FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W4309346687> ?p ?o ?g. }

• W4309346687 abstract "Due to its advantages of faster start-up speed and better resource utilization efficiency, container technology has been widely deployed in software deployment. However, the benefits of containers come at the cost of weak isolation for the underlying shared OS kernel. To enhance the security of containers, it is critical to customize secure configurations for each specific container, including the system call list and the capability list. However, existing solutions mainly focus on system call profiling and most of these approaches still demand huge human efforts to manually configure and successfully run each container. Moreover, the dependency between capability and system call has not been considered and cross-checked during the profiling process. In this paper, we develop a toolkit named SysCap to automatically customize required system calls and capabilities for Docker images. SysCap provides a static analyzer tool to construct a libc-to-syscall mapping via analyzing the libc and a syscall-to-capability mapping via analyzing the Linux kernel. When given a Docker image, SysCap parses the Docker image statically to obtain the binary-level called functions in the target layer and then queries them with the libc-to-syscall mapping to obtain the required system calls. Next, SysCap queries the obtained system calls with the syscall-to-capability mapping to obtain the required capabilities. Thus, SysCap can customize a secure configuration of system call and capability for a given Docker image. We test SysCap on the top 193 Docker images from Dockerhub, and the experimental results show that SysCap works on all images and can reduce the attack surface effectively." @default.
• W4309346687 created "2022-11-26" @default.
• W4309346687 creator A5008458015 @default.
• W4309346687 creator A5020746135 @default.
• W4309346687 creator A5021740010 @default.
• W4309346687 creator A5026728546 @default.
• W4309346687 creator A5046947918 @default.
• W4309346687 creator A5048698954 @default.
• W4309346687 creator A5074984852 @default.
• W4309346687 date "2022-10-03" @default.
• W4309346687 modified "2023-09-23" @default.
• W4309346687 title "SysCap: Profiling and Crosschecking Syscall and Capability Configurations for Docker Images" @default.
• W4309346687 cites W2247002685 @default.
• W4309346687 cites W2297774820 @default.
• W4309346687 cites W2343875716 @default.
• W4309346687 cites W2530894209 @default.
• W4309346687 cites W2574017551 @default.
• W4309346687 cites W2614983068 @default.
• W4309346687 cites W2620081107 @default.
• W4309346687 cites W2621197600 @default.
• W4309346687 cites W2741175893 @default.
• W4309346687 cites W2955949247 @default.
• W4309346687 cites W2962200727 @default.
• W4309346687 cites W3214725335 @default.
• W4309346687 doi "https://doi.org/10.1109/cns56114.2022.9947248" @default.
• W4309346687 hasPublicationYear "2022" @default.
• W4309346687 type Work @default.
• W4309346687 citedByCount "0" @default.
• W4309346687 crossrefType "proceedings-article" @default.
• W4309346687 hasAuthorship W4309346687A5008458015 @default.
• W4309346687 hasAuthorship W4309346687A5020746135 @default.
• W4309346687 hasAuthorship W4309346687A5021740010 @default.
• W4309346687 hasAuthorship W4309346687A5026728546 @default.
• W4309346687 hasAuthorship W4309346687A5046947918 @default.
• W4309346687 hasAuthorship W4309346687A5048698954 @default.
• W4309346687 hasAuthorship W4309346687A5074984852 @default.
• W4309346687 hasConcept C105339364 @default.
• W4309346687 hasConcept C111919701 @default.
• W4309346687 hasConcept C114614502 @default.
• W4309346687 hasConcept C120314980 @default.
• W4309346687 hasConcept C127413603 @default.
• W4309346687 hasConcept C149635348 @default.
• W4309346687 hasConcept C187191949 @default.
• W4309346687 hasConcept C2777904410 @default.
• W4309346687 hasConcept C2778579508 @default.
• W4309346687 hasConcept C2781018962 @default.
• W4309346687 hasConcept C33923547 @default.
• W4309346687 hasConcept C41008148 @default.
• W4309346687 hasConcept C553261973 @default.
• W4309346687 hasConcept C74193536 @default.
• W4309346687 hasConcept C78519656 @default.
• W4309346687 hasConceptScore W4309346687C105339364 @default.
• W4309346687 hasConceptScore W4309346687C111919701 @default.
• W4309346687 hasConceptScore W4309346687C114614502 @default.
• W4309346687 hasConceptScore W4309346687C120314980 @default.
• W4309346687 hasConceptScore W4309346687C127413603 @default.
• W4309346687 hasConceptScore W4309346687C149635348 @default.
• W4309346687 hasConceptScore W4309346687C187191949 @default.
• W4309346687 hasConceptScore W4309346687C2777904410 @default.
• W4309346687 hasConceptScore W4309346687C2778579508 @default.
• W4309346687 hasConceptScore W4309346687C2781018962 @default.
• W4309346687 hasConceptScore W4309346687C33923547 @default.
• W4309346687 hasConceptScore W4309346687C41008148 @default.
• W4309346687 hasConceptScore W4309346687C553261973 @default.
• W4309346687 hasConceptScore W4309346687C74193536 @default.
• W4309346687 hasConceptScore W4309346687C78519656 @default.
• W4309346687 hasFunder F4320306076 @default.
• W4309346687 hasFunder F4320321001 @default.
• W4309346687 hasLocation W43093466871 @default.
• W4309346687 hasOpenAccess W4309346687 @default.
• W4309346687 hasPrimaryLocation W43093466871 @default.
• W4309346687 hasRelatedWork W2119016902 @default.
• W4309346687 hasRelatedWork W2291034565 @default.
• W4309346687 hasRelatedWork W2349507549 @default.
• W4309346687 hasRelatedWork W2354677839 @default.
• W4309346687 hasRelatedWork W2355761960 @default.
• W4309346687 hasRelatedWork W2358554276 @default.
• W4309346687 hasRelatedWork W2371792015 @default.
• W4309346687 hasRelatedWork W2385651623 @default.
• W4309346687 hasRelatedWork W3011529001 @default.
• W4309346687 hasRelatedWork W3208245578 @default.
• W4309346687 isParatext "false" @default.
• W4309346687 isRetracted "false" @default.
• W4309346687 workType "article" @default.