{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,17]],"date-time":"2025-11-17T01:50:29Z","timestamp":1763344229455,"version":"3.45.0"},"reference-count":30,"publisher":"Tech Science Press","issue":"2","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["CMC"],"published-print":{"date-parts":[[2025]]},"DOI":"10.32604\/cmc.2025.062628","type":"journal-article","created":{"date-parts":[[2025,6,5]],"date-time":"2025-06-05T03:49:31Z","timestamp":1749095371000},"page":"3105-3124","source":"Crossref","is-referenced-by-count":0,"title":["Preventing IP Spoofing in Kubernetes Using eBPF"],"prefix":"10.32604","volume":"84","author":[{"given":"Absar","family":"Hussain","sequence":"first","affiliation":[]},{"given":"Abdul","family":"Aziz","sequence":"additional","affiliation":[]},{"given":"Hassan Jamil","family":"Syed","sequence":"additional","affiliation":[]},{"given":"Shoaib","family":"Raza","sequence":"additional","affiliation":[]}],"member":"17807","published-online":{"date-parts":[[2025]]},"reference":[{"key":"ref1","series-title":"Proceedings of the 2023 IEEE Ural-Siberian Conference on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT)","first-page":"283","article-title":"An overview of container security in a kubernetes cluster","author":"German","year":"2013 May 15\u201317"},{"key":"ref2","first-page":"2169","article-title":"Exploring security enhancements in Kubernetes CNI: a deep dive into network policies","volume":"13","author":"Kim","year":"2025","journal-title":"IEEE Access"},{"key":"ref3","doi-asserted-by":"crossref","first-page":"22637","DOI":"10.1109\/ACCESS.2023.3249105","article-title":"Enabling P4 network telemetry in edge micro data centers with kubernetes orchestration","volume":"11","author":"Scano","year":"2023","journal-title":"IEEE Access"},{"key":"ref4","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1145\/2890784","article-title":"Kubernetes","volume":"59","author":"Burns","year":"2016","journal-title":"Commun ACM"},{"key":"ref5","doi-asserted-by":"crossref","first-page":"57174","DOI":"10.1109\/ACCESS.2023.3281480","article-title":"eBPF: a new approach to cloud-native observability, networking and security for current (5G) and future mobile networks (6G and Beyond)","volume":"11","author":"Soldani","year":"2023","journal-title":"IEEE Access"},{"key":"ref6","unstructured":"CNCF Annual Survey 2023 [Internet]. [cited 2025 Apr 9]. Available from: https:\/\/www.cncf.io\/reports\/cncf-annual-survey-2023\/."},{"key":"ref7","doi-asserted-by":"crossref","first-page":"934","DOI":"10.1109\/TNET.2022.3206781","article-title":"Secure inter-container communications using XDP\/eBPF","volume":"31","author":"Nam","year":"2023","journal-title":"IEEE\/ACM Trans Netw"},{"key":"ref8","doi-asserted-by":"crossref","first-page":"3972","DOI":"10.3390\/electronics13193972","article-title":"Performance and latency efficiency evaluation of kubernetes container network interfaces for built-in and custom tuned profiles","volume":"13","author":"Daki\u0107","year":"2024","journal-title":"Electronics"},{"key":"ref9","unstructured":"Ferguson L. Tigera Closes Out 2023 with Significant Momentum for Calico as Demand for Container Security Accelerates, Tigera\u2014creator of Calico [Internet]. [cited 2025 Apr 9]. Available from: https:\/\/www.tigera.io\/blog\/tigera-closes-out-2023-with-significant-momentum-for-calico-as-demand-for-container-security-accelerates\/."},{"key":"ref10","unstructured":"Tigera. Tigera enhances calico with major network and runtime security updates [Internet]. [cited 2025 Apr 9]. Available from: https:\/\/www.prnewswire.com\/news-releases\/tigera-enhances-calico-with-major-network-and-runtime-security-updates-302301572.html."},{"key":"ref11","unstructured":"Cilium netkit: the final frontier in container networking performance [Internet]. [cited 2025 Apr 9]. Available from: https:\/\/isovalent.com\/blog\/post\/cilium-netkit-a-new-container-networking-paradigm-for-the-ai-era\/."},{"key":"ref12","series-title":"Proceedings of the 2021 Joint European Conference on Networks and Communications & 6G Summit (EuCNC\/6G Summit)","first-page":"407","article-title":"Network policies in kubernetes: performance evaluation and security analysis","author":"Budigiri","year":"2021 Jun 8\u201311"},{"key":"ref13","unstructured":"Cilium (computing) [Internet]. [cited 2025 Jan 1]. Available from: https:\/\/en.wikipedia.org\/w\/index.php?title=Cilium_(computing)&oldid=1262067602."},{"key":"ref14","unstructured":"The crucial role of bastion hosts in securing your network infrastructure [Internet]. [cited 2025 Apr 9]. Available from: https:\/\/www.cloudthat.com\/resources\/blog\/the-crucial-role-of-bastion-hosts-in-securing-your-network-infrastructure."