[1] |
SOFIA Z . Container technologies[J]. Hypatia, 2000,15(2): 181-201.
|
[2] |
BABU S A , HAREESH M J , MARTIN J P ,et al. System performance evaluation of Para virtualization,container virtualization,and full virtualization using xen,OpenVZ,and XenServer[C]// Proceedings of 2014 Fourth International Conference on Advances in Computing and Communications. Piscataway:IEEE Press, 2014: 247-250.
|
[3] |
BERNSTEIN D . Containers and cloud:from LXC to docker to Kubernetes[J]. IEEE Cloud Computing, 2014,1(3): 81-84.
|
[4] |
MARATHE N , GANDHI A , SHAH J M . Docker swarm and Kubernetes in cloud computing environment[C]// Proceedings of 2019 3rd International Conference on Trends in Electronics and Informatics(ICOEI). Piscataway:IEEE Press, 2019: 179-184.
|
[5] |
SULTAN S , AHMAD I , DIMITRIOU T . Container security:issues,challenges,and the road ahead[J]. IEEE Access, 2019,7: 52976-52996.
|
[6] |
COMBE T , MARTIN A , DI PIETRO R . To docker or not to docker:a security perspective[J]. IEEE Cloud Computing, 2016,3(5): 54-62.
|
[7] |
SALAMERO J . Kubernetes runtime security with falco and sysdig[R]. 2019.
|
[8] |
JIAN Z , CHEN L . A defense method against docker escape attack[C]// Proceedings of the 2017 International Conference on Cryptography,Security and Privacy. Piscataway:IEEE Press, 2017: 142-146.
|
[9] |
ROSEN R . Resource management:Linux kernel namespacess and cgroups[R]. 2013.
|
[10] |
BACARELLA M . Taking advantage of Linux capabilities[R]. 2002.
|
[11] |
ROSEN R . Namespacess and cgroups,the basis of Linux containers[R]. 2016.
|
[12] |
LIN X , LEI L G , WANG Y W ,et al. A measurement study on linux container security:attacks and countermeasures[C]// Proceedings of the 34th Annual Computer Security Applications Conference. New York:ACM Press, 2018: 418-429.
|
[13] |
COOK K . Kernel address space layout randomization[R]. 2013.
|
[14] |
CORBET J . Supervisor mode access prevention[R]. 2012.
|
[15] |
WILFAHRT N . Dirtycow vulnerability details[R]. 2016.
|
[16] |
CORBET J . On vsyscalls and the vDSO[R]. 2011.
|
[17] |
MASON J , SMALL S , MONROSE F ,et al. English shellcode[C]// Proceedings of the 16th ACM Conference on Computer and Communications Security. New York:ACM Press, 2009: 524-533.
|
[18] |
BONGARD M , ILLI D . Reverse shell via voice[D]. Zurich:HSR Hochschule für Technik Rapperswil, 2019.
|
[19] |
RANDAZZO A , TINNIRELLO I . Kata containers:an emerging architecture for enabling MEC services in fast and secure way[C]// Proceedings of 2019 Sixth International Conference on Internet of Things:Systems,Management and Security (IOTSMS). Piscataway:IEEE Press, 2019: 209-214.
|
[20] |
YOUNG E G , ZHU P , CARAZA-HARTER T ,et al. The true cost of containing:a gVisor case study[C]// Proceedings of 11th USENIX Workshop on Hot Topics in Cloud Computing. Berkeley:USENIX Association, 2019: 1-16.
|
[21] |
MOREAU L , FREIRE J , FUTRELLE J ,et al. The open provenance model:an overview[C]// Provenance and Annotation of Data and Processes. Berlin:Springer, 2008: 323-326.
|
[22] |
MORISSON B . Analysis of the linux audit system[D]. England:Royal Holloway,University of London, 2015.
|
[23] |
GEHANI A , TARIQ D . SPADE:support for provenance auditing in distributed environments[C]// ACM/IFIP/USENIX International Conference on Distributed Systems Platforms and Open Distributed Processing. Berlin:Springer, 2012: 101-120.
|
[24] |
LORCZAK P R , CAGLAYAN A K , ECKHARDT D E . A theoretical investigation of generalized voters for redundant systems[C]// Proceedings of the Nineteenth International Symposium on Fault-Tolerant Computing.Digest of Papers. Piscataway:IEEE Press, 1989: 444-451.
|
[25] |
NETZER R H B , MILLER B P . What are race conditions?[J]. ACM Letters on Programming Languages and Systems, 1992,1(1): 74-88.
|
[26] |
FáBREGA F J T , JAVIER F , GUTTMAN J D . Copy on write[R]. 1995.
|
[27] |
CHEN X , IRSHAD H , CHEN Y ,et al. CLARION:sound and clear provenance tracking for microservice deployments[C]// Proceedings of 30th USENIX Security Symposium. Berkeley:USENIX Association, 2021: 3989-4006.
|
[28] |
GOOGLE. Google microservice demo:online boutique[R]. 2019.
|