{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,27]],"date-time":"2025-10-27T13:01:26Z","timestamp":1761570086630,"version":"build-2065373602"},"publisher-location":"New York, NY, USA","reference-count":53,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,6,20]]},"DOI":"10.1145\/3755881.3755916","type":"proceedings-article","created":{"date-parts":[[2025,10,27]],"date-time":"2025-10-27T11:46:17Z","timestamp":1761565577000},"page":"245-257","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["MicroGuard:Non-Intrusive Dynamic Analysis for Inter-Service Access Control of Microservices"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0002-1204-7263","authenticated-orcid":false,"given":"Haoming","family":"Luo","sequence":"first","affiliation":[{"name":"School of Computer Science and Engineering, Sun Yat-sen University, Guangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-4568-1076","authenticated-orcid":false,"given":"Wanqi","family":"Yang","sequence":"additional","affiliation":[{"name":"Sun Yet-sen University, Guangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0972-6900","authenticated-orcid":false,"given":"Pengfei","family":"Chen","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, Sun Yat-sen University, Guangzhou, China"}]}],"member":"320","published-online":{"date-parts":[[2025,10,27]]},"reference":[{"key":"e_1_3_3_1_2_2","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3623113"},{"key":"e_1_3_3_1_3_2","doi-asserted-by":"publisher","DOI":"10.1109\/SOCA.2016.15"},{"key":"e_1_3_3_1_4_2","unstructured":"Armin Balalaie Abbas Heydarnoori and Pooyan Jamshidi. 2015. Migrating to Cloud-Native Architectures Using Microservices: An Experience Report. arxiv:https:\/\/arXiv.org\/abs\/1507.08217\u00a0[cs.SE] https:\/\/arxiv.org\/abs\/1507.08217"},{"key":"e_1_3_3_1_5_2","unstructured":"T. Berners-Lee R. Fielding and L. Masinter. [n. d.]. Uniform Resource Identifiers (URI): Generic Syntax. https:\/\/www.rfc-editor.org\/rfc\/rfc2396. Accessed on 2025-2-11."},{"key":"e_1_3_3_1_6_2","doi-asserted-by":"publisher","DOI":"10.1145\/3578357.3589454"},{"key":"e_1_3_3_1_7_2","unstructured":"Carl Bystr\u00f6m Jonatan Heyman Joakim Hamr\u00e9n and Hugo Heyman. [n. d.]. Locust - a modern load testing framework. https:\/\/locust.io. Accessed on 2025-02-10.."},{"key":"e_1_3_3_1_8_2","doi-asserted-by":"crossref","unstructured":"Ramaswamy Chandramouli Zack Butcher Aradhna Chetal et\u00a0al. 2021. Attribute-based access control for microservices-based applications using a service mesh. NIST Special Publication 800 (2021) 41.","DOI":"10.6028\/NIST.SP.800-204B"},{"key":"e_1_3_3_1_9_2","doi-asserted-by":"publisher","unstructured":"Shuiguang Deng Hailiang Zhao Binbin Huang Cheng Zhang Feiyi Chen Yinuo Deng Jianwei Yin Schahram Dustdar and Albert\u00a0Y. Zomaya. 2024. Cloud-Native Computing: A Survey From the Perspective of Services. Proc. IEEE 112 1 (2024) 12\u201346. 10.1109\/JPROC.2024.3353855","DOI":"10.1109\/JPROC.2024.3353855"},{"key":"e_1_3_3_1_10_2","first-page":"4171","volume-title":"Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Volume 1 (Long and Short Papers)","author":"Devlin Jacob","year":"2019","unstructured":"Jacob Devlin, Ming-Wei Chang, Kenton Lee, and Kristina Toutanova. 2019. BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding. In Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Volume 1 (Long and Short Papers). 4171\u20134186."},{"key":"e_1_3_3_1_11_2","doi-asserted-by":"publisher","unstructured":"Mario Dudjak and Goran Martinovic. 2020. An API-first methodology for designing a microservice-based Backend as a Service platform. Inf. Technol. Control. 