","sequence":"additional","affiliation":[{"name":"Universit\u00e0 degli Studi di Bergamo, Bergamo, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0399-1738","authenticated-orcid":false,"given":"Stefano","family":"Paraboschi","sequence":"additional","affiliation":[{"name":"Universit\u00e0 degli Studi di Bergamo, Bergamo, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,8,24]]},"reference":[{"key":"e_1_3_3_2_2_2","volume-title":"CNCF Annual Survey","year":"2023","unstructured":"2023. CNCF Annual Survey. https:\/\/cncf.io\/reports\/cncf-annual-survey-2023\/"},{"key":"e_1_3_3_2_3_2","volume-title":"Kubernetes adoption, security, and market trends report","year":"2024","unstructured":"2024. Kubernetes adoption, security, and market trends report. https:\/\/www.redhat.com\/en\/resources\/kubernetes-adoption-security-market-trends-overview"},{"key":"e_1_3_3_2_4_2","volume-title":"Assign Pods to Nodes using Affinity","year":"2025","unstructured":"2025. Assign Pods to Nodes using Affinity. https:\/\/kubernetes.io\/docs\/tasks\/configure-pod-container\/assign-pods-nodes-using-node-affinity\/"},{"key":"e_1_3_3_2_5_2","volume-title":"Assign Pods to Nodes with Node labels","year":"2025","unstructured":"2025. Assign Pods to Nodes with Node labels. https:\/\/kubernetes.io\/docs\/concepts\/scheduling-eviction\/assign-pod-node\/#built-in-node-labels"},{"key":"e_1_3_3_2_6_2","volume-title":"Namespaces | Kubernetes","year":"2025","unstructured":"2025. Namespaces | Kubernetes. https:\/\/kubernetes.io\/docs\/concepts\/overview\/working-with-objects\/namespaces\/"},{"key":"e_1_3_3_2_7_2","volume-title":"OPA Gatekeeper","year":"2025","unstructured":"2025. OPA Gatekeeper. https:\/\/open-policy-agent.github.io\/gatekeeper\/website\/"},{"key":"e_1_3_3_2_8_2","volume-title":"Taints and Tolerations \u2013 Kubernetes","year":"2025","unstructured":"2025. Taints and Tolerations \u2013 Kubernetes. https:\/\/kubernetes.io\/docs\/concepts\/scheduling-eviction\/taint-and-toleration\/"},{"key":"e_1_3_3_2_9_2","doi-asserted-by":"publisher","DOI":"10.1109\/CloudCom59040.2023.00033"},{"key":"e_1_3_3_2_10_2","doi-asserted-by":"publisher","DOI":"10.1145\/3579856.3592831"},{"key":"e_1_3_3_2_11_2","doi-asserted-by":"publisher","DOI":"10.1145\/3607199.3607233"},{"key":"e_1_3_3_2_12_2","volume-title":"NSDI","author":"Agache A.","year":"2020","unstructured":"A. Agache, M. Brooker, A. Iordache, A. Liguori, R. Neugebauer, P. Piwonka, and D. Popa. 2020. Firecracker: Lightweight Virtualization for Serverless Applications. In NSDI."},{"key":"e_1_3_3_2_13_2","unstructured":"M. Czapi\u0144ski and R. Wolafka. 2023. Workload Security Rings. https:\/\/www.usenix.org\/publications\/loginonline\/workload-security-rings"},{"key":"e_1_3_3_2_14_2","volume-title":"ASIACCS","author":"Rossi M.","year":"2025","unstructured":"M. Rossi, M. Beretta, D. Facchinetti, and S. Paraboschi. 2025. POSTER:\u00a0Transparent Temporally-Specialized System Call Filters. In ASIACCS."},{"key":"e_1_3_3_2_15_2","volume-title":"USENIX Security","author":"Sun Y.","year":"2018","unstructured":"Y. Sun, D. Safford, M. Zohar, D. Pendarakis, Z. G., and T. Jaeger. 2018. Security Namespace: Making Linux Security Frameworks Available to Containers. In USENIX Security."},{"key":"e_1_3_3_2_16_2","doi-asserted-by":"publisher","DOI":"10.1145\/2741948.2741964"},{"key":"e_1_3_3_2_17_2","volume-title":"HotCloud","author":"Young E.\u00a0G.","year":"2019","unstructured":"E.\u00a0G. Young, P. Zhu, T. Caraza-Harter, A.\u00a0C. Arpaci-Dusseau, and R.\u00a0H. Arpaci-Dusseau. 2019. The true cost of containing: a gVisor case study. In HotCloud."}],"event":{"name":"ASIA CCS '25: 20th ACM Asia Conference on Computer and Communications Security","location":"Hanoi Vietnam","acronym":"ASIA CCS '25","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 20th ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3708821.3735343","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,13]],"date-time":"2025-08-13T07:27:56Z","timestamp":1755070076000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3708821.3735343"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8,24]]},"references-count":16,"alternative-id":["10.1145\/3708821.3735343","10.1145\/3708821"],"URL":"https:\/\/doi.org\/10.1145\/3708821.3735343","relation":{},"subject":[],"published":{"date-parts":[[2025,8,24]]},"assertion":[{"value":"2025-08-24","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}