Practical and effective sandboxing for Linux containers
A container is a group of processes isolated from other groups via distinct kernel namespaces and resource allocation quota. Attacks against containers often leverage kernel exploits through the system call interface. In this paper, we present an approach that mines sandboxes and enables fine-graine...
Saved in:
Main Authors: | WAN, Zhiyuan, LO, David, XIA, Xin, CAI, Liang |
---|---|
Format: | text |
Language: | English |
Published: |
Institutional Knowledge at Singapore Management University
2019
|
Subjects: | |
Online Access: | https://ink.library.smu.edu.sg/sis_research/4502 https://ink.library.smu.edu.sg/context/sis_research/article/5505/viewcontent/Practical_and_effective_sandboxing_for_Linux_containers.pdf |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Singapore Management University |
Language: | English |
Similar Items
-
Mining sandboxes for Linux containers
by: WAN, Zhiyuan, et al.
Published: (2017) -
CONHUB: A METADATA MANAGEMENT SYSTEM FOR DOCKER CONTAINERS
by: TIAN XING
Published: (2017) -
Mining sandboxes: Are we there yet?
by: BAO, Lingfeng, et al.
Published: (2018) -
Towards mining comprehensive Android sandboxes
by: LE, Tien-Duy B., et al.
Published: (2018) -
Understanding the Genetic Makeup of Linux Device Drivers
by: Tschudin, Peter Senna, et al.
Published: (2013)