LeakChain is an Infrastructure-as-Code–aware static analysis framework that detects sensitive-data leakage across distributed serverless applications. Built on CodeQL with cross-service taint tracking, LeakChain identifies intra-function, …
Reducing the attack surface of the OS kernel is a promising defense-in-depth approach for mitigating the fragile isolation guarantees of container environments. In contrast to hypervisor-based systems, malicious containers can exploit vulnerabilities …