乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,12,14]],"date-time":"2024-12-14T05:27:03Z","timestamp":1734154023022,"version":"3.30.2"},"publisher-location":"New York, NY, USA","reference-count":57,"publisher":"ACM","funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62202191, 62032008"],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,11,15]]},"DOI":"10.1145\/3576915.3623154","type":"proceedings-article","created":{"date-parts":[[2023,11,21]],"date-time":"2023-11-21T17:35:13Z","timestamp":1700588113000},"page":"3063-3077","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Lost along the Way: Understanding and Mitigating Path-Misresolution Threats to Container Isolation"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9510-1888","authenticated-orcid":false,"given":"Zhi","family":"Li","sequence":"first","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3054-766X","authenticated-orcid":false,"given":"Weijie","family":"Liu","sequence":"additional","affiliation":[{"name":"Ant Group, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0607-4946","authenticated-orcid":false,"given":"XiaoFeng","family":"Wang","sequence":"additional","affiliation":[{"name":"Indiana University Bloomington, Bloomington, IN, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5365-904X","authenticated-orcid":false,"given":"Bin","family":"Yuan","sequence":"additional","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-1248-4078","authenticated-orcid":false,"given":"Hongliang","family":"Tian","sequence":"additional","affiliation":[{"name":"Ant Group, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3934-7605","authenticated-orcid":false,"given":"Hai","family":"Jin","sequence":"additional","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-9580-5395","authenticated-orcid":false,"given":"Shoumeng","family":"Yan","sequence":"additional","affiliation":[{"name":"Ant Group, Beijing, China"}]}],"member":"320","published-online":{"date-parts":[[2023,11,21]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Add continuous integration to your container builds. https:\/\/learn.microsoft. com\/en-us\/azure-sphere\/app-development\/continuous-integration."},{"key":"e_1_3_2_1_2_1","unstructured":"Auto-reloading for \/etc\/nsswitch.conf. https:\/\/sourceware.org\/bugzilla\/show_ bug.cgi?id=12459."},{"key":"e_1_3_2_1_3_1","unstructured":"cgroups(7) - Linux manual page. https:\/\/man7.org\/linux\/man-pages\/man7\/ cgroups.7.html."},{"key":"e_1_3_2_1_4_1","unstructured":"chroot(2) - Linux manual page. https:\/\/man7.org\/linux\/man-pages\/man2\/chroot. 2.html."},{"key":"e_1_3_2_1_5_1","unstructured":"containerd: An industry-standard container runtime with an emphasis on simplicity robustness and portability. https:\/\/containerd.io\/."},{"key":"e_1_3_2_1_6_1","unstructured":"Containers vs. virtual machines. https:\/\/learn.microsoft.com\/enus\/virtualization\/windowscontainers\/about\/containers-vs-vm."},{"key":"e_1_3_2_1_7_1","unstructured":"CVE-2017--1002101. https:\/\/kubernetes.io\/blog\/2018\/04\/04\/fixing-subpathvolume-vulnerability\/."},{"key":"e_1_3_2_1_8_1","unstructured":"CVE-2019--14271 loading of nsswitch based config inside chroot under Glib. https:\/\/github.com\/containers\/buildah\/issues\/2740."},{"key":"e_1_3_2_1_9_1","unstructured":"CVE-2019--5736: Runc uses more memory during start up after the fix. https: \/\/github.com\/opencontainers\/runc\/issues\/1980."},{"key":"e_1_3_2_1_10_1","unstructured":"daemon: pause containers before doing filesystem operations. https:\/\/github. com\/moby\/moby\/pull\/39252."},{"key":"e_1_3_2_1_11_1","unstructured":"Definitions of the actions. https:\/\/sites.google.com\/view\/container-isolation\/ paper-appendix\/b."