Practical and effective sandboxing for Linux containers

Practical and effective sandboxing for Linux containers

A container is a group of processes isolated from other groups via distinct kernel namespaces and resource allocation quota. Attacks against containers often leverage kernel exploits through the system call interface. In this paper, we present an approach that mines sandboxes and enables fine-graine...

Full description

Saved in:

Bibliographic Details
Main Authors:	WAN, Zhiyuan, LO, David, XIA, Xin, CAI, Liang
Format:	text
Language:	English
Published:	Institutional Knowledge at Singapore Management University 2019
Subjects:	Container System call Sandbox Testing Monitoring Cloud computing Docker Seccomp Programming Languages and Compilers Software Engineering
Online Access:	https://ink.library.smu.edu.sg/sis_research/4502 https://ink.library.smu.edu.sg/context/sis_research/article/5505/viewcontent/Practical_and_effective_sandboxing_for_Linux_containers.pdf
Tags:	Add Tag No Tags, Be the first to tag this record!
Institution:	Singapore Management University
Language:	English

Similar Items

Mining sandboxes for Linux containers
by: WAN, Zhiyuan, et al.
Published: (2017)

CONHUB: A METADATA MANAGEMENT SYSTEM FOR DOCKER CONTAINERS
by: TIAN XING
Published: (2017)

Mining sandboxes: Are we there yet?
by: BAO, Lingfeng, et al.
Published: (2018)

Towards mining comprehensive Android sandboxes
by: LE, Tien-Duy B., et al.
Published: (2018)

Understanding the Genetic Makeup of Linux Device Drivers
by: Tschudin, Peter Senna, et al.
Published: (2013)

Perceptions of Chinese People Toward Phuket’s Destination Image and Intention to Visit Phuket: The Influence of Phuket Sandbox Program Implementation
by: Hu, Zhaoxiang
Published: (2023)

Rethinking the regulatory sandbox for financial innovation: An assessment of the UK and Singapore
by: CHEN, Christopher
Published: (2020)

Bug characteristics in blockchain systems: A large-scale empirical study
by: WAN, Zhiyuan, et al.
Published: (2017)

JSCSP: A novel policy-based XSS defense mechanism for browsers
by: XU, Guangquan, et al.
Published: (2022)

Liner shipping service network design with empty container repositioning
by: Meng, Q., et al.
Published: (2014)

Liner shipping service network design with empty container repositioning
by: Meng, Q., et al.
Published: (2014)

RemGen: remanufacturing a random program generator for compiler testing
by: TU, Haoxin, et al.
Published: (2022)

JNICodejail - Native code isolation for Java programs
by: Hassanshahi, B., et al.
Published: (2014)

A logistic regression and linear programming approach for multi-skill staffing optimization in call centers
by: TA, Thuy Anh, et al.
Published: (2022)

Large language model for vulnerability detection: Emerging results and future directions
by: ZHOU, Xin, et al.
Published: (2024)

Integrated Quay crane and yard truck schedule for inbound containers
by: Lee, D.-H., et al.
Published: (2014)

Integrated quay crane and yard truck schedule problem in container terminals
by: Cao, J., et al.
Published: (2014)

Laughter emotion recognition using gestures
by: De Jesus, Paulina Catya S.
Published: (2014)

Sound and complete certificates for quantitative termination analysis of probabilistic programs
by: CHATTERJEE, Krishnendu, et al.
Published: (2022)

Learning control policies for stochastic systems with reach-avoid guarantees
by: ZIKELIC, Dorde, et al.
Published: (2023)

Attack prompt generation for red teaming and defending large language models
by: DENG, Boyi, et al.
Published: (2023)

ON THE TREE AND CLUSTER CONTAINMENT PROBLEMS FOR PHYLOGENETIC NETWORKS
by: ANDREAS DWI MARYANTO GUNAWAN
Published: (2018)

Towards a binary integrity system for windows
by: Wu, Y., et al.
Published: (2013)

A project study on the manufacture of glass containers and other allied products
by: Apacible, Renato Y.
Published: (1964)

Ensuring Faultless Communication Behaviour in A Commercial Cloud
by: Umarov, Timur, et al.
Published: (2015)

Liner ship fleet planning with uncertain container shipment demand
by: WANG TING SONG
Published: (2012)

PerfLearner: learning from bug reports to understand and generate performance test frames
by: HAN, Xue, et al.
Published: (2018)

Deep code comment generation with hybrid lexical and syntactical information
by: HU, Xing, et al.
Published: (2019)

A project study on the manufacture of glass containers
by: Cespedes, Victorino J.
Published: (1965)

Automatic code review by learning the revision of source code
by: SHI, Shu-Ting, et al.
Published: (2019)

INFAR: insight extraction from app reviews
by: GAO, Cuiyun, et al.
Published: (2018)

CodeMatcher: A tool for large-scale code search based on query semantics matching
by: LIU, Chao, et al.
Published: (2022)

A project study on the feasibility of using S-Con containers in the Philippines
by: Garcia, Vicente G.
Published: (1976)

Measuring program comprehension: A large-scale field study with professionals
by: XIA, Xin, et al.
Published: (2018)

MolCA: Molecular graph-language modeling with cross-modal projector and uni-modal adapter
by: LIU, Zhiyuan, et al.
Published: (2023)

WatME: Towards lossless watermarking through lexical redundancy
by: CHEN, Liang, et al.
Published: (2024)

Program evaluation for Easy, C, Pascal programming languages
by: Garcia, Arnaldo, et al.
Published: (1989)

VT-Revolution: Interactive programming tutorials made possible
by: BAO, Lingfeng, et al.
Published: (2018)

Detecting C++ compiler front-end bugs via grammar mutation and differential testing
by: TU, Haoxin, et al.
Published: (2023)

A simulation tool for practicing logic formulation in C-language programming
by: Teng, Randy Tan
Published: (2005)