Practical and effective sandboxing for Linux containers

A container is a group of processes isolated from other groups via distinct kernel namespaces and resource allocation quota. Attacks against containers often leverage kernel exploits through the system call interface. In this paper, we present an approach that mines sandboxes and enables fine-graine...

Full description

Saved in:
Bibliographic Details
Main Authors: WAN, Zhiyuan, LO, David, XIA, Xin, CAI, Liang
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2019
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/4502
https://ink.library.smu.edu.sg/context/sis_research/article/5505/viewcontent/Practical_and_effective_sandboxing_for_Linux_containers.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English