49 2 (2020) 206\u2013223. 10.5755\/J01.ITC.49.2.23757","DOI":"10.5755\/J01.ITC.49.2.23757"},{"key":"e_1_3_3_1_12_2","unstructured":"EdwinVW. [n. d.]. Pitstop: Garage management application. https:\/\/github.com\/EdwinVW\/pitstop\/. Accessed on 2025-02-10.."},{"key":"e_1_3_3_1_13_2","doi-asserted-by":"publisher","unstructured":"Adeel Ehsan Mohammed Ahmad M.\u00a0E. Abuhaliqa Cagatay Catal and Deepti Mishra. 2022. RESTful API Testing Methodologies: Rationale Challenges and Solution Directions. Applied Sciences 12 9 (2022). 10.3390\/app12094369","DOI":"10.3390\/app12094369"},{"key":"e_1_3_3_1_14_2","unstructured":"R. Fielding J. Gettys J. Mogul H. Frystyk L. Masinter P. Leach and T. Berners-Lee. [n. d.]. Hypertext Transfer Protocol \u2013 HTTP\/1.1. https:\/\/www.rfc-editor.org\/rfc\/rfc2616. Accessed on 2025-2-11."},{"key":"e_1_3_3_1_15_2","doi-asserted-by":"crossref","unstructured":"William Findlay Anil Somayaji and David Barrera. 2020. bpfbox: Simple Precise Process Confinement with eBPF. Proceedings of the 2020 ACM SIGSAC Conference on Cloud Computing Security Workshop (2020). https:\/\/api.semanticscholar.org\/CorpusID:223076582","DOI":"10.1145\/3411495.3421358"},{"key":"e_1_3_3_1_16_2","unstructured":"The Cloud Native\u00a0Computing Foundation. [n. d.]. Cloud Native Computing Foundation Annual Survey 2022. https:\/\/www.cncf.io\/reports\/cncf-annual-survey-2022\/. Accessed on 2025-2-11."},{"key":"e_1_3_3_1_17_2","doi-asserted-by":"publisher","unstructured":"Dennis Gannon Roger Barga and Neel Sundaresan. 2017. Cloud-Native Applications. IEEE Cloud Computing 4 5 (2017) 16\u201321. 10.1109\/MCC.2017.4250939","DOI":"10.1109\/MCC.2017.4250939"},{"key":"e_1_3_3_1_18_2","first-page":"443","volume-title":"23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020)","author":"Ghavamnia Seyedhamed","year":"2020","unstructured":"Seyedhamed Ghavamnia, Tapti Palit, Azzedine Benameur, and Michalis Polychronakis. 2020. Confine: Automated System Call Policy Generation for Container Attack Surface Reduction. In 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020). USENIX Association, San Sebastian, 443\u2013458. https:\/\/www.usenix.org\/conference\/raid2020\/presentation\/ghavanmnia"},{"key":"e_1_3_3_1_19_2","unstructured":"Jeremy H. [n. d.]. 4 Microservices Examples: Amazon Netflix Uber and Etsy. https:\/\/blog.dreamfactory.com\/microservices-examples. Accessed on 2025-02-17."},{"key":"e_1_3_3_1_20_2","doi-asserted-by":"publisher","DOI":"10.1109\/SEAA53835.2021.00030"},{"key":"e_1_3_3_1_21_2","unstructured":"Istio. [n. d.]. Istio: Connect secure control and observe services. https:\/\/istio.io\/. Accessed on 2025-2-11."},{"key":"e_1_3_3_1_22_2","unstructured":"Rupesh Jaiswal Shivani Pande Atharva Agashe and Girish Potdar. 2023. MICROSERVICES IN CLOUD NATIVE DEVELOPMENT OF APPLICATION. 10 (06 2023) d170\u2013d183."},{"key":"e_1_3_3_1_23_2","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/P19-1356"},{"key":"e_1_3_3_1_24_2","unstructured":"KyleBing. [n. d.]. english-vocabulary. https:\/\/github.com\/KyleBing\/english-vocabulary\/tree\/master. Accessed on 2025-02-10.."},{"key":"e_1_3_3_1_25_2","doi-asserted-by":"publisher","DOI":"10.1145\/1809100.1809102"},{"key":"e_1_3_3_1_26_2","doi-asserted-by":"publisher","DOI":"10.1109\/CloudCom.2010.13"},{"key":"e_1_3_3_1_27_2","first-page":"3971","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Li Xing","year":"2021","unstructured":"Xing Li, Yan Chen, Zhiqiang Lin, Xiao Wang, and Jim\u00a0Hao Chen. 2021. Automatic Policy Generation for Inter-Service Access Control of Microservices. In 30th USENIX Security Symposium (USENIX Security 21). 