{"id":"https://openalex.org/W4398226334","doi":"https://doi.org/10.1109/tdsc.2024.3403920","title":"Towards Understanding and Defeating Abstract Resource Attacks for Container Platforms","display_name":"Towards Understanding and Defeating Abstract Resource Attacks for Container Platforms","publication_year":2024,"publication_date":"2024-05-22","ids":{"openalex":"https://openalex.org/W4398226334","doi":"https://doi.org/10.1109/tdsc.2024.3403920"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2024.3403920","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2024.3403920","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5039734151","display_name":"Wenbo Shen","orcid":"https://orcid.org/0000-0003-2899-6121"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wenbo Shen","raw_affiliation_strings":["Zhejiang University, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0003-2899-6121","affiliations":[{"raw_affiliation_string":"Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5008107776","display_name":"Yifei Wu","orcid":"https://orcid.org/0009-0002-2783-8623"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yifei Wu","raw_affiliation_strings":["Zhejiang University, Hangzhou, China"],"raw_orcid":"https://orcid.org/0009-0002-2783-8623","affiliations":[{"raw_affiliation_string":"Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5039983338","display_name":"Yutian Yang","orcid":"https://orcid.org/0000-0003-2899-0117"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yutian Yang","raw_affiliation_strings":["Zhejiang University, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0003-2899-0117","affiliations":[{"raw_affiliation_string":"Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Qirui Liu","orcid":"https://orcid.org/0009-0005-1917-0397"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qirui Liu","raw_affiliation_strings":["Zhejiang University, Hangzhou, China"],"raw_orcid":"https://orcid.org/0009-0005-1917-0397","affiliations":[{"raw_affiliation_string":"Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5065913470","display_name":"Nanzi Yang","orcid":"https://orcid.org/0009-0006-9346-6679"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Nanzi Yang","raw_affiliation_strings":["Xidian University, Xi&#x2019;an, China"],"raw_orcid":"https://orcid.org/0009-0006-9346-6679","affiliations":[{"raw_affiliation_string":"Xidian University, Xi&#x2019;an, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102839957","display_name":"Jinku Li","orcid":"https://orcid.org/0000-0003-0709-7434"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jinku Li","raw_affiliation_strings":["Xidian University, Xi&#x2019;an, China"],"raw_orcid":"https://orcid.org/0000-0003-0709-7434","affiliations":[{"raw_affiliation_string":"Xidian University, Xi&#x2019;an, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043198742","display_name":"Kangjie Lu","orcid":"https://orcid.org/0000-0002-4763-7354"},"institutions":[{"id":"https://openalex.org/I130238516","display_name":"University of Minnesota","ror":"https://ror.org/017zqws13","country_code":"US","type":"education","lineage":["https://openalex.org/I130238516"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kangjie Lu","raw_affiliation_strings":["University of Minnesota, Minneapolis, USA"],"raw_orcid":"https://orcid.org/0000-0002-4763-7354","affiliations":[{"raw_affiliation_string":"University of Minnesota, Minneapolis, USA","institution_ids":["https://openalex.org/I130238516"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5012016098","display_name":"Jianfeng Ma","orcid":"https://orcid.org/0000-0003-4251-1143"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jianfeng Ma","raw_affiliation_strings":["Xidian University, Xi&#x2019;an, China"],"raw_orcid":"https://orcid.org/0000-0003-4251-1143","affiliations":[{"raw_affiliation_string":"Xidian University, Xi&#x2019;an, China","institution_ids":["https://openalex.org/I149594827"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":8,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.2488,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.79930679,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":97,"max":98},"biblio":{"volume":"22","issue":"1","first_page":"474","last_page":"490"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9937000274658203,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9937000274658203,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9922999739646912,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10679","display_name":"Service-Oriented Architecture and Web Services","score":0.9887999892234802,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/container","display_name":"Container (type theory)","score":0.8028900623321533},{"id":"https://openalex.org/keywords/resource","display_name":"Resource (disambiguation)","score":0.5447538495063782},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5307300686836243},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.41863399744033813},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.32975226640701294},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.2228507399559021},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.06599870324134827}],"concepts":[{"id":"https://openalex.org/C2781018962","wikidata":"https://www.wikidata.org/wiki/Q5164884","display_name":"Container (type theory)","level":2,"score":0.8028900623321533},{"id":"https://openalex.org/C206345919","wikidata":"https://www.wikidata.org/wiki/Q20380951","display_name":"Resource (disambiguation)","level":2,"score":0.5447538495063782},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5307300686836243},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.41863399744033813},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.32975226640701294},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.2228507399559021},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.06599870324134827},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2024.3403920","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2024.3403920","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":22,"referenced_works":["https://openalex.org/W1569469665","https://openalex.org/W2075174112","https://openalex.org/W2550874390","https://openalex.org/W2621197600","https://openalex.org/W2753365392","https://openalex.org/W2793974819","https://openalex.org/W2899822557","https://openalex.org/W2902718458","https://openalex.org/W2924430850","https://openalex.org/W2963877979","https://openalex.org/W2985907279","https://openalex.org/W2987375469","https://openalex.org/W3012308217","https://openalex.org/W4226043146","https://openalex.org/W6638282704","https://openalex.org/W6671014687","https://openalex.org/W6730426483","https://openalex.org/W6754288653","https://openalex.org/W6765285382","https://openalex.org/W6766726536","https://openalex.org/W6773836194","https://openalex.org/W6781292765"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2367301169","https://openalex.org/W2974221847","https://openalex.org/W2352134912","https://openalex.org/W2001079144","https://openalex.org/W2390279801","https://openalex.org/W4393477817","https://openalex.org/W2048054615","https://openalex.org/W2480624181"],"abstract_inverted_index":{"OS-level":[0],"virtualization":[1],"(a.k.a.":[2],"container)":[3],"has":[4],"become":[5],"a":[6,51,76,157],"fundamental":[7],"technology":[8],"in":[9,25,110],"cloud":[10,95],"computing":[11],"due":[12],"to":[13,59,179],"the":[14,18,92,100,111,130,140],"efficiency":[15],"provided":[16],"by":[17],"shared-kernel":[19,88],"design.":[20],"However,":[21],"this":[22],"design":[23,154],"results":[24],"containers":[26],"sharing":[27],"thousands":[28],"of":[29,79],"kernel":[30,49,113],"variables":[31],"and":[32,86,114,139,155,182],"data":[33],"structures":[34],"(termed":[35],"<italic":[36],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[37,159,163,168,174],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">abstract":[38],"resources</i>":[39],"),":[40],"which":[41],"are":[42,75],"prevalent":[43],"but":[44],"under-protected.":[45],"Without":[46],"exploiting":[47],"other":[48,64],"vulnerabilities,":[50],"non-privileged":[52],"container":[53,89],"can":[54,191],"easily":[55],"exhaust":[56],"abstract":[57,72,101,108,122,184,194],"resources":[58,109,123],"cause":[60],"DoS":[61],"attacks":[62,74,80],"against":[63,99],"containers.":[65],"Even":[66],"worse,":[67],"our":[68],"experiments":[69],"demonstrate":[70],"that":[71,81],"resource":[73,102,136,142,185,195],"broad":[77],"class":[78],"affect":[82],"Linux,":[83],"FreeBSD,":[84],"Fuchsia,":[85],"all":[87],"environments":[90],"on":[91,149],"top":[93],"four":[94],"vendors.":[96],"To":[97,119],"defend":[98],"attack,":[103],"we":[104,125,153],"automatically":[105],"analyze":[106],"vulnerable":[107],"Linux":[112],"detect":[115],"501":[116],"container-exhaustible":[117],"resources.":[118],"confine":[120],"these":[121,150],"dynamically,":[124],"propose":[126],"two":[127,151],"new":[128],"techniques:":[129],"flexible":[131,135,181],"in-kernel":[132],"attachment":[133,138],"for":[134,144],"consumption":[137],"tree-based":[141],"accounting":[143],"efficient":[145,183],"usage":[146,196],"retrieval.":[147],"Based":[148],"techniques,":[152],"implement":[156],"<underline":[158,162,167,173],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">fl</u>":[160],"exible":[161],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">a</u>":[164],"bstract":[165],"re":[166],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">s</u>":[169],"ource":[170],"confinement":[171],"framewor":[172],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">k</u>":[175],",":[176],"named":[177],"Flask,":[178],"achieve":[180],"confinement.":[186],"Our":[187],"evaluation":[188],"shows":[189],"Flask":[190],"efficiently":[192],"limit":[193],"with":[197],"less":[198],"than":[199],"0.6%":[200],"performance":[201],"overhead.":[202]},"counts_by_year":[{"year":2025,"cited_by_count":4}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}