Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Discipline
Articles 1 - 2 of 2
Full-Text Articles in Physical Sciences and Mathematics
Spatio-Temporal Analysis And Prediction Of Cellular Traffic In Metropolis, Xu Wang, Zimu Zhou, Fu Xiao, Kai Xing, Zheng Yang, Yunhao Liu, Chunyi Peng
Spatio-Temporal Analysis And Prediction Of Cellular Traffic In Metropolis, Xu Wang, Zimu Zhou, Fu Xiao, Kai Xing, Zheng Yang, Yunhao Liu, Chunyi Peng
Research Collection School Of Computing and Information Systems
Understanding and predicting cellular traffic at large-scale and fine-granularity is beneficial and valuable to mobile users, wireless carriers and city authorities. Predicting cellular traffic in modern metropolis is particularly challenging because of the tremendous temporal and spatial dynamics introduced by diverse user Internet behaviours and frequent user mobility citywide. In this paper, we characterize and investigate the root causes of such dynamics in cellular traffic through a big cellular usage dataset covering 1.5 million users and 5,929 cell towers in a major city of China. We reveal intensive spatiotemporal dependency even among distant cell towers, which is largely overlooked in …
Practical And Effective Sandboxing For Linux Containers, Zhiyuan Wan, David Lo, Xin Xia, Liang Cai
Practical And Effective Sandboxing For Linux Containers, Zhiyuan Wan, David Lo, Xin Xia, Liang Cai
Research Collection School Of Computing and Information Systems
A container is a group of processes isolated from other groups via distinct kernel namespaces and resource allocation quota. Attacks against containers often leverage kernel exploits through the system call interface. In this paper, we present an approach that mines sandboxes and enables fine-grained sandbox enforcement for containers. We first explore the behavior of a container by running test cases and monitor the accessed system calls including types and arguments during testing. We then characterize the types and arguments of system call invocations and translate them into sandbox rules for the container. The mined sandbox restricts the container’s access to …