3971\u20133988."},{"key":"e_1_3_3_1_28_2","doi-asserted-by":"publisher","DOI":"10.1109\/QRS-C51114.2020.00107"},{"key":"e_1_3_3_1_29_2","unstructured":"Benedict Michael and Charanya Vinu. [n. d.]. How we built a metering and chargeback system to incentivize higher resource utilization of twitter infrastructure. http:\/\/bit.ly\/3aETlqs. Accessed on 2020-01-20."},{"key":"e_1_3_3_1_30_2","unstructured":"Meghna Pancholi Andreas\u00a0D. Kellas Vasileios\u00a0P. Kemerlis and Simha Sethumadhavan. 2022. Timeloops: Automatic System Call Policy Learning for Containerized Microservices. arxiv:https:\/\/arXiv.org\/abs\/2204.06131\u00a0[cs.CR] https:\/\/arxiv.org\/abs\/2204.06131"},{"key":"e_1_3_3_1_31_2","doi-asserted-by":"crossref","unstructured":"Gustavo Pantuza Marcos Augusto\u00a0M. Vieira and Luiz Filipe\u00a0M. Vieira. 2021. eQUIC Gateway: Maximizing QUIC Throughput using a Gateway Service based on eBPF + XDP. 2021 IEEE Symposium on Computers and Communications (ISCC) (2021) 1\u20136. https:\/\/api.semanticscholar.org\/CorpusID:245147055","DOI":"10.1109\/ISCC53001.2021.9631262"},{"key":"e_1_3_3_1_32_2","unstructured":"Prometheus. [n. d.]. Prometheus. https:\/\/prometheus.io. Accessed on 2025-02-10.."},{"key":"e_1_3_3_1_33_2","doi-asserted-by":"publisher","unstructured":"Jing Qiu Zhihong Tian Chunlai Du Qi Zuo Shen Su and Binxing Fang. 2020. A Survey on Access Control in the Age of Internet of Things. IEEE Internet of Things Journal 7 6 (2020) 4682\u20134696. 10.1109\/JIOT.2020.2969326","DOI":"10.1109\/JIOT.2020.2969326"},{"key":"e_1_3_3_1_34_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICITEICS61368.2024.10625280"},{"key":"e_1_3_3_1_35_2","doi-asserted-by":"publisher","DOI":"10.1145\/1866423.1866433"},{"key":"e_1_3_3_1_36_2","doi-asserted-by":"publisher","DOI":"10.1109\/UEMCON51285.2020.9298138"},{"key":"e_1_3_3_1_37_2","doi-asserted-by":"publisher","DOI":"10.1109\/CCAA.2017.8229914"},{"key":"e_1_3_3_1_38_2","doi-asserted-by":"crossref","unstructured":"Pradeepa T and Crs Kumar. 2021. Building cloud native application \u2014 analysis for multi-component application deployment. 2021 International Conference on Computer Communication and Informatics (ICCCI) (2021) 1\u20136. https:\/\/api.semanticscholar.org\/CorpusID:233331592","DOI":"10.1109\/ICCCI50826.2021.9402422"},{"key":"e_1_3_3_1_39_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-94289-68"},{"key":"e_1_3_3_1_40_2","doi-asserted-by":"crossref","unstructured":"Ian Tenney Dipanjan Das and Ellie Pavlick. 2019. BERT rediscovers the classical NLP pipeline. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/1905.05950 (2019).","DOI":"10.18653\/v1\/P19-1452"},{"key":"e_1_3_3_1_41_2","unstructured":"The Cloud Native Computing Foundation. [n. d.]. Cloud Native Computing Foundation Annual Survey 2023. https:\/\/www.cncf.io\/reports\/cncf-annual-survey-2023\/. Accessed on 2025-2-11."},{"key":"e_1_3_3_1_42_2","unstructured":"The eBPF Foundation. [n. d.]. eBPF: Dynamically program the kernel for efficient networking observability tracing and security. https:\/\/ebpf.io\/. Accessed on 2025-2-11."},{"key":"e_1_3_3_1_43_2","unstructured":"The Linux Foundation. [n. d.]. Production-Grade Container Orchestration Kubernetes. https:\/\/kubernetes.io\/. Accessed on 2025-2-11."},{"key":"e_1_3_3_1_44_2","doi-asserted-by":"publisher","unstructured":"Theodoros Theodoropoulos Luis Rosa Chafika Benzaid Peter Gray Eduard Marin Antonios Makris Luis Cordeiro Ferran Diego Pavel Sorokin Marco\u00a0Di Girolamo Paolo Barone Tarik Taleb and Konstantinos Tserpes. 2023. Security in Cloud-Native Services: A Survey. Journal of Cybersecurity and Privacy 3 4 (2023) 758\u2013793. 