},{"key":"e_1_3_2_1_12_1","unstructured":"Docker: Accelerated Containerized Application Development. https:\/\/www. docker.com\/."},{"key":"e_1_3_2_1_13_1","unstructured":"Docker Hub. https:\/\/hub.docker.com\/."},{"key":"e_1_3_2_1_14_1","unstructured":"Docker storage drivers. https:\/\/docs.docker.com\/storage\/storagedriver\/selectstorage-driver\/."},{"key":"e_1_3_2_1_15_1","unstructured":"FileBench. http:\/\/www.nfsv4bat.org\/Documents\/nasconf\/2004\/filebench.pdf."},{"key":"e_1_3_2_1_16_1","unstructured":"filepath-securejoin. https:\/\/github.com\/cyphar\/filepath-securejoin."},{"key":"e_1_3_2_1_17_1","unstructured":"go-callvis. https:\/\/github.com\/ofabry\/go-callvis."},{"key":"e_1_3_2_1_18_1","unstructured":"Go Packages. https:\/\/pkg.go.dev\/."},{"key":"e_1_3_2_1_19_1","unstructured":"gVisor: The Container Security Platform. https:\/\/gvisor.dev\/."},{"key":"e_1_3_2_1_20_1","unstructured":"Kata Containers. https:\/\/katacontainers.io\/."},{"key":"e_1_3_2_1_21_1","unstructured":"Kubernetes. https:\/\/kubernetes.io\/."},{"key":"e_1_3_2_1_22_1","unstructured":"Kubernetes Volumes. https:\/\/kubernetes.io\/docs\/concepts\/storage\/volumes\/."},{"key":"e_1_3_2_1_23_1","unstructured":"Managing dependencies - The Go Programming Language. https:\/\/go.dev\/doc\/ modules\/managing-dependencies."},{"key":"e_1_3_2_1_24_1","unstructured":"mount(8) - Linux manual page. https:\/\/man7.org\/linux\/man-pages\/man8\/mount. 8.html."},{"key":"e_1_3_2_1_25_1","unstructured":"mount_namespaces(7) - Linux manual page. https:\/\/man7.org\/linux\/man-pages\/ man7\/mount_namespaces.7.html."},{"key":"e_1_3_2_1_26_1","unstructured":"opencontainers\/runc. https:\/\/github.com\/opencontainers\/runc."},{"key":"e_1_3_2_1_27_1","unstructured":"Patrol. https:\/\/github.com\/CGCL-codes\/Patrol."},{"key":"e_1_3_2_1_28_1","unstructured":"pivot_root(2) - Linux manual page. https:\/\/man7.org\/linux\/man-pages\/man2\/ pivot_root.2.html."},{"key":"e_1_3_2_1_29_1","unstructured":"Podman. https:\/\/podman.io\/."},{"key":"e_1_3_2_1_30_1","unstructured":"Podman issues about the CVE-2018--15664. https:\/\/github.com\/containers\/ podman\/pull\/3214."},{"key":"e_1_3_2_1_31_1","unstructured":"Proposal: path\/filepath: addition of SecureJoin helper. https:\/\/github.com\/golang\/ go\/issues\/20126."},{"key":"e_1_3_2_1_32_1","unstructured":"Race Condition in crun. https:\/\/security.snyk.io\/vuln\/SNYK-ORACLE8-CRUN2585150."},{"key":"e_1_3_2_1_33_1","unstructured":"Rootless Containers. https:\/\/rootlesscontaine.rs\/."},{"key":"e_1_3_2_1_34_1","unstructured":"SPEC. http:\/\/www.spec.org\/index.html."},{"key":"e_1_3_2_1_35_1","unstructured":"Spin - Formal Verification. https:\/\/spinroot.com\/spin\/whatispin.html."},{"key":"e_1_3_2_1_36_1","unstructured":"Third-party dependencies of the container tools. https:\/\/sites.google.com\/view\/ container-isolation\/paper-appendix\/a."},{"key":"e_1_3_2_1_37_1","unstructured":"Windows Server Containers Are Open and Here's How You Can Break Out. https: \/\/unit42.paloaltonetworks.com\/windows-server-containers-vulnerabilities\/."},{"key":"e_1_3_2_1_38_1","volume-title":"Bovet and Marco Cesati. Understanding the Linux Kernel: from I\/O ports to process management","author":"Daniel","year":"2005","unstructured":"Daniel P. Bovet and Marco Cesati. Understanding the Linux Kernel: from I\/O ports to process management. O'Reilly Media, Inc., 2005."},{"key":"e_1_3_2_1_39_1","volume-title":"Analysis of docker security. arXiv preprint arXiv:1501.02967","author":"Bui Thanh","year":"2015","unstructured":"Thanh Bui. Analysis of docker security. arXiv preprint arXiv:1501.02967, 2015."