. Amazon, AWS Firecracker GitHub Repository, 2019.

P. Anand, A presentation of eBPF, 2017.

S. Arnautov, B. Trach, and F. Gregor, SCONE: Secure Linux Containers with Intel SGX, Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation (OSDI'16). USENIX Association, pp.689-703, 2016.

M. Bauer, Paranoid Penguin: An Introduction to Novell AppArmor, Linux J, vol.148, p.13, 2006.

M. Benedictis and A. Lioy, Integrity verification of Docker containers for a lightweight cloud environment, Future Generation Computer Systems, 2019.

T. De and R. , a new mitigation mechanism (Hackfest '15), 2015.

. Québec,

D. R. Engler, M. F. Kaashoek, J. O'toole, and J. , Exokernel: An Operating System Architecture for Application-level Resource Management, SIGOPS Oper. Syst. Rev, vol.29, pp.251-266, 1995.

W. Felter and A. Ferreira, An Updated Performance Comparison of Virtual Machines and Linux Containers, technology, vol.25, p.31, 2014.

, Free Software Foundation. 2019. Chroot man page, 2019.

, OpenStack Foundation. 2019. Kata Containers Website, 2019.

N. Frichette, PoC for CVE-2019-5736-PoC, 2019.

. Google, GVisor GitHub repository, 2019.

. Google, Kubernetes GitHub repository, 2019.

T. Harada, T. Horie, and K. Tanaka, Task Oriented Management Obviates Your Onus on Linux, Linux Conference, p.3, 2004.

N. Hardy, The Confused Deputy: (or Why Capabilities Might Have Been Invented), SIGOPS Oper. Syst. Rev, vol.22, issue.4, pp.36-38, 1988.

Y. Hebbal, L. Sylvie, and J. Menaud, Virtual Machine Introspection: Techniques and Applications, International Conference on Availability, Reliability and Security, 2015.
URL : https://hal.archives-ouvertes.fr/hal-01165285

M. Hoekstra and R. Lal, Using Innovative Instructions to Create Trustworthy Software Solutions, Proceedings of the 2Nd International Workshop on Hardware and Architectural Support for Security and Privacy (HASP '13), 2013.

I. Inc, Cilium GitHub repository, 2019.

J. Johansen, Making Linux Security Modules available to Containers: Stacking and Namespacing the LSM, Proceeding of the Free and Open Source software Developers' European Meeting (FOSDEM '18), 2018.

D. Lezcano, S. Hallyn, and G. Stéphane, LXC GitHub, 2018.

F. Manco, C. Lupu, and F. Schmidt, My VM is Lighter (and Safer) Than Your Container, Proceedings of the 26th Symposium on Operating Systems Principles (SOSP '17), pp.218-233, 2017.

D. Merkel, Docker: Lightweight Linux Containers for Consistent Development and Deployment, Linux J, vol.239, issue.2, 2014.

. Mesosphere, , 2019.

, NIST. 2019. NIST report for CVE-2019-5736, 2019.

R. Rosen, Resource management:Linux kernel Namespaces and cgroups, 2013.

R. Sailer, X. Zhang, and T. Jaeger, Design and Implementation of a TCG-based Integrity Measurement Architecture, Proceedings of the 13th Conference on USENIX Security Symposium, vol.13, pp.16-16, 2004.

M. Salaun, File access-control per container with Landlock (FOSDEM '18), 2018.

M. Salaün, Landlock Documentation about administrator rights, 2018.

R. Sandhu, Access Control Models, 2013.

M. Schwarz, S. Weiser, and D. Gruss, Practical Enclave Malware with Intel SGX, 2019.

Z. Shen, Z. Sun, . Gur-eyal, and . Sela, X-Containers: Breaking Down Barriers to Improve Performance and Isolation of Cloud-Native Containers, Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '19), pp.121-135, 2019.

S. Smalley, C. Vance, and W. Salamon, Implementing SELinux as a Linux security module, NAI Labs Report, vol.1, p.43, 2001.

M. Souppaya, J. Morello, and K. Scarfon, Application container security guide, 2017.

Y. Sun, D. Safford, and M. Zohar, Security Namespace: Making Linux Security Frameworks Available to Containers, Proceedings of the 27th USENIX Conference on Security Symposium (SEC'18). USENIX Association, pp.1423-1439, 2018.

C. Wright, C. Cowan, and S. Smalley, Linux Security Modules: General Security Support for the Linux Kernel, Proceedings of the 11th USENIX Security Symposium. USENIX Association, pp.17-31, 2002.