{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,13]],"date-time":"2026-01-13T23:48:02Z","timestamp":1768348082626,"version":"3.49.0"},"reference-count":30,"publisher":"IBM","issue":"4","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IBM J. Res. & Dev."],"published-print":{"date-parts":[[2016,7]]},"DOI":"10.1147\/jrd.2016.2574138","type":"journal-article","created":{"date-parts":[[2016,7,27]],"date-time":"2016-07-27T14:48:29Z","timestamp":1469630909000},"page":"12:1-12:10","source":"Crossref","is-referenced-by-count":16,"title":["Secure yet usable: Protecting servers and Linux containers"],"prefix":"10.1147","volume":"60","author":[{"given":"S.","family":"Barlev","sequence":"first","affiliation":[{"name":"IBM Security, Tel Aviv, Israel"}]},{"given":"Z.","family":"Basil","sequence":"additional","affiliation":[{"name":"IBM Security, Tel Aviv, Israel"}]},{"given":"S.","family":"Kohanim","sequence":"additional","affiliation":[{"name":"IBM Security, Tel Aviv, Israel"}]},{"given":"R.","family":"Peleg","sequence":"additional","affiliation":[{"name":"IBM Security, Tel Aviv, Israel"}]},{"given":"S.","family":"Regev","sequence":"additional","affiliation":[{"name":"IBM Security, Tel Aviv, Israel"}]},{"given":"A.","family":"Shulman-Peleg","sequence":"additional","affiliation":[{"name":"IBM Research Division, Israel"}]}],"member":"3082","reference":[{"key":"ref30","author":"andre","year":"2014","journal-title":"Docker breakout exploit analysis"},{"key":"ref10","author":"paganini","year":"2015","journal-title":"VENOM vulnerability opens millions of virtual machines to attack"},{"key":"ref11","year":"0","journal-title":"ET Docker"},{"key":"ref12","first-page":"2","article-title":"Docker: Lightweight Linux containers for consistent development and deployment","volume":"2014","author":"merkel","year":"2014","journal-title":"Linux J"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2015.7346869"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/ISPASS.2015.7095802"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/1408664.1408679"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/FITS.2003.1264934"},{"key":"ref17","year":"2013","journal-title":"SELinux Project"},{"key":"ref18","year":"2015","journal-title":"AppArmor"},{"key":"ref19","year":"2015","journal-title":"TOMOYO Linux"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/2.485845"},{"key":"ref4","author":"olzak","year":"2008","journal-title":"The Five Phases of a Successful Network Penetration"},{"key":"ref27","year":"2011","journal-title":"Before You Connect a New Computer to the Internet"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/1620693.1620708"},{"key":"ref6","author":"weiss","year":"2012","journal-title":"Top 5 WordPress Vulnerabilities and How to Fix Them"},{"key":"ref29","article-title":"Linux containers and the future cloud","volume":"240","author":"rosen","year":"2014","journal-title":"Linux J"},{"key":"ref5","year":"0","journal-title":"OWASP Top Ten Project"},{"key":"ref8","author":"borland","year":"2014","journal-title":"Don't Let the Grinch Steal Christmas"},{"key":"ref7","author":"hunt","year":"2014","journal-title":"Everything you need to know about the Shellshock Bash bug"},{"key":"ref2","first-page":"14","article-title":"Why Johnny can't encrypt: A usability evaluation of PGP 5.0","volume":"8","author":"whitten","year":"0","journal-title":"Proc 8th Usenix Security Symp"},{"key":"ref9","year":"0","journal-title":"CVE Details"},{"key":"ref1","year":"2015","journal-title":"IBM 2015 Cyber Security Intelligence Index"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/762476.762477"},{"key":"ref22","first-page":"1","article-title":"Learning program behavior profiles for intrusion detection","author":"ghosh","year":"0","journal-title":"Proceedings of the 1st Workshop on Intrusion Detection and Network Monitoring"},{"key":"ref21","year":"2002","journal-title":"Penetration studies—A technical overview"},{"key":"ref24","first-page":"1","article-title":"Improving host security with system call policies","volume":"12","author":"provos","year":"0","journal-title":"Proc 12th Conf USENIX SSYM"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2008.54"},{"key":"ref26","author":"riley","year":"2014","journal-title":"Missed Alarms and 40 Million Stolen Credit Card Numbers How Target Blew It"},{"key":"ref25","author":"krebs","year":"2014","journal-title":"In Home Depot Breach Investigation Focuses on Self-Checkout Lanes"}],"container-title":["IBM Journal of Research and Development"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/5288520\/7523342\/07523363.pdf?arnumber=7523363","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,27]],"date-time":"2025-10-27T18:03:19Z","timestamp":1761588199000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/7523363\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,7]]},"references-count":30,"journal-issue":{"issue":"4"},"URL":"https:\/\/doi.org\/10.1147\/jrd.2016.2574138","relation":{},"ISSN":["0018-8646","0018-8646"],"issn-type":[{"value":"0018-8646","type":"print"},{"value":"0018-8646","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016,7]]}}}