{"id":"https://openalex.org/W2905812756","doi":"https://doi.org/10.1109/tnsm.2018.2889009","title":"Agile Network Access Control in the Container Age","display_name":"Agile Network Access Control in the Container Age","publication_year":2018,"publication_date":"2018-12-20","ids":{"openalex":"https://openalex.org/W2905812756","doi":"https://doi.org/10.1109/tnsm.2018.2889009","mag":"2905812756"},"language":"en","primary_location":{"id":"doi:10.1109/tnsm.2018.2889009","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tnsm.2018.2889009","pdf_url":null,"source":{"id":"https://openalex.org/S173527311","display_name":"IEEE Transactions on Network and Service Management","issn_l":"1932-4537","issn":["1932-4537","2373-7379"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Network and Service Management","raw_type":"journal-article"},"type":"article","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/1903.00720","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Cornelius Diekmann","orcid":"https://orcid.org/0000-0002-3026-2621"},"institutions":[{"id":"https://openalex.org/I62916508","display_name":"Technical University of Munich","ror":"https://ror.org/02kkvpp62","country_code":"DE","type":"education","lineage":["https://openalex.org/I62916508"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Cornelius Diekmann","raw_affiliation_strings":["Department of Informatics, Technical University of Munich, Garching bei M\u00fcnchen, Germany"],"raw_orcid":"https://orcid.org/0000-0002-3026-2621","affiliations":[{"raw_affiliation_string":"Department of Informatics, Technical University of Munich, Garching bei M\u00fcnchen, Germany","institution_ids":["https://openalex.org/I62916508"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Johannes Naab","orcid":"https://orcid.org/0000-0002-8808-7643"},"institutions":[{"id":"https://openalex.org/I62916508","display_name":"Technical University of Munich","ror":"https://ror.org/02kkvpp62","country_code":"DE","type":"education","lineage":["https://openalex.org/I62916508"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Johannes Naab","raw_affiliation_strings":["Department of Informatics, Technical University of Munich, Garching bei M\u00fcnchen, Germany"],"raw_orcid":"https://orcid.org/0000-0002-8808-7643","affiliations":[{"raw_affiliation_string":"Department of Informatics, Technical University of Munich, Garching bei M\u00fcnchen, Germany","institution_ids":["https://openalex.org/I62916508"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Andreas Korsten","orcid":"https://orcid.org/0000-0001-7095-7025"},"institutions":[{"id":"https://openalex.org/I62916508","display_name":"Technical University of Munich","ror":"https://ror.org/02kkvpp62","country_code":"DE","type":"education","lineage":["https://openalex.org/I62916508"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Andreas Korsten","raw_affiliation_strings":["Department of Informatics, Technical University of Munich, Garching bei M\u00fcnchen, Germany"],"raw_orcid":"https://orcid.org/0000-0001-7095-7025","affiliations":[{"raw_affiliation_string":"Department of Informatics, Technical University of Munich, Garching bei M\u00fcnchen, Germany","institution_ids":["https://openalex.org/I62916508"]}]},{"author_position":"last","author":{"id":null,"display_name":"Georg Carle","orcid":"https://orcid.org/0000-0002-2347-1839"},"institutions":[{"id":"https://openalex.org/I62916508","display_name":"Technical University of Munich","ror":"https://ror.org/02kkvpp62","country_code":"DE","type":"education","lineage":["https://openalex.org/I62916508"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Georg Carle","raw_affiliation_strings":["Department of Informatics, Technical University of Munich, Garching bei M\u00fcnchen, Germany"],"raw_orcid":"https://orcid.org/0000-0002-2347-1839","affiliations":[{"raw_affiliation_string":"Department of Informatics, Technical University of Munich, Garching bei M\u00fcnchen, Germany","institution_ids":["https://openalex.org/I62916508"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I62916508"],"apc_list":null,"apc_paid":null,"fwci":1.7587,"has_fulltext":false,"cited_by_count":18,"citation_normalized_percentile":{"value":0.87011329,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":98},"biblio":{"volume":"16","issue":"1","first_page":"41","last_page":"55"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10714","display_name":"Software-Defined Networks and 5G","score":0.3368000090122223,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10714","display_name":"Software-Defined Networks and 5G","score":0.3368000090122223,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.2865000069141388,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.06310000270605087,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/agile-software-development","display_name":"Agile software development","score":0.5081999897956848},{"id":"https://openalex.org/keywords/container","display_name":"Container (type theory)","score":0.4885999858379364},{"id":"https://openalex.org/keywords/network-management","display_name":"Network management","score":0.45500001311302185},{"id":"https://openalex.org/keywords/network-management-station","display_name":"Network management