{"id":"https://openalex.org/W4387140680","doi":"https://doi.org/10.1007/s42979-023-02186-1","title":"Access Security Policy Generation for Containers as a Cloud Service","display_name":"Access Security Policy Generation for Containers as a Cloud Service","publication_year":2023,"publication_date":"2023-09-28","ids":{"openalex":"https://openalex.org/W4387140680","doi":"https://doi.org/10.1007/s42979-023-02186-1"},"language":"en","primary_location":{"id":"doi:10.1007/s42979-023-02186-1","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s42979-023-02186-1","pdf_url":"https://link.springer.com/content/pdf/10.1007/s42979-023-02186-1.pdf","source":{"id":"https://openalex.org/S4210174798","display_name":"SN Computer Science","issn_l":"2661-8907","issn":["2661-8907","2662-995X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"SN Computer Science","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/s42979-023-02186-1.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5021292791","display_name":"Hui Zhu","orcid":"https://orcid.org/0000-0002-5853-633X"},"institutions":[{"id":"https://openalex.org/I187531555","display_name":"Lund University","ror":"https://ror.org/012a77v79","country_code":"SE","type":"education","lineage":["https://openalex.org/I187531555"]},{"id":"https://openalex.org/I4210158519","display_name":"Informa (Sweden)","ror":"https://ror.org/04yt64d76","country_code":"SE","type":"company","lineage":["https://openalex.org/I4210154378","https://openalex.org/I4210158519"]}],"countries":["SE"],"is_corresponding":true,"raw_author_name":"Hui Zhu","raw_affiliation_strings":["Department of Electrical and Information Technology, Lund University, Box 118, SE-221 00, Lund, Sweden"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Information Technology, Lund University, Box 118, SE-221 00, Lund, Sweden","institution_ids":["https://openalex.org/I187531555","https://openalex.org/I4210158519"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5044464349","display_name":"Christian Gehrmann","orcid":"https://orcid.org/0000-0001-8003-200X"},"institutions":[{"id":"https://openalex.org/I187531555","display_name":"Lund University","ror":"https://ror.org/012a77v79","country_code":"SE","type":"education","lineage":["https://openalex.org/I187531555"]},{"id":"https://openalex.org/I4210158519","display_name":"Informa (Sweden)","ror":"https://ror.org/04yt64d76","country_code":"SE","type":"company","lineage":["https://openalex.org/I4210154378","https://openalex.org/I4210158519"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Christian Gehrmann","raw_affiliation_strings":["Department of Electrical and Information Technology, Lund University, Box 118, SE-221 00, Lund, Sweden"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Information Technology, Lund University, Box 118, SE-221 00, Lund, Sweden","institution_ids":["https://openalex.org/I187531555","https://openalex.org/I4210158519"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5114086203","display_name":"Paula Roth","orcid":null},"institutions":[{"id":"https://openalex.org/I187531555","display_name":"Lund University","ror":"https://ror.org/012a77v79","country_code":"SE","type":"education","lineage":["https://openalex.org/I187531555"]},{"id":"https://openalex.org/I4210158519","display_name":"Informa (Sweden)","ror":"https://ror.org/04yt64d76","country_code":"SE","type":"company","lineage":["https://openalex.org/I4210154378","https://openalex.org/I4210158519"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Paula Roth","raw_affiliation_strings":["Department of Electrical and Information Technology, Lund University, Box 118, SE-221 00, Lund, Sweden"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Information Technology, Lund University, Box 118, SE-221 00, Lund, Sweden","institution_ids":["https://openalex.org/I187531555","https://openalex.org/I4210158519"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5021292791"],"corresponding_institution_ids":["https://openalex.org/I187531555","https://openalex.org/I4210158519"],"apc_list":{"value":2290,"currency":"EUR","value_usd":2890},"apc_paid":{"value":2290,"currency":"EUR","value_usd":2890},"fwci":1.7887,"has_fulltext":true,"cited_by_count":9,"citation_normalized_percentile":{"value":0.86007667,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":"4","issue":"6","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.9968000054359436,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.9507556557655334},{"id":"https://openalex.org/keywords/container","display_name":"Container (type