},{"key":"e_1_3_2_1_40_1","first-page":"1409","volume-title":"Max Schuchard. PKU Pitfalls: Attacks on PKU-based Memory Isolation Systems. In Proceedings of 29th USENIX Security Symposium","author":"Connor R. Joseph","year":"2020","unstructured":"R. Joseph Connor, Tyler McDaniel, Jared M. Smith, and Max Schuchard. PKU Pitfalls: Attacks on PKU-based Memory Isolation Systems. In Proceedings of 29th USENIX Security Symposium, pages 1409--1426, 2020."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3429885.3429967"},{"key":"e_1_3_2_1_42_1","first-page":"74","volume-title":"Proceedings of the 10th International Conference on Verification, Model Checking, and Abstract Interpretation","author":"Galloway Andy","year":"2009","unstructured":"Andy Galloway, Gerald L\u00fcttgen, Jan Tobias M\u00fchlberg, and Radu I Siminiceanu. Model-checking the linux virtual file system. In Proceedings of the 10th International Conference on Verification, Model Checking, and Abstract Interpretation, pages 74--88, 2009."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2017.49"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354227"},{"key":"e_1_3_2_1_45_1","volume-title":"Spec cpu2006 benchmark descriptions. ACM SIGARCH Computer Architecture News, 34(4):1--17","author":"Henning John L.","year":"2006","unstructured":"John L. Henning. Spec cpu2006 benchmark descriptions. ACM SIGARCH Computer Architecture News, 34(4):1--17, 2006."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3058060.3058085"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2015.335"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274720"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2018.03.011"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-12154-3_7"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-11599-3_5"},{"key":"e_1_3_2_1_52_1","first-page":"936","volume-title":"Stefan Mangard. Jenny: Securing Syscalls for PKU-based Memory Isolation Systems. In Proceedings of the 31st USENIX Security Symposium","author":"Schrammel David","year":"2022","unstructured":"David Schrammel, Samuel Weiser, Richard Sadek, and Stefan Mangard. Jenny: Securing Syscalls for PKU-based Memory Isolation Systems. In Proceedings of the 31st USENIX Security Symposium, pages 936--952, 2022."},{"key":"e_1_3_2_1_53_1","first-page":"1423","volume-title":"Proceedings of the 27th USENIX Security Symposium","author":"Sun Yuqiong","year":"2018","unstructured":"Yuqiong Sun, David Safford, Mimi Zohar, Dimitrios Pendarakis, Zhongshu Gu, and Trent Jaeger. Security namespace: making linux security frameworks available to containers. In Proceedings of the 27th USENIX Security Symposium, pages 1423--1439, 2018."},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1561\/3300000013"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815400.2815405"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/3492321.3519560"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-019-09771-0"}],"event":{"name":"CCS '23: ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Copenhagen Denmark","acronym":"CCS '23"},"container-title":["Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3576915.3623154","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,12,13]],"date-time":"2024-12-13T18:22:10Z","timestamp":1734114130000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3576915.3623154"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,15]]},"references-count":57,"alternative-id":["10.1145\/3576915.3623154","10.1145\/3576915"],"URL":"https:\/\/doi.org\/10.1145\/3576915.3623154","relation":{},"subject":[],"published":{"date-parts":[[2023,11,15]]},"assertion":[{"value":"2023-11-21","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}