乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,7,26]],"date-time":"2024-07-26T05:57:52Z","timestamp":1721973472942},"reference-count":77,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"1","license":[{"start":{"date-parts":[[2019,3,1]],"date-time":"2019-03-01T00:00:00Z","timestamp":1551398400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2019,3,1]],"date-time":"2019-03-01T00:00:00Z","timestamp":1551398400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2019,3,1]],"date-time":"2019-03-01T00:00:00Z","timestamp":1551398400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"German Federal Ministry of Education and Research","award":["SENDATE-PLANETS (16KIS0472)","DecADe (16KIS0538)"]},{"name":"German-French Academy for the Industry of the Future"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Netw. Serv. Manage."],"published-print":{"date-parts":[[2019,3]]},"DOI":"10.1109\/tnsm.2018.2889009","type":"journal-article","created":{"date-parts":[[2018,12,20]],"date-time":"2018-12-20T19:49:12Z","timestamp":1545335352000},"page":"41-55","source":"Crossref","is-referenced-by-count":18,"title":["Agile Network Access Control in the Container Age"],"prefix":"10.1109","volume":"16","author":[{"ORCID":"http:\/\/orcid.org\/0000-0002-3026-2621","authenticated-orcid":false,"given":"Cornelius","family":"Diekmann","sequence":"first","affiliation":[]},{"ORCID":"http:\/\/orcid.org\/0000-0002-8808-7643","authenticated-orcid":false,"given":"Johannes","family":"Naab","sequence":"additional","affiliation":[]},{"ORCID":"http:\/\/orcid.org\/0000-0001-7095-7025","authenticated-orcid":false,"given":"Andreas","family":"Korsten","sequence":"additional","affiliation":[]},{"ORCID":"http:\/\/orcid.org\/0000-0002-2347-1839","authenticated-orcid":false,"given":"Georg","family":"Carle","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref73","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1145\/141874.141884","article-title":"Foundations for the study of software architecture","volume":"17","author":"perry","year":"1992","journal-title":"SIGSOFT Softw Eng Notes"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1145\/2674005.2674989"},{"key":"ref71","author":"kim","year":"2014","journal-title":"Kinetic Verifiable Dynamic Control"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33386-6_1"},{"key":"ref76","author":"diekmann","year":"2016","journal-title":"Simple Firewall Archive of Formal Proofs"},{"key":"ref77","author":"michaelis","year":"2016","journal-title":"Routing Archive of Formal Proofs"},{"key":"ref74","first-page":"71","article-title":"A tool for automated iptables firewall analysis","author":"marmorstein","year":"2005","journal-title":"Proc USENIX Annu Technical Conf Freenix Track"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/2342441.2342466"},{"key":"ref75","author":"diekmann","year":"2016","journal-title":"IP Addresses Archive of Formal Proofs"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.1999.766714"},{"key":"ref33","year":"2016","journal-title":"Docker-FW GitHub"},{"key":"ref32","author":"duffy","year":"2016","journal-title":"Azure Bug Bounty Pwning Red Hat Enterprise Linux Blog"},{"key":"ref31","author":"engelhardt","year":"2011","journal-title":"Towards the Perfect Ruleset"},{"key":"ref30","author":"petersson","year":"2014","journal-title":"The Dangers of UFW + Docker Blog"},{"key":"ref37","first-page":"1","article-title":"Composing software defined networks","author":"monsanto","year":"2013","journal-title":"Proc USENIX Symp Netw Syst Design Implem (NSDI)"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/POLICY.2011.10"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/INM.2011.5990681"},{"key":"ref34","year":"2016","journal-title":"DFWFW—Docker Firewall Framework GitHub"},{"key":"ref60","author":"moore","year":"2001","journal-title":"Policy core information model?Version 1 specifications"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.1999.816030"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.17487\/rfc3460"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2011.09.014"},{"key":"ref28","author":"frazelle","year":"2017","journal-title":"Naked Container A Container Run Without the Default AppArmor Default Seccomp or SELinux Naked Containers Make Me Sad Tweet"},{"key":"ref64","first-page":"40","article-title":"Modular SDN programming with pyretic","volume":"38","author":"reich","year":"2013","journal-title":"Proc M Usenix"},{"key":"ref27","article-title":"Analysis of docker security","volume":"abs 1501 2967","author":"bui","year":"2015","journal-title":"CoRR"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1145\/2535838.2535862"},{"key":"ref66","first-page":"1","article-title":"Policy refinement: Decomposition and operationalization for dynamic domains","author":"craven","year":"2011","journal-title":"Proc 7th Conf Netw Service Manag (CNSM)"},{"key":"ref29","article-title":"Passing the console: Fostering the next generation of OPS professionals","author":"goldfuss","year":"2016","journal-title":"Proc LISA"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1109\/INM.2015.7140326"},{"key":"ref68","first-page":"43","article-title":"Detecting BGP configuration faults with static analysis","author":"feamster","year":"2005","journal-title":"Proc USENIX Symp Netw Syst Design Implem (NSDI)"},{"key":"ref69","first-page":"99","article-title":"Real time network policy checking using header space analysis","author":"kazemian","year":"2013","journal-title":"Proc USENIX Symp Netw Syst Design Implem (NSDI)"},{"key":"ref2","first-page":"199","article-title":"FIREMAN: A toolkit for firewall modeling and analysis","author":"yuan","year":"2006","journal-title":"Proc IEEE Symp Security Privacy"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/2379690.2379691"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.17487\/rfc5426"},{"key":"ref22","author":"diekmann","year":"2016","journal-title":"Issue #29108—Networking\/Security Custom Net With Both–Internal and–ICC=False Does Not Block ICC"},{"key":"ref21","year":"2016","journal-title":"Docker 1 10 New Compose File Improved Security Networking And Much More!"