English
Related papers

Related papers: Secure Namespaced Kernel Audit for Containers

200 papers

Kernel audit logs are an invaluable source of information in the forensic investigation of a cyber-attack. However, the coarse granularity of dependency information in audit logs leads to the construction of huge attack graphs which contain…

Cryptography and Security · Computer Science 2018-10-16 Sadegh M. Milajerdi , Birhanu Eshete , Rigel Gjomemo , V. N. Venkatakrishnan

Safe kernel extensions have gained significant traction, evolving from simple packet filters to large, complex programs that customize storage, networking, and scheduling. Existing kernel extension mechanisms like eBPF rely on in-kernel…

The page cache is a central part of an OS. It reduces repeated accesses to storage by deciding which pages to retain in memory. As a result, the page cache has a significant impact on the performance of many applications. However, its…

Operating Systems · Computer Science 2025-02-06 Tal Zussman , Ioannis Zarkadas , Jeremy Carin , Andrew Cheng , Hubertus Franke , Jonas Pfefferle , Asaf Cidon

This paper introduces BeaCon, a novel tool for the automated generation of adjustable container security policies. Unlike prior approaches, BeaCon leverages dynamic analysis to simulate realistic environments, uncovering container execution…

Cryptography and Security · Computer Science 2025-12-02 Haney Kang , Eduard Marin , Myoungsung You , Diego Perino , Seungwon Shin , Jinwoo Kim

Kubernetes, an open-source platform for automating the deployment, scaling, and management of containerized applications, is widely used for its efficiency and scalability. However, its complexity and extensive configuration options often…

Cryptography and Security · Computer Science 2024-08-08 Eoghan Russell , Kapal Dev

With the increasing demand for data storage and the exponential growth of data, traditional single-server architectures are no longer sufficient to handle the massive amounts of data storage, transfer, and various file system events. As a…

Cryptography and Security · Computer Science 2023-05-23 Sayed Erfan Arefin

The extended Berkeley Packet Filter (eBPF) is extensively utilized for observability and performance analysis in cloud-native environments. However, deploying eBPF programs across a heterogeneous cloud environment presents challenges,…

Operating Systems · Computer Science 2024-08-12 Yusheng Zheng , Tong Yu , Yiwei Yang , Andrew Quinn

eBPF is a new technology which allows dynamically loading pieces of code into the Linux kernel. It can greatly speed up networking since it enables the kernel to process certain packets without the involvement of a userspace program. So far…

Cryptography and Security · Computer Science 2022-03-07 Maximilian Bachl , Joachim Fabini , Tanja Zseby

Distributed storage codes have recently received a lot of attention in the community. Independently, another body of work has proposed integrity checking schemes for cloud storage, none of which, however, is customized for coding-based…

Cryptography and Security · Computer Science 2014-05-14 Anh Le , Athina Markopoulou , Alexandros G. Dimakis

The eBPF technology in the Linux kernel has been widely adopted for different applications, such as networking, tracing, and security, thanks to the programmability it provides. By allowing user-supplied eBPF programs to be executed…

Cryptography and Security · Computer Science 2023-05-16 Hsin-Wei Hung , Ardalan Amiri Sani

Existing software-based memory tiering systems decide which pages to place on the slower or faster tier. However, they do not take into account two important factors that greatly influence application performance: the size of the migrated…

Operating Systems · Computer Science 2026-04-15 Xi Wang , Tal Zussman , Yuang Xu , Bin Ma , Asaf Cidon , Dong Li

Software containers are widely adopted for developing and deploying software applications. Despite their popularity, major security concerns arise during container development and deployment. Software Engineering (SE) research literature…

Software Engineering · Computer Science 2025-12-16 Maha Sroor , Teerath Das , Rahul Mohanani , Tommi Mikkonen

Control barrier functions (CBFs) provide a principled framework for enforcing safety in control systems -- yet the certified safe operating region in practice is often conservative, especially under input bounds. In many applications,…

Systems and Control · Electrical Eng. & Systems 2026-04-07 Pio Ong , David E. J. van Wijk , Massimiliano de Sa , Joel W. Burdick , Aaron D. Ames

We present BPFroid -- a novel dynamic analysis framework for Android that uses the eBPF technology of the Linux kernel to continuously monitor events of user applications running on a real device. The monitored events are collected from…

Cryptography and Security · Computer Science 2021-06-01 Yaniv Agman , Danny Hendler

The cost of communication between the operating system kernel and user applications has long blocked improvements in software performance. Traditionally, operating systems encourage software developers to use the system call interface to…

Operating Systems · Computer Science 2025-07-01 Boming Kong , Zhizhou Zhang , Jonathan Balkind

Software development industries are increasingly adopting containers to enhance the scalability and flexibility of software applications. Security in containerized projects is a critical challenge that can lead to data breaches and…

Software Engineering · Computer Science 2025-04-11 Maha Sroor , Rahul Mohanani , Ricardo Colomo-Palacios , Sandun Dasanayake , Tommi Mikkonen

The emergence of chiplet-based heterogeneous integration is transforming the semiconductor, AI, and high-performance computing industries by enabling modular designs and improved scalability. However, assembling chiplets from multiple…

Cryptography and Security · Computer Science 2025-07-08 Ishraq Tashdid , Tasnuva Farheen , Sazadur Rahman

The kernel is the most safety- and security-critical component of many computer systems, as the most severe bugs lead to complete system crash or exploit. It is thus desirable to guarantee that a kernel is free from these bugs using formal…

Cryptography and Security · Computer Science 2021-05-25 Olivier Nicole , Matthieu Lemerre , Sébastien Bardin , Xavier Rival

With the improvements in computing technologies, edge devices in the Internet-of-Things have become more complex. The enabler technology for these complex systems are powerful application core processors with operating system support, such…

Cryptography and Security · Computer Science 2023-01-13 Robert Schilling , Pascal Nasahl , Martin Unterguggenberger , Stefan Mangard

System auditing is a crucial technique for detecting APT attacks. However, attackers may try to compromise the system auditing frameworks to conceal their malicious activities. In this paper, we present a comprehensive and systematic study…

Cryptography and Security · Computer Science 2023-08-01 Peng Jiang , Ruizhe Huang , Ding Li , Yao Guo , Xiangqun Chen , Jianhai Luan , Yuxin Ren , Xinwei Hu