Added cloudcom pub

content/publications/cloudcom.md

@@ -0,0 +1,34 @@
++++
+title = "Lightweight Cloud Application Sandboxing"
+date = "2023-11-09"
+aliases = ["cloud", "monitoring", "instrumentation", "sandbox", "GLACIATION"]
+[ author ]
+  name = "Gianluca Oldani"
++++
+This work addresses modern cloud applications that can quickly grow to
+an elaborate and intricate tangle of services. In this scenario,
+paying attention to security aspects is important to mitigate the
+impact of incidents. Indeed, several research works and industrial
+standards recommend the integration of least privilege policies to
+prevent disruptions such as file system tampering. Unfortunately,
+technologies like containers virtualize file system resources with
+a volume-based approach, which may be overly coarse.
+In this work we address this problem proposing an approach
+that restrict application access to file system resources with a
+resource-based granularity. To this end, we develop a flexible and
+intuitive tool that relies on instrumentation to collect, merge, and
+audit the activity traces generated by any application component.
+We then demonstrate how this information is used to create finegrained access 
+policies, and introduce sandboxing using recent
+kernel security modules, strengthening the security boundary of
+the whole application. In the experimental evaluation we showcase the mitigation 
+capabilities associated with our approach, and
+the low performance footprint. The proposal is associated with
+an open source implementation.
+
+##### Authors:
+Marco Abbadini, Michele Beretta, Dario Facchinetti, Gianluca Oldani, Matthew Rossi, Stefano Paraboschi
+
+##### The Paper will be presented at:&nbsp;<a href="https://parsec2.unicampania.it/cloudcom2023/" target="_blank">IEEE CLOUDCOM 2023</a>
+
+##### <a href="https://cs.unibg.it/seclab-papers/2023/CLOUDCOM/dmng.pdf" target="_blank">Link to PDF</a>