10.3390\/jcp3040034","DOI":"10.3390\/jcp3040034"},{"key":"e_1_3_3_1_45_2","doi-asserted-by":"publisher","unstructured":"Theodoros Theodoropoulos Luis Rosa Chafika Benzaid Peter Gray Eduard Marin Antonios Makris Luis Cordeiro Ferran Diego Pavel Sorokin Marco\u00a0Di Girolamo Paolo Barone Tarik Taleb and Konstantinos Tserpes. 2023. Security in Cloud-Native Services: A Survey. Journal of Cybersecurity and Privacy 3 4 (2023) 758\u2013793. 10.3390\/jcp3040034","DOI":"10.3390\/jcp3040034"},{"key":"e_1_3_3_1_46_2","doi-asserted-by":"crossref","unstructured":"Ruben Verborgh Seth van Hooland Aaron\u00a0Straup Cope Sebastian Chan Erik Mannens and Rik\u00a0Van de Walle. 2015. The fallacy of the multi-API culture: Conceptual and practical benefits of Representational State Transfer (REST). J. Documentation 71 (2015) 233\u2013252. https:\/\/api.semanticscholar.org\/CorpusID:42827950","DOI":"10.1108\/JD-07-2013-0098"},{"key":"e_1_3_3_1_47_2","doi-asserted-by":"crossref","unstructured":"Marcos\u00a0AM Vieira Matheus\u00a0S Castanho Racyus\u00a0DG Pac\u00edfico Elerson\u00a0RS Santos Eduardo PM\u00a0C\u00e2mara J\u00fanior and Luiz\u00a0FM Vieira. 2020. Fast packet processing with ebpf and xdp: Concepts code challenges and applications. ACM Computing Surveys (CSUR) 53 1 (2020) 1\u201336.","DOI":"10.1145\/3371038"},{"key":"e_1_3_3_1_48_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICCSE.2016.7581711"},{"key":"e_1_3_3_1_49_2","unstructured":"Weaveworks. [n. d.]. Microservices demo: Sock shop. https:\/\/github.com\/microservices-demo\/microservices-demo\/. Accessed on 2025-02-10.."},{"key":"e_1_3_3_1_50_2","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363191"},{"key":"e_1_3_3_1_51_2","doi-asserted-by":"publisher","DOI":"10.1145\/2393596.2393608"},{"key":"e_1_3_3_1_52_2","doi-asserted-by":"publisher","unstructured":"Dongjin Yu Yike Jin Yuqun Zhang and Xi Zheng. 2019. A survey on security issues in services communication of Microservices-enabled fog applications. Concurrency Computation 31 22 (25 Nov. 2019) 1\u201319. 10.1002\/cpe.4436","DOI":"10.1002\/cpe.4436"},{"key":"e_1_3_3_1_53_2","doi-asserted-by":"publisher","unstructured":"Le Yu Tao Zhang Xiapu Luo Lei Xue and Henry Chang. 2017. Toward Automatically Generating Privacy Policy for Android Apps. IEEE Transactions on Information Forensics and Security 12 4 (2017) 865\u2013880. 10.1109\/TIFS.2016.2639339","DOI":"10.1109\/TIFS.2016.2639339"},{"key":"e_1_3_3_1_54_2","unstructured":"Wen Zhang Eric Sheng Michael Chang Aurojit Panda Mooly Sagiv and Scott Shenker. 2022. Blockaid: Data Access Policy Enforcement for Web Applications. arxiv:https:\/\/arXiv.org\/abs\/2205.06911\u00a0[cs.DB] https:\/\/arxiv.org\/abs\/2205.06911"}],"event":{"name":"Internetware 2025: the 16th International Conference on Internetware","sponsor":["SIGSOFT ACM Special Interest Group on Artificial Intelligence"],"location":"Trondheim Norway","acronym":"Internetware 2025"},"container-title":["Proceedings of the 16th International Conference on Internetware"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3755881.3755916","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,27]],"date-time":"2025-10-27T11:49:55Z","timestamp":1761565795000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3755881.3755916"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,20]]},"references-count":53,"alternative-id":["10.1145\/3755881.3755916","10.1145\/3755881"],"URL":"https:\/\/doi.org\/10.1145\/3755881.3755916","relation":{},"subject":[],"published":{"date-parts":[[2025,6,20]]},"assertion":[{"value":"2025-10-27","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}