{"id":"https://openalex.org/W7126279044","doi":"https://doi.org/10.1109/raid67961.2025.00072","title":"RBAClock: Contain RBAC Permissions through Secure Scheduling","display_name":"RBAClock: Contain RBAC Permissions through Secure Scheduling","publication_year":2025,"publication_date":"2025-10-19","ids":{"openalex":"https://openalex.org/W7126279044","doi":"https://doi.org/10.1109/raid67961.2025.00072"},"language":null,"primary_location":{"id":"doi:10.1109/raid67961.2025.00072","is_oa":false,"landing_page_url":"https://doi.org/10.1109/raid67961.2025.00072","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 28th International Symposium on Research in Attacks, Intrusions and Defenses (RAID)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5038316768","display_name":"Qingwang Chen","orcid":"https://orcid.org/0000-0002-7191-5801"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Qingwang Chen","raw_affiliation_strings":["Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5111240373","display_name":"Ru Tan","orcid":null},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ru Tan","raw_affiliation_strings":["Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100446454","display_name":"Xinyu Liu","orcid":"https://orcid.org/0009-0000-0756-347X"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xinyu Liu","raw_affiliation_strings":["Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101395814","display_name":"Yuqi Shu","orcid":null},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yuqi Shu","raw_affiliation_strings":["Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5124316880","display_name":"Zhou Tong","orcid":null},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhou Tong","raw_affiliation_strings":["Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100446035","display_name":"Hao Wang","orcid":"https://orcid.org/0000-0001-6881-9977"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Haoqiang Wang","raw_affiliation_strings":["Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103029944","display_name":"Ze Jin","orcid":"https://orcid.org/0000-0003-3379-5113"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ze Jin","raw_affiliation_strings":["Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5024710527","display_name":"QiXu Liu","orcid":null},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qixu Liu","raw_affiliation_strings":["Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5038316768"],"corresponding_institution_ids":["https://openalex.org/I19820366","https://openalex.org/I4210156404"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.69772623,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"950","last_page":"965"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10714","display_name":"Software-Defined Networks and 5G","score":0.5558000206947327,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10714","display_name":"Software-Defined Networks and 5G","score":0.5558000206947327,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.12250000238418579,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10101","display_name":"Cloud Computing and Resource Management","score":0.11630000174045563,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/permission","display_name":"Permission","score":0.8525000214576721},{"id":"https://openalex.org/keywords/privilege","display_name":"Privilege (computing)","score":0.6826000213623047},{"id":"https://openalex.org/keywords/scheduling","display_name":"Scheduling (production processes)","score":0.6316999793052673},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.5579000115394592},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.5429999828338623},{"id":"https://openalex.org/keywords/de-facto","display_name":"De facto","score":0.4970000088214874},{"id":"https://openalex.org/keywords/role-based-access-control","display_name":"Role-based access control","score":0.45339998602867126}],"concepts":[{"id":"https://openalex.org/C2779089604","wikidata":"https://www.wikidata.org/wiki/Q7169333","display_name":"Permission","level":2,"score":0.8525000214576721},{"id":"https://openalex.org/C2780138299","wikidata":"https://www.wikidata.org/wiki/Q3404265","display_name":"Privilege (computing)","level":2,"score":0.6826000213623047},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6384000182151794},{"id":"https://openalex.org/C206729178","wikidata":"https://www.wikidata.org/wiki/Q2271896","display_name":"Scheduling (production processes)","level":2,"score":0.6316999793052673},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6301000118255615},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.5579000115394592},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.5429999828338623},{"id":"https://openalex.org/C2992317946","wikidata":"https://www.wikidata.org/wiki/Q712144","display_name":"De facto","level":2,"score":0.4970000088214874},{"id":"https://openalex.org/C45567728","wikidata":"https://www.wikidata.org/wiki/Q1702839","display_name":"Role-based access control","level":3,"score":0.45339998602867126},{"id":"https://openalex.org/C2775941552","wikidata":"https://www.wikidata.org/wiki/Q25212305","display_name":"Isolation (microbiology)","level":2,"score":0.3531000018119812},{"id":"https://openalex.org/C164866538","wikidata":"https://www.wikidata.org/wiki/Q367351","display_name":"Cluster (spacecraft)","level":2,"score":0.3147999942302704},{"id":"https://openalex.org/C22607594","wikidata":"https://www.wikidata.org/wiki/Q5375150","display_name":"Enabling","level":2,"score":0.31459999084472656},{"id":"https://openalex.org/C62611344","wikidata":"https://www.wikidata.org/wiki/Q1062658","display_name":"Node (physics)","level":2,"score":0.299699991941452},{"id":"https://openalex.org/C165609540","wikidata":"https://www.wikidata.org/wiki/Q1172486","display_name":"Data breach","level":2,"score":0.2734000086784363},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.27090001106262207},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.2678999900817871},{"id":"https://openalex.org/C105289051","wikidata":"https://www.wikidata.org/wiki/Q1930094","display_name":"Pillar","level":2,"score":0.2547000050544739}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/raid67961.2025.00072","is_oa":false,"landing_page_url":"https://doi.org/10.1109/raid67961.2025.00072","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 28th International Symposium on Research in Attacks, Intrusions and Defenses (RAID)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.5665527582168579}],"awards":[],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320335892","display_name":"Youth Innovation Promotion Association","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":27,"referenced_works":["https://openalex.org/W104805067","https://openalex.org/W1982989685","https://openalex.org/W2001759130","https://openalex.org/W2020095664","https://openalex.org/W2169461225","https://openalex.org/W2336467084","https://openalex.org/W2644225658","https://openalex.org/W2996042910","https://openalex.org/W3092118421","https://openalex.org/W3093737865","https://openalex.org/W3094094693","https://openalex.org/W3095995204","https://openalex.org/W3110435694","https://openalex.org/W3110723107","https://openalex.org/W3194378998","https://openalex.org/W3202324008","https://openalex.org/W3216307713","https://openalex.org/W4286331354","https://openalex.org/W4315480688","https://openalex.org/W4323308647","https://openalex.org/W4324007176","https://openalex.org/W4380445896","https://openalex.org/W4383221434","https://openalex.org/W4385383313","https://openalex.org/W4387298133","https://openalex.org/W4388857020","https://openalex.org/W4411337893"],"related_works":[],"abstract_inverted_index":{"Kubernetes":[0,216],"has":[1],"emerged":[2],"as":[3],"the":[4,20,29,43,51,54,79,89,95,112,127,132,150,175,215],"de":[5],"facto":[6],"standard":[7],"for":[8,56],"container":[9,13],"orchestration.":[10],"However,":[11],"existing":[12],"scheduling":[14,138],"strategies":[15],"prioritize":[16],"QoS,":[17],"leading":[18],"to":[19,58,68,106,142,174],"co-location":[21,85],"of":[22,37,45,81,91,114,152,160,184,218],"pods":[23,46,73,125,153],"with":[24,47,154,162,202],"varying":[25],"permission":[26,70],"levels":[27],"on":[28,74,126],"same":[30],"node.":[31],"This":[32],"not":[33,130],"only":[34],"introduces":[35],"risks":[36,213],"privilege":[38,82,193,211],"escalation":[39,83,194,212],"but":[40,129],"also":[41],"facilitates":[42],"spread":[44,90],"risky":[48],"permissions":[49,93,116],"across":[50,94,167],"cluster,":[52,190],"exacerbating":[53],"potential":[55],"attackers":[57],"elevate":[59],"their":[60],"privileges.":[61,164],"In":[62],"this":[63],"work,":[64],"our":[65,208],"goal":[66],"is":[67,140],"mitigate":[69,234],"disparity":[71],"among":[72],"each":[75],"node,":[76],"thereby":[77],"reducing":[78],"risk":[80,156],"from":[84,111],"attack":[86],"and":[87,117,158,196,225,228],"curbing":[88],"high-risk":[92],"cluster.":[96],"We":[97],"introduce":[98],"a":[99],"novel":[100],"metric,":[101],"Extraneous":[102],"Risk":[103],"Privileges":[104],"(ERP),":[105],"quantify":[107],"additional":[108],"privileges":[109,188],"derived":[110],"combination":[113],"RBAC":[115],"cluster":[118],"parameters":[119],"that":[120,230],"are":[121],"utilized":[122],"by":[123,131],"other":[124],"node":[128],"target":[133],"pod":[134,147],"itself.":[135],"The":[136],"RBAClock":[137,178,231],"framework":[139],"designed":[141],"minimize":[143],"ERP":[144],"increase":[145],"during":[146],"placement,":[148],"prioritizing":[149],"aggregation":[151],"similar":[155],"profiles":[157],"isolation":[159],"those":[161],"divergent":[163],"Experimental":[165],"evaluations":[166],"24":[168],"CNCF":[169],"applications":[170],"demonstrate":[171],"that,":[172],"compared":[173],"default":[176],"scheduler,":[177],"alone":[179],"achieves":[180],"an":[181,203],"average":[182],"reduction":[183],"41.46%":[185],"in":[186,189,192,198,214],"aggregated":[187],"64.63%":[191],"risk,":[195],"34.59%":[197],"high-privilege":[199],"nodes":[200],"proportion,":[201],"8%":[204],"performance":[205],"tradeoff.":[206],"Notably,":[207],"investigation":[209],"uncovered":[210],"services":[217],"two":[219],"major":[220],"cloud":[221],"providers,":[222],"Alibaba":[223],"Cloud":[224],"Tencent":[226],"Cloud,":[227],"demonstrated":[229],"can":[232],"effectively":[233],"these":[235],"threats.":[236]},"counts_by_year":[],"updated_date":"2026-05-05T08:41:31.759640","created_date":"2026-02-01T00:00:00"}