AWS Firecracker GitHub Repository, 2019. ,
A presentation of eBPF, 2017. ,
SCONE: Secure Linux Containers with Intel SGX, Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation (OSDI'16). USENIX Association, pp.689-703, 2016. ,
Paranoid Penguin: An Introduction to Novell AppArmor, Linux J, vol.148, p.13, 2006. ,
Integrity verification of Docker containers for a lightweight cloud environment, Future Generation Computer Systems, 2019. ,
, a new mitigation mechanism (Hackfest '15), 2015.
,
Exokernel: An Operating System Architecture for Application-level Resource Management, SIGOPS Oper. Syst. Rev, vol.29, pp.251-266, 1995. ,
An Updated Performance Comparison of Virtual Machines and Linux Containers, technology, vol.25, p.31, 2014. ,
, Free Software Foundation. 2019. Chroot man page, 2019.
, OpenStack Foundation. 2019. Kata Containers Website, 2019.
PoC for CVE-2019-5736-PoC, 2019. ,
GVisor GitHub repository, 2019. ,
Kubernetes GitHub repository, 2019. ,
Task Oriented Management Obviates Your Onus on Linux, Linux Conference, p.3, 2004. ,
The Confused Deputy: (or Why Capabilities Might Have Been Invented), SIGOPS Oper. Syst. Rev, vol.22, issue.4, pp.36-38, 1988. ,
Virtual Machine Introspection: Techniques and Applications, International Conference on Availability, Reliability and Security, 2015. ,
URL : https://hal.archives-ouvertes.fr/hal-01165285
Using Innovative Instructions to Create Trustworthy Software Solutions, Proceedings of the 2Nd International Workshop on Hardware and Architectural Support for Security and Privacy (HASP '13), 2013. ,
Cilium GitHub repository, 2019. ,
Making Linux Security Modules available to Containers: Stacking and Namespacing the LSM, Proceeding of the Free and Open Source software Developers' European Meeting (FOSDEM '18), 2018. ,
, LXC GitHub, 2018.
My VM is Lighter (and Safer) Than Your Container, Proceedings of the 26th Symposium on Operating Systems Principles (SOSP '17), pp.218-233, 2017. ,
Docker: Lightweight Linux Containers for Consistent Development and Deployment, Linux J, vol.239, issue.2, 2014. ,
, , 2019.
, NIST. 2019. NIST report for CVE-2019-5736, 2019.
Resource management:Linux kernel Namespaces and cgroups, 2013. ,
Design and Implementation of a TCG-based Integrity Measurement Architecture, Proceedings of the 13th Conference on USENIX Security Symposium, vol.13, pp.16-16, 2004. ,
File access-control per container with Landlock (FOSDEM '18), 2018. ,
Landlock Documentation about administrator rights, 2018. ,
, Access Control Models, 2013.
, Practical Enclave Malware with Intel SGX, 2019.
X-Containers: Breaking Down Barriers to Improve Performance and Isolation of Cloud-Native Containers, Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '19), pp.121-135, 2019. ,
Implementing SELinux as a Linux security module, NAI Labs Report, vol.1, p.43, 2001. ,
Application container security guide, 2017. ,
Security Namespace: Making Linux Security Frameworks Available to Containers, Proceedings of the 27th USENIX Conference on Security Symposium (SEC'18). USENIX Association, pp.1423-1439, 2018. ,
Linux Security Modules: General Security Support for the Linux Kernel, Proceedings of the 11th USENIX Security Symposium. USENIX Association, pp.17-31, 2002. ,