},{"key":"ref15","unstructured":"Teleport. 14 best practices to secure SSH Bastion Host [Internet]. [cited 2025 Apr 9]. Available from: https:\/\/goteleport.com\/blog\/security-hardening-ssh-bastion-best-practices\/."},{"key":"ref16","unstructured":"What is a Bastion Host and Does Your Business Need It [Internet]? [cited 2025 Apr 9]. Available from: https:\/\/nordlayer.com\/blog\/bastion-host\/."},{"key":"ref17","first-page":"2215","article-title":"An effective utilization of bastion host services in cloud environment","volume":"8","author":"Vijayababu","year":"2019","journal-title":"Int J Innov Technol Explor Eng"},{"key":"ref18","doi-asserted-by":"crossref","first-page":"4034","DOI":"10.1007\/s10664-019-09737-2","article-title":"Practical and effective sandboxing for Linux containers","volume":"24","author":"Wan","year":"2019","journal-title":"Empir Softw Eng"},{"key":"ref19","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3715001","article-title":"A container security survey: exploits, attacks, and defenses","volume":"57","author":"Jarkas","year":"2025","journal-title":"ACM Comput Surv"},{"key":"ref20","series-title":"Proceedings of the 2nd Workshop on SErverless Systems, Applications and Methodologies","first-page":"25","article-title":"Sandboxing functions for efficient and secure multi-tenant serverless deployments","author":"Mainas","year":"2024 April 22"},{"key":"ref21","series-title":"Proceedings of the 12th IEEE\/ACM International Conference on Utility and Cloud Computing","first-page":"219","article-title":"Container-based sandboxes for malware analysis: a compromise worth considering","author":"Khalimov","year":"2019 Dec 2\u20135"},{"key":"ref22","unstructured":"Project Calico. Tigera\u2014creator of Calico [Internet]. [cited 2025 Apr 9]. Available from: https:\/\/www.tigera.io\/project-calico\/."},{"key":"ref23","unstructured":"Network Plugins. Kubernetes [Internet]. [cited 2025 Apr 9]. Available from: https:\/\/kubernetes.io\/docs\/concepts\/extend-kubernetes\/compute-storage-net\/network-plugins\/."},{"key":"ref24","unstructured":"Native C-C, Networking EP-B. Observability, Security [Internet]. [cited 2025 Apr 9]. Available from: https:\/\/cilium.io\/."},{"key":"ref25","doi-asserted-by":"crossref","first-page":"758","DOI":"10.3390\/jcp3040034","article-title":"Security in cloud-native services: a survey","volume":"3","author":"Theodoropoulos","year":"2023","journal-title":"J Cybersecur Priv"},{"key":"ref26","series-title":"Proceedings of the 2020 USENIX Annual Technical Conference (USENIX ATC 20)","first-page":"81","article-title":"BASTION: a Security Enforcement Network Stack for Container Networks","author":"Nam","year":"2020 Jul 15\u201317"},{"key":"ref27","series-title":"Proceedings of the 14th IEEE\/ACM International Conference on Utility and Cloud Computing","first-page":"1","article-title":"Concentrated isolation for container networks toward application-aware sandbox tailoring","author":"Nakata","year":"2021 Dec 6\u20139"},{"key":"ref28","unstructured":"Unveiling eBPF: revolutionizing security and observability | Wiz Blog, wiz.io [Internet]. [cited 2025 Apr 9]. Available from: https:\/\/www.wiz.io\/blog\/unveiling-ebpf-revolutionizing-security-and-observability."},{"key":"ref29","doi-asserted-by":"crossref","first-page":"126370","DOI":"10.1109\/ACCESS.2022.3226269","article-title":"Extended berkeley packet filter: an application perspective","volume":"10","author":"Sharaf","year":"2022","journal-title":"IEEE Access"},{"key":"ref30","unstructured":"Findlay W. Security applications of extended BPF under the Linux Kernel [Internet].[cited 2025 Apr 9]. Available from: https:\/\/www.cisl.carleton.ca\/~will\/written\/findlay20bpfsec.pdf."}],"container-title":["Computers, Materials & Continua"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/cdn.techscience.cn\/files\/cmc\/2025\/TSP_CMC-84-2\/TSP_CMC_62628\/TSP_CMC_62628.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,17]],"date-time":"2025-11-17T01:47:07Z","timestamp":1763344027000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.techscience.com\/cmc\/v84n2\/62861"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":30,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2025]]},"published-print":{"date-parts":[[2025]]}},"URL":"https:\/\/doi.org\/10.32604\/cmc.2025.062628","relation":{},"ISSN":["1546-2226"],"issn-type":[{"type":"electronic","value":"1546-2226"}],"subject":[],"published":{"date-parts":[[2025]]}}}