FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W2954975888> ?p ?o ?g. }

• W2954975888 endingPage "4070" @default.
• W2954975888 startingPage "4034" @default.
• W2954975888 abstract "A container is a group of processes isolated from other groups via distinct kernel namespaces and resource allocation quota. Attacks against containers often leverage kernel exploits through the system call interface. In this paper, we present an approach that mines sandboxes and enables fine-grained sandbox enforcement for containers. We first explore the behavior of a container by running test cases and monitor the accessed system calls including types and arguments during testing. We then characterize the types and arguments of system call invocations and translate them into sandbox rules for the container. The mined sandbox restricts the container’s access to system calls which are not seen during testing and thus reduces the attack surface. In the experiment, our approach requires less than eleven minutes to mine a sandbox for each of the containers. The estimation of system call coverage of sandbox mining ranges from 96.4% to 99.8% across the containers under the limiting assumptions that the test cases are complete and only static system/application paths are used. The enforcement of mined sandboxes incurs low performance overhead. The mined sandboxes effectively reduce the attack surface of containers and can prevent the containers from security breaches in reality." @default.
• W2954975888 created "2019-07-12" @default.
• W2954975888 creator A5006669765 @default.
• W2954975888 creator A5047763646 @default.
• W2954975888 creator A5060428816 @default.
• W2954975888 creator A5081036622 @default.
• W2954975888 date "2019-07-04" @default.
• W2954975888 modified "2023-09-27" @default.
• W2954975888 title "Practical and effective sandboxing for Linux containers" @default.
• W2954975888 cites W1832277845 @default.
• W2954975888 cites W1941427975 @default.
• W2954975888 cites W1977838479 @default.
• W2954975888 cites W1979345446 @default.
• W2954975888 cites W1984350393 @default.
• W2954975888 cites W2065076704 @default.
• W2954975888 cites W2066660519 @default.
• W2954975888 cites W2075174112 @default.
• W2954975888 cites W2075699551 @default.
• W2954975888 cites W2098639318 @default.
• W2954975888 cites W2106649514 @default.
• W2954975888 cites W2107147876 @default.
• W2954975888 cites W2109596254 @default.
• W2954975888 cites W2118372007 @default.
• W2954975888 cites W2118528519 @default.
• W2954975888 cites W2123886726 @default.
• W2954975888 cites W2129860818 @default.
• W2954975888 cites W2134073393 @default.
• W2954975888 cites W2151352916 @default.
• W2954975888 cites W2157083801 @default.
• W2954975888 cites W2182584490 @default.
• W2954975888 cites W2184107019 @default.
• W2954975888 cites W2338717024 @default.
• W2954975888 cites W2400063502 @default.
• W2954975888 cites W2614983068 @default.
• W2954975888 cites W2908269939 @default.
• W2954975888 cites W3136767761 @default.
• W2954975888 cites W4214532949 @default.
• W2954975888 cites W4244890066 @default.
• W2954975888 cites W4256009702 @default.
• W2954975888 doi "https://doi.org/10.1007/s10664-019-09737-2" @default.
• W2954975888 hasPublicationYear "2019" @default.
• W2954975888 type Work @default.
• W2954975888 sameAs 2954975888 @default.
• W2954975888 citedByCount "6" @default.
• W2954975888 countsByYear W29549758882020 @default.
• W2954975888 countsByYear W29549758882021 @default.
• W2954975888 crossrefType "journal-article" @default.
• W2954975888 hasAuthorship W2954975888A5006669765 @default.
• W2954975888 hasAuthorship W2954975888A5047763646 @default.
• W2954975888 hasAuthorship W2954975888A5060428816 @default.
• W2954975888 hasAuthorship W2954975888A5081036622 @default.
• W2954975888 hasBestOaLocation W29549758882 @default.
• W2954975888 hasConcept C111919701 @default.
• W2954975888 hasConcept C41008148 @default.
• W2954975888 hasConceptScore W2954975888C111919701 @default.
• W2954975888 hasConceptScore W2954975888C41008148 @default.
• W2954975888 hasIssue "6" @default.
• W2954975888 hasLocation W29549758881 @default.
• W2954975888 hasLocation W29549758882 @default.
• W2954975888 hasOpenAccess W2954975888 @default.
• W2954975888 hasPrimaryLocation W29549758881 @default.
• W2954975888 hasRelatedWork W1505619784 @default.
• W2954975888 hasRelatedWork W1509840194 @default.
• W2954975888 hasRelatedWork W1601407282 @default.
• W2954975888 hasRelatedWork W1867542889 @default.
• W2954975888 hasRelatedWork W2049274697 @default.
• W2954975888 hasRelatedWork W2354060507 @default.
• W2954975888 hasRelatedWork W2371792015 @default.
• W2954975888 hasRelatedWork W2374742111 @default.
• W2954975888 hasRelatedWork W2382986841 @default.
• W2954975888 hasRelatedWork W2388417751 @default.
• W2954975888 hasVolume "24" @default.
• W2954975888 isParatext "false" @default.
• W2954975888 isRetracted "false" @default.
• W2954975888 magId "2954975888" @default.
• W2954975888 workType "article" @default.