station","score":0.444599986076355},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.4187999963760376},{"id":"https://openalex.org/keywords/network-access-control","display_name":"Network Access Control","score":0.41589999198913574},{"id":"https://openalex.org/keywords/networking-hardware","display_name":"Networking hardware","score":0.4083999991416931},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.4000000059604645},{"id":"https://openalex.org/keywords/bridge","display_name":"Bridge (graph theory)","score":0.3880000114440918},{"id":"https://openalex.org/keywords/network-architecture","display_name":"Network architecture","score":0.3831000030040741}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8138999938964844},{"id":"https://openalex.org/C14185376","wikidata":"https://www.wikidata.org/wiki/Q30232","display_name":"Agile software development","level":2,"score":0.5081999897956848},{"id":"https://openalex.org/C2781018962","wikidata":"https://www.wikidata.org/wiki/Q5164884","display_name":"Container (type theory)","level":2,"score":0.4885999858379364},{"id":"https://openalex.org/C129763632","wikidata":"https://www.wikidata.org/wiki/Q1454667","display_name":"Network management","level":2,"score":0.45500001311302185},{"id":"https://openalex.org/C16986412","wikidata":"https://www.wikidata.org/wiki/Q918419","display_name":"Network management station","level":3,"score":0.444599986076355},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.4187999963760376},{"id":"https://openalex.org/C14982408","wikidata":"https://www.wikidata.org/wiki/Q11006334","display_name":"Network Access Control","level":4,"score":0.41589999198913574},{"id":"https://openalex.org/C159631557","wikidata":"https://www.wikidata.org/wiki/Q1546066","display_name":"Networking hardware","level":2,"score":0.4083999991416931},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.4043999910354614},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.4004000127315521},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.4000000059604645},{"id":"https://openalex.org/C100776233","wikidata":"https://www.wikidata.org/wiki/Q2532492","display_name":"Bridge (graph theory)","level":2,"score":0.3880000114440918},{"id":"https://openalex.org/C193415008","wikidata":"https://www.wikidata.org/wiki/Q639681","display_name":"Network architecture","level":2,"score":0.3831000030040741},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.37059998512268066},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.3659999966621399},{"id":"https://openalex.org/C2779231336","wikidata":"https://www.wikidata.org/wiki/Q7534724","display_name":"Sketch","level":2,"score":0.36320000886917114},{"id":"https://openalex.org/C78873551","wikidata":"https://www.wikidata.org/wiki/Q5160111","display_name":"Configuration Management (ITSM)","level":2,"score":0.34439998865127563},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.3253999948501587},{"id":"https://openalex.org/C81877898","wikidata":"https://www.wikidata.org/wiki/Q1965787","display_name":"Network monitoring","level":2,"score":0.3052999973297119},{"id":"https://openalex.org/C77270119","wikidata":"https://www.wikidata.org/wiki/Q1655198","display_name":"Software-defined networking","level":2,"score":0.29989999532699585},{"id":"https://openalex.org/C119404949","wikidata":"https://www.wikidata.org/wiki/Q4503","display_name":"Network switch","level":2,"score":0.2969000041484833},{"id":"https://openalex.org/C2778222013","wikidata":"https://www.wikidata.org/wiki/Q1136926","display_name":"Alice (programming language)","level":2,"score":0.2964000105857849},{"id":"https://openalex.org/C2776874963","wikidata":"https://www.wikidata.org/wiki/Q4112081","display_name":"Virtual network","level":2,"score":0.2946000099182129},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.2939999997615814},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.29179999232292175},{"id":"https://openalex.org/C89094514","wikidata":"https://www.wikidata.org/wiki/Q7001060","display_name":"Network management application","level":4,"score":0.2897999882698059},{"id":"https://openalex.org/C62793504","wikidata":"https://www.wikidata.org/wiki/Q228327","display_name":"Access network","level":2,"score":0.2815999984741211},{"id":"https://openalex.org/C139940560","wikidata":"https://www.wikidata.org/wiki/Q290036","display_name":"Network simulation","level":2,"score":0.28139999508857727},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.27619999647140503},{"id":"https://openalex.org/C129119673","wikidata":"https://www.wikidata.org/wiki/Q4418003","display_name":"Network element","level":2,"score":0.2759000062942505},{"id":"https://openalex.org/C106365562","wikidata":"https://www.wikidata.org/wiki/Q3078360","display_name":"Radio access network","level":4,"score":0.27160000801086426},{"id":"https://openalex.org/C165537544","wikidata":"https://www.wikidata.org/wiki/Q1327726","display_name":"Element management system","level":4,"score":0.26809999346733093},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.26440000534057617},{"id":"https://openalex.org/C2778002324","wikidata":"https://www.wikidata.org/wiki/Q4488810","display_name":"Access management","level":2,"score":0.2635999917984009},{"id":"https://openalex.org/C11392498","wikidata":"https://www.wikidata.org/wiki/Q11288","display_name":"Web