},{"key":"ref24","author":"meyer","year":"2016","journal-title":"Issue #22054—Docker Network Bypasses Firewall No Option to Disable Github Issue and Discussion"},{"key":"ref23","author":"radhakrishnan","year":"2016","journal-title":"Docker Networking Design Philosophy Blog"},{"key":"ref26","author":"hertz","year":"2016","journal-title":"Abusing Privileged and Unprivileged Linux Containers"},{"key":"ref25","year":"2017","journal-title":"Docker inc"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1145\/1592681.1592683"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2014.32"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/IEEESTD.2001.92774"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1109\/POLICY.2003.1206966"},{"key":"ref57","first-page":"203","article-title":"Formal aspects in security and trust","author":"cuppens","year":"2005","journal-title":"Proc Workshop Formal Aspects Security Trust (FAST) World Comput Congr (IFIP TC1 WG1 7)"},{"key":"ref56","first-page":"4","article-title":"Firewall analysis with policy-based host classification","volume":"6","author":"marmorstein","year":"2006","journal-title":"Proc 28th USENIX Conf Large Installation Syst Admin (LISA)"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/ICNP.2009.5339690"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/2018436.2018470"},{"key":"ref53","first-page":"113","article-title":"Header space analysis: Static checking for networks","author":"kazemian","year":"2012","journal-title":"Proc USENIX Symp Netw Syst Design Implem (NSDI)"},{"key":"ref52","first-page":"203","article-title":"A formal approach to specify and deploy a network security policy","author":"cuppens","year":"2004","journal-title":"Proceedings of Formal Aspects in Security and Trust"},{"key":"ref10","author":"mouat","year":"2015","journal-title":"Docker Security—Using Containers Safely in Production"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/CNSM.2015.7367384"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/2674005.2674989"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/IFIPNetworking.2016.7497196"},{"key":"ref13","year":"2016","journal-title":"Boycott Docker"},{"key":"ref14","author":"diekmann","year":"2016","journal-title":"Network Security Policy Verification Archive of Formal Proofs"},{"key":"ref15","author":"diekmann","year":"2016","journal-title":"Iptables Semantics Archive of Formal Proofs"},{"key":"ref16","author":"nipkow","year":"2016","journal-title":"Isabelle\/HOL A Proof Assistant for Higher-Order Logic LNCS 2283"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.4204\/EPTCS.150.3"},{"key":"ref18","year":"2016","journal-title":"The Coq Proof Assistant Reference Manual"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-19249-9_13"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2004.2"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/1266840.1266871"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/2377677.2377680"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2006.1607877"},{"key":"ref8","year":"2016","journal-title":"Docker Using Docker Version 1 12 1 on Ubuntu 16 04"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-43613-4_9"},{"key":"ref49","first-page":"15","article-title":"VeriFlow: Verifying network-wide invariants in real time","author":"khurshid","year":"2013","journal-title":"Proc USENIX Symp Netw Syst Design Implem (NSDI)"},{"key":"ref9","author":"beyer","year":"2016","journal-title":"Site Reliability Engineering—How Google Runs Production Systems"},{"key":"ref46","first-page":"15","article-title":"Design and implementation of a routing control platform","author":"caesar","year":"2005","journal-title":"Proc USENIX Symp Netw Syst Design Implem (NSDI)"},{"key":"ref45","author":"lopes","year":"2013","journal-title":"Network Verification in the Light of Program Verification"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/2535372.2535373"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/1355734.1355746"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/65.993219"},{"key":"ref41","first-page":"59","article-title":"Kinetic: Verifiable dynamic network control","author":"kim","year":"2015","journal-title":"Proc USENIX Symp Netw Syst Design Implem (NSDI)"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2005.1498492"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/2784731.2784761"}],"container-title":["IEEE Transactions on Network and Service Management"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/4275028\/8664201\/08584074.pdf?arnumber=8584074","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,13]],"date-time":"2022-07-13T20:52:45Z","timestamp":1657745565000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8584074\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,3]]},"references-count":77,"journal-issue":{"issue":"1"},"URL":"https:\/\/doi.org\/10.1109\/tnsm.2018.2889009","relation":{},"ISSN":["1932-4537","2373-7379"],"issn-type":[{"value":"1932-4537","type":"electronic"},{"value":"2373-7379","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,3]]}}}