theory)","score":0.7395133376121521},{"id":"https://openalex.org/keywords/containerization","display_name":"Containerization","score":0.7373359203338623},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.7053251266479492},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6532988548278809},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5910537838935852},{"id":"https://openalex.org/keywords/service","display_name":"Service (business)","score":0.5754433274269104},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4289156198501587},{"id":"https://openalex.org/keywords/attack-surface","display_name":"Attack surface","score":0.4191584289073944},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.32237493991851807},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.16175022721290588},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.1577703058719635}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.9507556557655334},{"id":"https://openalex.org/C2781018962","wikidata":"https://www.wikidata.org/wiki/Q5164884","display_name":"Container (type theory)","level":2,"score":0.7395133376121521},{"id":"https://openalex.org/C2779821363","wikidata":"https://www.wikidata.org/wiki/Q428072","display_name":"Containerization","level":3,"score":0.7373359203338623},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.7053251266479492},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6532988548278809},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5910537838935852},{"id":"https://openalex.org/C2780378061","wikidata":"https://www.wikidata.org/wiki/Q25351891","display_name":"Service (business)","level":2,"score":0.5754433274269104},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4289156198501587},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.4191584289073944},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.32237493991851807},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.16175022721290588},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.1577703058719635},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C136264566","wikidata":"https://www.wikidata.org/wiki/Q159810","display_name":"Economy","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1007/s42979-023-02186-1","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s42979-023-02186-1","pdf_url":"https://link.springer.com/content/pdf/10.1007/s42979-023-02186-1.pdf","source":{"id":"https://openalex.org/S4210174798","display_name":"SN Computer Science","issn_l":"2661-8907","issn":["2661-8907","2662-995X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"SN Computer Science","raw_type":"journal-article"},{"id":"pmh:oai:lup.lub.lu.se:0ac121f7-be27-4fe9-8d46-fccb241f8fe6","is_oa":false,"landing_page_url":"https://lup.lub.lu.se/record/0ac121f7-be27-4fe9-8d46-fccb241f8fe6","pdf_url":null,"source":{"id":"https://openalex.org/S4306400536","display_name":"Lund University Publications (Lund University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I187531555","host_organization_name":"Lund University","host_organization_lineage":["https://openalex.org/I187531555"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"ISSN: 2662-995X","raw_type":"text"}],"best_oa_location":{"id":"doi:10.1007/s42979-023-02186-1","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s42979-023-02186-1","pdf_url":"https://link.springer.com/content/pdf/10.1007/s42979-023-02186-1.pdf","source":{"id":"https://openalex.org/S4210174798","display_name":"SN Computer Science","issn_l":"2661-8907","issn":["2661-8907","2662-995X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"SN Computer Science","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","score":0.6499999761581421,"display_name":"Industry, innovation and infrastructure"}],"awards":[{"id":"https://openalex.org/G3058105280","display_name":null,"funder_award_id":"768892","funder_id":"https://openalex.org/F4320332999","funder_display_name":"Horizon 2020 Framework Programme"},{"id":"https://openalex.org/G5136493009","display_name":null,"funder_award_id":"RIT17-0032","funder_id":"https://openalex.org/F4320320940","funder_display_name":"Stiftelsen f\u00f6r\u00a0Strategisk Forskning"},{"id":"https://openalex.org/G5648614706","display_name":null,"funder_award_id":"RIT17-0032","funder_id":"https://openalex.org/F4320321806","funder_display_name":"Lunds Universitet"}],"funders":[{"id":"https://openalex.org/F4320320940","display_name":"Stiftelsen f\u00f6r\u00a0Strategisk Forskning","ror":"https://ror.org/044wr7g58"},{"id":"https://openalex.org/F4320321806","display_name":"Lunds Universitet","ror":"https://ror.org/012a77v79"},{"id":"https://openalex.org/F4320332999","display_name":"Horizon 2020 Framework