Practical and effective sandboxing for Linux containers

Practical and effective sandboxing for Linux containers

A container is a group of processes isolated from other groups via distinct kernel namespaces and resource allocation quota. Attacks against containers often leverage kernel exploits through the system call interface. In this paper, we present an approach that mines sandboxes and enables fine-graine...

Full description

Saved in:
Bibliographic Details
Main Authors: WAN, Zhiyuan, LO, David, XIA, Xin, CAI, Liang
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2019
Subjects:
Container
System call
Sandbox
Testing
Monitoring
Cloud computing
Docker
Seccomp
Programming Languages and Compilers
Software Engineering
Online Access:https://ink.library.smu.edu.sg/sis_research/4502
https://ink.library.smu.edu.sg/context/sis_research/article/5505/viewcontent/Practical_and_effective_sandboxing_for_Linux_containers.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English

Internet

https://ink.library.smu.edu.sg/sis_research/4502
https://ink.library.smu.edu.sg/context/sis_research/article/5505/viewcontent/Practical_and_effective_sandboxing_for_Linux_containers.pdf

Similar Items