{"id":"https://openalex.org/W4404386085","doi":"https://doi.org/10.1145/3698038.3698520","title":"ConMonitor: Lightweight Container Protection with Virtualization and VM Functions","display_name":"ConMonitor: Lightweight Container Protection with Virtualization and VM Functions","publication_year":2024,"publication_date":"2024-11-14","ids":{"openalex":"https://openalex.org/W4404386085","doi":"https://doi.org/10.1145/3698038.3698520"},"language":"en","primary_location":{"id":"doi:10.1145/3698038.3698520","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3698038.3698520","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Symposium on Cloud Computing","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3698038.3698520","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101656965","display_name":"Shaowen Xu","orcid":"https://orcid.org/0009-0007-8141-8183"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Shaowen Xu","raw_affiliation_strings":["Institute of Information Engineering, CAS. School of Cyber Security, University of Chinese, Academy of Sciences"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, CAS. School of Cyber Security, University of Chinese, Academy of Sciences","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5011962388","display_name":"Qihang Zhou","orcid":"https://orcid.org/0000-0002-8565-1923"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qihang Zhou","raw_affiliation_strings":["Institute of Information, Engineering, CAS"],"affiliations":[{"raw_affiliation_string":"Institute of Information, Engineering, CAS","institution_ids":["https://openalex.org/I4210156404"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056283262","display_name":"Zhicong Zhang","orcid":"https://orcid.org/0009-0005-5788-1421"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhicong Zhang","raw_affiliation_strings":["Institute of Information, Engineering, CAS. School of Cyber Security, University of Chinese, Academy of Sciences"],"affiliations":[{"raw_affiliation_string":"Institute of Information, Engineering, CAS. School of Cyber Security, University of Chinese, Academy of Sciences","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5015456692","display_name":"Xiaoqi Jia","orcid":"https://orcid.org/0000-0002-8376-3235"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiaoqi Jia","raw_affiliation_strings":["Institute of Information, Engineering, CAS. School of Cyber Security, University of Chinese, Academy of Sciences"],"affiliations":[{"raw_affiliation_string":"Institute of Information, Engineering, CAS. School of Cyber Security, University of Chinese, Academy of Sciences","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5032216025","display_name":"D. Liu","orcid":null},"institutions":[{"id":"https://openalex.org/I4210135812","display_name":"Sinochem Group (China)","ror":"https://ror.org/03x8vck69","country_code":"CN","type":"company","lineage":["https://openalex.org/I4210135812"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Donglin Liu","raw_affiliation_strings":["Sinochem Energy-Tech Co., Ltd"],"affiliations":[{"raw_affiliation_string":"Sinochem Energy-Tech Co., Ltd","institution_ids":["https://openalex.org/I4210135812"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5054305921","display_name":"Heqing Huang","orcid":"https://orcid.org/0009-0009-7493-6462"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Heqing Huang","raw_affiliation_strings":["Institute of Information, Engineering, CAS"],"affiliations":[{"raw_affiliation_string":"Institute of Information, Engineering, CAS","institution_ids":["https://openalex.org/I4210156404"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007408376","display_name":"Haichao Du","orcid":"https://orcid.org/0000-0003-2783-3232"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Haichao Du","raw_affiliation_strings":["Institute of Information, Engineering, CAS"],"affiliations":[{"raw_affiliation_string":"Institute of Information, Engineering, CAS","institution_ids":["https://openalex.org/I4210156404"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5018753353","display_name":"Zhenyu Song","orcid":"https://orcid.org/0000-0002-3336-923X"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhenyu Song","raw_affiliation_strings":["Institute of Information, Engineering, CAS"],"affiliations":[{"raw_affiliation_string":"Institute of Information, Engineering, CAS","institution_ids":["https://openalex.org/I4210156404"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5101656965"],"corresponding_institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"],"apc_list":null,"apc_paid":null,"fwci":0.695,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.76780111,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"755","last_page":"773"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9965000152587891,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.9958000183105469,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/virtualization","display_name":"Virtualization","score":0.7666128873825073},{"id":"https://openalex.org/keywords/container","display_name":"Container (type theory)","score":0.6387184262275696},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5801545977592468},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.49604663252830505},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.13179364800453186},{"id":"https://openalex.org/keywords/materials-science","display_name":"Materials