server","level":3,"score":0.25360000133514404},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.25279998779296875}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/tnsm.2018.2889009","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tnsm.2018.2889009","pdf_url":null,"source":{"id":"https://openalex.org/S173527311","display_name":"IEEE Transactions on Network and Service Management","issn_l":"1932-4537","issn":["1932-4537","2373-7379"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Network and Service Management","raw_type":"journal-article"},{"id":"pmh:oai:arXiv.org:1903.00720","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1903.00720","pdf_url":"https://arxiv.org/pdf/1903.00720","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:1903.00720","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1903.00720","pdf_url":"https://arxiv.org/pdf/1903.00720","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":49,"referenced_works":["https://openalex.org/W28797858","https://openalex.org/W95959045","https://openalex.org/W1591487020","https://openalex.org/W1607080919","https://openalex.org/W1860215963","https://openalex.org/W2021234005","https://openalex.org/W2042448840","https://openalex.org/W2045999085","https://openalex.org/W2066338533","https://openalex.org/W2067738619","https://openalex.org/W2074015618","https://openalex.org/W2096679329","https://openalex.org/W2106863923","https://openalex.org/W2115526539","https://openalex.org/W2118023438","https://openalex.org/W2123548135","https://openalex.org/W2130210899","https://openalex.org/W2131378480","https://openalex.org/W2132573216","https://openalex.org/W2134502203","https://openalex.org/W2137845741","https://openalex.org/W2138556012","https://openalex.org/W2140069682","https://openalex.org/W2144338762","https://openalex.org/W2147118406","https://openalex.org/W2157690960","https://openalex.org/W2160207938","https://openalex.org/W2213889503","https://openalex.org/W2296443825","https://openalex.org/W2439679606","https://openalex.org/W2997947960","https://openalex.org/W3100123451","https://openalex.org/W3103833454","https://openalex.org/W4241152467","https://openalex.org/W6606536520","https://openalex.org/W6607672397","https://openalex.org/W6622396664","https://openalex.org/W6628540260","https://openalex.org/W6632695368","https://openalex.org/W6634394577","https://openalex.org/W6635205284","https://openalex.org/W6637274776","https://openalex.org/W6638282704","https://openalex.org/W6639592347","https://openalex.org/W6641410163","https://openalex.org/W6674130342","https://openalex.org/W6678385351","https://openalex.org/W6684118736","https://openalex.org/W6756004907"],"related_works":[],"abstract_inverted_index":{"Linux":[0],"containers,":[1],"such":[2],"as":[3,135,137,194],"those":[4],"managed":[5],"by":[6,51],"Docker,":[7],"are":[8,47],"an":[9,195],"increasingly":[10],"popular":[11],"way":[12],"to":[13,38,70,76,122,170],"package":[14],"and":[15,104,110,119,153,163,191],"deploy":[16],"complex":[17],"applications.":[18],"However,":[19],"the":[20,39,67,73,94,101,114,173],"fundamental":[21],"security":[22,45],"primitive":[23],"of":[24,61,96,117,176],"network":[25,40,53,74,79,108,139,143],"access":[26,54,80,144],"control":[27,55,81],"for":[28],"a":[29,85,97,125,155,178],"distributed":[30],"microservice":[31],"deployment":[32],"is":[33,129,181,186,192],"often":[34],"ignored":[35],"or":[36],"left":[37],"operations":[41,109],"team.":[42],"High-level":[43],"application-specific":[44],"requirements":[46],"not":[48],"appropriately":[49],"enforced":[50],"low-level":[52,138],"lists.":[56],"Apart":[57],"from":[58],"coarse-grained":[59],"separation":[60],"virtual":[62],"networks,":[63],"Docker":[64],"neither":[65],"supports":[66],"application":[68],"developer":[69],"specify":[71],"nor":[72],"operators":[75],"enforce":[77],"fine-grained":[78],"between":[82,172],"containers.":[83],"In":[84],"fictional":[86],"story,":[87],"we":[88,112,146],"follow":[89],"DevOp":[90],"engineer":[91,180],"Alice":[92,118,128],"through":[93,107],"lifecycle":[95],"Web":[98],"application.":[99],"From":[100],"initial":[102],"design":[103,133],"software":[105],"engineering":[106],"automation,":[111],"show":[113,164],"task":[115],"expected":[116],"propose":[120],"tool-support":[121],"help.":[123],"As":[124],"full-stack":[126,179],"DevOp,":[127],"involved":[130],"in":[131,149],"high-level":[132],"decisions":[134],"well":[136],"troubleshooting.":[140],"Focusing":[141],"on":[142],"control,":[145],"demonstrate":[147],"shortcomings":[148],"today's":[150],"policy":[151],"management":[152],"sketch":[154],"tool-supported":[156],"solution.":[157],"We":[158],"survey":[159],"related":[160],"academic":[161],"work":[162],"that":[165],"many":[166],"existing":[167],"tools":[168],"fail":[169],"bridge":[171],"different":[174],"levels":[175],"abstractions":[177],"operating":[182],"on.":[183],"Our":[184],"toolset":[185],"formally":[187],"verified":[188],"using":[189],"Isabell/HOL":[190],"available":[193],"open":[196],"source.":[197]},"counts_by_year":[{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":5},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":3},{"year":2019,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2019-01-01T00:00:00"}