English
Related papers

Related papers: Zero-consistency root emulation for unprivileged c…

200 papers

HPC centers face increasing demand for software flexibility, and there is growing consensus that Linux containers are a promising solution. However, existing container build solutions require root privileges and cannot be used directly on…

Distributed, Parallel, and Cluster Computing · Computer Science 2022-02-02 Reid Priedhorsky , R. Shane Canon , Timothy Randles , Andrew J. Younge

Browsers, Library OSes, and system emulators rely on sandboxes and in-process isolation to emulate system resources and securely isolate untrusted components. All access to system resources like system calls (syscall) need to be securely…

Cryptography and Security · Computer Science 2024-06-12 Fangfei Yang , Anjo Vahldiek-Oberwagner , Chia-Che Tsai , Kelly Kaoudis , Nathan Dautenhahn

Software vulnerabilities in applications undermine the security of applications. By blocking unused functionality, the impact of potential exploits can be reduced. While seccomp provides a solution for filtering syscalls, it requires manual…

Cryptography and Security · Computer Science 2020-12-07 Claudio Canella , Mario Werner , Daniel Gruss , Michael Schwarz

Containers are increasingly used as means to distribute and run Linux services and applications. In this paper we describe the architectural design and implementation of udocker, a tool which enables the user to execute Linux containers in…

Software Engineering · Computer Science 2018-08-07 Jorge Gomes , Isabel Campos , Emanuele Bagnaschi , Mario David , Luis Alves , Joao Martins , Joao Pina , Alvaro Lopez-Garcia , Pablo Orviz

Linux Seccomp is widely used by the program developers and the system maintainers to secure the operating systems, which can block unused syscalls for different applications and containers to shrink the attack surface of the operating…

Cryptography and Security · Computer Science 2025-10-07 Dongyang Zhan , Zhaofeng Yu , Xiangzhan Yu , Hongli Zhang , Lin Ye

With the development of Internet of Things (IoT), it is gaining a lot of attention. It is important to secure the embedded systems with low overhead. The Linux Seccomp is widely used by developers to secure the kernels by blocking the…

Cryptography and Security · Computer Science 2025-10-07 Dongyang Zhan , Zhaofeng Yu , Xiangzhan Yu , Hongli Zhang , Lin Ye , Likun Liu

Apptainer (formerly known as Singularity) since its beginning implemented many of its container features with the assistance of a setuid-root program. It still supports that mode, but as of version 1.1.0 it no longer uses setuid by default.…

Distributed, Parallel, and Cluster Computing · Computer Science 2023-09-26 Dave Dykstra

Docker images are used to distribute and deploy cloud-native applications in containerised form. A container engine runs them with separated privileges according to namespaces. Recent studies have investigated security vulnerabilities and…

Cryptography and Security · Computer Science 2021-06-10 Panagiotis Gkikopoulos , Valerio Schiavoni , Josef Spillner

Linux container technologies such as Docker and Singularity offer encapsulated environments for easy execution of software. In high performance computing, this is especially important for evolving and complex software stacks with…

Operating Systems · Computer Science 2022-12-15 Vanessa Sochat , Matthieu Muffato , Audrey Stott , Marco De La Pierre , Georgia Stuart

Linux systems are integral to the infrastructure of modern computing environments, necessitating robust security measures to prevent unauthorized access. Privilege escalation attacks represent a significant threat, typically allowing…

Cryptography and Security · Computer Science 2025-02-18 Andreas Happe , Jürgen Cito

A popular approach to deploying scientific applications in high performance computing (HPC) is Linux containers, which package an application and all its dependencies as a single unit. This image is built by interpreting instructions in a…

Software Engineering · Computer Science 2023-09-04 Reid Priedhorsky , Jordan Ogas , Claude H. , Davis IV , Z. Noah Hounshel , Ashlyn Lee , Benjamin Stormer , R. Shane Goff

With the growing use of embedded systems in various industries, the need for automated platforms for the development and deployment of customized Linux-based operating systems has become more important. This research was conducted with the…

Software Engineering · Computer Science 2025-10-27 Behnam Agahi , Hamed Farbeh

Linux containers currently provide limited isolation guarantees. While containers separate namespaces and partition resources, the patchwork of mechanisms used to ensure separation cannot guarantee consistent security semantics. Even worse,…

Cryptography and Security · Computer Science 2021-02-16 William Findlay , David Barrera , Anil Somayaji

As HPC facilities grow their resources, adaptation of classic HEP/NP workflows becomes a need. Linux containers may very well offer a way to lower the bar to exploiting such resources and at the time, help collaboration to reach vast…

Data Analysis, Statistics and Probability · Physics 2017-12-06 Mustafa Mustafa , Jan Balewski , Jérôme Lauret , Jefferson Porter , Shane Canon , Lisa Gerhardt , Levente Hajdu , Mark Lukascsyk

Embedded Linux processors are increasingly used for real-time computing tasks such as robotics and Internet of Things (IoT). These applications require robust and reproducible behavior from the host OS, commonly achieved through immutable…

Software Engineering · Computer Science 2021-04-02 Christian Stewart

Companies are misled into thinking they solve their security issues by using a DevSecOps system. This paper aims to answer the question: Could a DevOps pipeline be misused to transform a securely developed application into an insecure one?…

Cryptography and Security · Computer Science 2022-02-01 Nicholas Pecka , Lotfi ben Othmane , Altaz Valani

System call filtering is a widely used security mechanism for protecting a shared OS kernel against untrusted user applications. However, existing system call filtering techniques either are too expensive due to the context switch overhead…

Unix competence is the ability to use shell and operating-system primitives as first-class tools, not merely to write programs through a terminal. Current terminal benchmarks tend to blur this distinction: a solver fluent in Python but weak…

Cryptography and Security · Computer Science 2026-05-29 Geoffrey Bradway , Roger Creus Castanyer , Lorenz Wolf , Maxwill Lin , Matthew James Sargent , Augustine N. Mavor-Parker

The kind of malware designed to conceal malicious system resources (e.g. processes, network connections, files, etc.) is commonly referred to as a rootkit. This kind of malware represents a significant threat in contemporany systems.…

Cryptography and Security · Computer Science 2025-06-10 Enrique Soriano-Salvador , Gorka Guardiola Múzquiz , Juan González Gómez

Recent attacks have broken process isolation by exploiting microarchitectural side channels that allow indirect access to shared microarchitectural state. Enclaves strengthen the process abstraction to restore isolation guarantees. We…

Cryptography and Security · Computer Science 2019-08-30 Thomas Bourgeat , Ilia Lebedev , Andrew Wright , Sizhuo Zhang , Arvind , Srinivas Devadas
‹ Prev 1 2 3 10 Next ›