Mining sandboxes for Linux containers

Mining sandboxes for Linux containers

A container is a group of processes isolated from other groups via distinct kernel namespaces and resource allocation quota. Attacks against containers often leverage kernel exploits through system call interface. In this paper, we present an approach that mines sandboxes for containers. We first ex...

Full description

Saved in:
Bibliographic Details
Main Authors: WAN, Zhiyuan, LO, David, XIA, Xin, CAI, Liang, LI, Shanping
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2017
Subjects:
Linux container
kernel namespaces
resource allocation quota
system call interface
automatic testing
regular functionality
performance overhead
sandbox mining
Software Engineering
Online Access:https://ink.library.smu.edu.sg/sis_research/4528
https://ink.library.smu.edu.sg/context/sis_research/article/5531/viewcontent/Mining_sandboxes_Linux_av.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
Be the first to leave a comment!
You must be logged in first

Similar Items