{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,31]],"date-time":"2026-03-31T04:28:31Z","timestamp":1774931311055,"version":"3.50.1"},"reference-count":49,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"1","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"National Key R&D Program of China","award":["2022YFE0113200"],"award-info":[{"award-number":["2022YFE0113200"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2025,1]]},"DOI":"10.1109\/tdsc.2024.3403920","type":"journal-article","created":{"date-parts":[[2024,5,22]],"date-time":"2024-05-22T17:48:57Z","timestamp":1716400137000},"page":"474-490","source":"Crossref","is-referenced-by-count":4,"title":["Towards Understanding and Defeating Abstract Resource Attacks for Container Platforms"],"prefix":"10.1109","volume":"22","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2899-6121","authenticated-orcid":false,"given":"Wenbo","family":"Shen","sequence":"first","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-2783-8623","authenticated-orcid":false,"given":"Yifei","family":"Wu","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2899-0117","authenticated-orcid":false,"given":"Yutian","family":"Yang","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-1917-0397","authenticated-orcid":false,"given":"Qirui","family":"Liu","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-9346-6679","authenticated-orcid":false,"given":"Nanzi","family":"Yang","sequence":"additional","affiliation":[{"name":"Xidian University, Xi’an, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0709-7434","authenticated-orcid":false,"given":"Jinku","family":"Li","sequence":"additional","affiliation":[{"name":"Xidian University, Xi’an, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4763-7354","authenticated-orcid":false,"given":"Kangjie","family":"Lu","sequence":"additional","affiliation":[{"name":"University of Minnesota, Minneapolis, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4251-1143","authenticated-orcid":false,"given":"Jianfeng","family":"Ma","sequence":"additional","affiliation":[{"name":"Xidian University, Xi’an, China"}]}],"member":"263","reference":[{"key":"ref1","article-title":"Os-level virtualization","year":"2020"},{"key":"ref2","article-title":"Jails: Confining the omnipotent root","volume-title":"Proc. 2nd Int. SANE Conf.","author":"Kamp"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274720"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2017.49"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2018.2879605"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354227"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/TPSISA52974.2021.00016"},{"key":"ref8","article-title":"Getrlimit man page","year":"2020"},{"key":"ref9","article-title":"ulmit source code","author":"Library","year":"2021"},{"key":"ref10","article-title":"Sysctl man page","year":"2020"},{"key":"ref11","article-title":"Sysdig falco","year":"2021"},{"key":"ref12","article-title":"Kubernetes namespaces","year":"2020"},{"key":"ref13","article-title":"Kubernetes limit ranges","year":"2022"},{"key":"ref14","volume-title":"Operating System Concepts","author":"Galvin","year":"2003"},{"key":"ref15","article-title":"Analysis of docker security","author":"Bui","year":"2015"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/MCC.2016.100"},{"key":"ref17","article-title":"Understanding and hardening linux containers","author":"Grattafiori","year":"2016"},{"key":"ref18","article-title":"Linux pty","year":"2017"},{"key":"ref19","article-title":"ezjail man page","year":"2021"},{"key":"ref20","article-title":"freebsd handbook","year":"2021"},{"key":"ref21","article-title":"rctl man page","year":"2021"},{"key":"ref22","article-title":"Zircon handles","year":"2020"},{"key":"ref23","article-title":"Zx rights basic","year":"2020"},{"key":"ref24","first-page":"255","article-title":"Effective static analysis of concurrency use-after-free bugs in linux device drivers","volume-title":"Proc. USENIX Annu. Tech. Conf.","author":"Bai"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/sp.2018.00017"},{"key":"ref26","first-page":"1205","article-title":"PeX: A permission check analysis framework for linux kernel","volume-title":"Proc. 28th USENIX Secur. Symp.","author":"Zhang"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354244"},{"key":"ref28","article-title":"Seccomp security profiles for docker","year":"2020"},{"key":"ref29","article-title":"ulimit man page","year":"2020"},{"key":"ref30","article-title":"Linux test project","year":"2021"},{"key":"ref31","article-title":"Containers on AWS","year":"2020"},{"key":"ref32","article-title":"Containers on azure","year":"2020"},{"key":"ref33","article-title":"GKE quick start","year":"2020"},{"key":"ref34","article-title":"Google compute engine of containers","year":"2020"},{"key":"ref35","article-title":"Pod security policy","year":"2020"},{"key":"ref36","article-title":"Kernel probes (kprobes)","author":"Keniston","year":"2022"},{"key":"ref37","article-title":"BPF compiler collection (BCC)","year":"2022"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/ISPASS.2015.7095802"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/ICACEA.2015.7164727"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/cloud.2018.00030"},{"key":"ref41","article-title":"namespace - linux namespace","year":"2020"},{"key":"ref42","first-page":"45","article-title":"Resource containers: A new facility for resource management in server systems","volume-title":"Proc. 3rd USENIX Symp. Operating Syst. Des. Implementation","author":"Banga"},{"key":"ref43","first-page":"927","article-title":"Fine-grained isolation for scalable, dynamic, multi-tenant edge clouds","volume-title":"Proc. USENIX Annu. Tech. Conf.","author":"Ren"},{"key":"ref44","first-page":"419","article-title":"Faasm: Lightweight isolation for efficient stateful serverless computing","volume-title":"Proc. USENIX Annu. Tech. Conf.","author":"Shillaker"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/LADC.2018.00013"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-60876-1_11"},{"key":"ref47","first-page":"1423","article-title":"Security namespace: Making linux security frameworks available to containers","volume-title":"Proc. 27th USENIX Secur. Symp.","author":"Sun"},{"key":"ref48","first-page":"689","article-title":"{SCONE}: Secure linux containers with intel { SGX}","volume-title":"Proc. 12th USENIX Symp. Operating Syst. Des. Implementation","author":"Arnautov","year":"2016"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/CCWC47524.2020.9031195"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8858\/10843954\/10537099.pdf?arnumber=10537099","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,21]],"date-time":"2025-01-21T03:57:18Z","timestamp":1737431838000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10537099\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,1]]},"references-count":49,"journal-issue":{"issue":"1"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2024.3403920","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,1]]}}}