science","score":0.11672300100326538}],"concepts":[{"id":"https://openalex.org/C513985346","wikidata":"https://www.wikidata.org/wiki/Q270471","display_name":"Virtualization","level":3,"score":0.7666128873825073},{"id":"https://openalex.org/C2781018962","wikidata":"https://www.wikidata.org/wiki/Q5164884","display_name":"Container (type theory)","level":2,"score":0.6387184262275696},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5801545977592468},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.49604663252830505},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.13179364800453186},{"id":"https://openalex.org/C192562407","wikidata":"https://www.wikidata.org/wiki/Q228736","display_name":"Materials science","level":0,"score":0.11672300100326538},{"id":"https://openalex.org/C159985019","wikidata":"https://www.wikidata.org/wiki/Q181790","display_name":"Composite material","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3698038.3698520","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3698038.3698520","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Symposium on Cloud Computing","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3698038.3698520","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3698038.3698520","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Symposium on Cloud Computing","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":35,"referenced_works":["https://openalex.org/W1972484642","https://openalex.org/W2018501701","https://openalex.org/W2023454464","https://openalex.org/W2038252863","https://openalex.org/W2061643296","https://openalex.org/W2089448621","https://openalex.org/W2100678175","https://openalex.org/W2106705612","https://openalex.org/W2107480747","https://openalex.org/W2128159601","https://openalex.org/W2150615820","https://openalex.org/W2175377689","https://openalex.org/W2605597658","https://openalex.org/W2605883969","https://openalex.org/W2612012086","https://openalex.org/W2734941459","https://openalex.org/W2767162229","https://openalex.org/W2927484243","https://openalex.org/W2985907279","https://openalex.org/W3001001866","https://openalex.org/W3009605901","https://openalex.org/W3015513242","https://openalex.org/W3092603268","https://openalex.org/W3105175523","https://openalex.org/W3195032555","https://openalex.org/W3206795086","https://openalex.org/W3214725335","https://openalex.org/W4230293170","https://openalex.org/W4252985811","https://openalex.org/W4255015421","https://openalex.org/W4288057796","https://openalex.org/W4292387395","https://openalex.org/W4327911446","https://openalex.org/W4367146723","https://openalex.org/W6768959830"],"related_works":["https://openalex.org/W1973516247","https://openalex.org/W2271326670","https://openalex.org/W2552925293","https://openalex.org/W1478590381","https://openalex.org/W3074768883","https://openalex.org/W1996880143","https://openalex.org/W1991063492","https://openalex.org/W2779209348","https://openalex.org/W2384916795","https://openalex.org/W1039201998"],"abstract_inverted_index":{"Containers":[0],"are":[1],"widely":[2],"used":[3],"in":[4],"multi-tenant":[5],"cloud":[6],"computing":[7,90],"for":[8,129],"their":[9],"ease":[10],"of":[11,24,75,95,117,178],"deployment,":[12],"minimal":[13],"overhead,":[14],"and":[15,32,57,66,101,104,167],"fast":[16,144],"start-up.":[17],"However,":[18],"the":[19,55,73,96,102,106,111,115,130,139,149,168,176],"intrinsic":[20],"shared":[21],"kernel":[22],"model":[23],"containers":[25,36,47,100],"poses":[26],"significant":[27],"security":[28,74,116,177],"threats,":[29],"risking":[30],"confidentiality":[31],"integrity":[33],"from":[34,48],"co-located":[35],"or":[37],"compromised":[38],"OS.":[39,112],"Researchers":[40],"have":[41,158],"proposed":[42],"various":[43],"methods":[44],"to":[45,124,142],"protect":[46,175],"untrusted":[49],"OS,":[50],"but":[51],"few":[52],"consider":[53],"both":[54],"universality":[56],"efficiency.":[58],"In":[59],"this":[60],"paper,":[61],"we":[62,119,136],"present":[63],"ConMonitor---a":[64],"lightweight":[65],"efficient":[67],"container":[68,76,179],"protection":[69],"architecture.":[70],"ConMonitor":[71,160,173],"protects":[72],"application":[77],"data":[78],"by":[79,110],"introducing":[80],"a":[81,88,121,182],"compact":[82],"virtualization":[83],"software,":[84],"called":[85],"ConVisor,":[86],"as":[87,126],"trusted":[89],"base.":[91],"ConVisor":[92],"enforces":[93],"isolation":[94],"physical":[97],"memory":[98],"between":[99],"kernel,":[103,131],"monitors":[105],"sensitive":[107,133],"operations":[108],"performed":[109],"To":[113],"ensure":[114],"ConMonitor,":[118],"implement":[120],"Container":[122],"Guardian":[123],"serve":[125],"an":[127],"intermediary":[128],"managing":[132],"operations.":[134],"Moreover,":[135],"also":[137],"leverage":[138],"VMFUNC":[140],"feature":[141],"achieve":[143],"context":[145,155],"switching,":[146],"thereby":[147],"mitigating":[148],"performance":[150,184],"penalty":[151],"associated":[152],"with":[153,164,181],"frequent":[154],"switching.":[156],"We":[157],"implemented":[159],"on":[161],"Intel":[162],"CPU":[163],"Virtualization":[165],"Technology,":[166],"evaluation":[169],"results":[170],"show":[171],"that":[172],"can":[174],"applications":[180],"negligible":[183],"overhead.":[185]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}