Programme","ror":"https://ror.org/00k4n6c32"}],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4387140680.pdf"},"referenced_works_count":24,"referenced_works":["https://openalex.org/W1538836445","https://openalex.org/W2182584490","https://openalex.org/W2184107019","https://openalex.org/W2513765047","https://openalex.org/W2586202584","https://openalex.org/W2605904959","https://openalex.org/W2612836460","https://openalex.org/W2613240540","https://openalex.org/W2730329620","https://openalex.org/W2735218636","https://openalex.org/W2737092239","https://openalex.org/W2807826660","https://openalex.org/W2888937476","https://openalex.org/W2902718458","https://openalex.org/W2917742639","https://openalex.org/W2996042910","https://openalex.org/W3001760383","https://openalex.org/W3003270648","https://openalex.org/W3089573742","https://openalex.org/W3105926382","https://openalex.org/W3137157842","https://openalex.org/W3157425484","https://openalex.org/W4254813302","https://openalex.org/W6730426483"],"related_works":["https://openalex.org/W2922530654","https://openalex.org/W4379386225","https://openalex.org/W2354950134","https://openalex.org/W2383352889","https://openalex.org/W2252666847","https://openalex.org/W583632459","https://openalex.org/W4387140680","https://openalex.org/W3035018060","https://openalex.org/W3158489317","https://openalex.org/W3112503661"],"abstract_inverted_index":{"Abstract":[0],"The":[1,246],"rapid":[2],"development":[3],"of":[4,26,105,180,226],"containerization":[5,33],"technology":[6],"comes":[7],"with":[8,138,201,209,274],"remarkable":[9],"benefits":[10],"for":[11,64,91,116,149,157,161,169,282,298],"developers":[12],"and":[13,100,164,168,198,279,285],"operation":[14],"teams.":[15],"Container":[16],"solutions":[17,156],"allow":[18],"building":[19],"very":[20,276],"flexible":[21],"software":[22],"infrastructures.":[23],"Although":[24],"lots":[25],"efforts":[27],"have":[28,38,48],"been":[29,52],"devoted":[30],"to":[31,54,61,87,142,195,213,265],"enhancing":[32],"security,":[34],"containerized":[35,192],"environments":[36],"still":[37],"a":[39,113,130,144,173,189,262],"huge":[40],"attack":[41],"surface.":[42],"Completely":[43],"avoiding":[44],"severe":[45],"security":[46,58,261,270,301],"issues":[47],"so":[49],"far":[50],"not":[51],"possible":[53],"achieve.":[55],"However,":[56],"the":[57,72,178,181,214,223,229,239,244,250,256,267,275,287,292],"problems":[59],"due":[60],"vulnerabilities":[62],"in":[63,129,302],"instance":[65,92],"kernels,":[66],"can":[67,135],"be":[68,136],"largely":[69],"reduced":[70],"if":[71],"container":[73,139,147,166,300],"privileges":[74],"are":[75,220],"as":[76,78],"restricted":[77],"possible.":[79],"Mandatory":[80],"access":[81],"control":[82],"is":[83,98,108,294],"an":[84,206,295],"efficient":[85],"way":[86],"achieve":[88],"this":[89,124],"using":[90,266],"AppArmor.":[93],"As":[94],"manual":[95],"AppArmor":[96,118],"generation":[97,104,120,159,183,253],"tedious":[99],"error":[101],"prone,":[102],"automatic":[103,150],"protection":[106],"profile":[107,119,152,158,182,252],"necessary.":[109],"In":[110,123],"previous":[111],"research,":[112],"new":[114],"tool":[115,134],"tight":[117],"was":[121],"presented.":[122],"paper":[125],"we":[126,185],"show":[127,248],"how,":[128],"system":[131],"setting,":[132],"such":[133],"combined":[137],"service":[140,148,194,241,254],"testing,":[141],"provide":[143],"cloud":[145],"based":[146],"AppArmore":[151],"generation.":[153],"We":[154,204,234],"present":[155],"both":[160],"centrally":[162],"collected":[163],"generated":[165],"logs":[167],"log":[170],"collection":[171],"through":[172],"local":[174],"agent.":[175],"To":[176],"evaluate":[177],"effectiveness":[179],"service,":[184,288],"enable":[186],"it":[187],"on":[188,238],"widely":[190],"used":[191],"web":[193,216,231,240,258],"generate":[196,205],"profiles":[197],"test":[199,257],"them":[200],"real-world":[202],"attacks.":[203],"exploit":[207],"database":[208],"11":[210],"exploits":[211,219,225,237],"harmful":[212],"tested":[215,230],"service.":[217],"These":[218],"sifted":[221],"from":[222],"56":[224],"Exploit-db":[227],"targeting":[228],"service\u2019s":[232,259],"software.":[233],"launch":[235],"these":[236],"protected":[242],"by":[243],"profile.":[245,271],"results":[247],"that":[249,291],"proposed":[251],"improves":[255],"overall":[260],"lot":[263],"compared":[264],"default":[268],"Docker":[269],"This":[272],"together":[273],"user":[277],"friendly":[278],"robust":[280],"principle":[281],"setting":[283],"up":[284],"running":[286],"clearly":[289],"indicates":[290],"approach":[293],"important":[296],"step":[297],"improving":[299],"real":[303],"deployments.":[304]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":2}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}