Fig. 3From: Optimus: association-based dynamic system call filtering for container attack surface reductionOverview of container-aware system call recording. (1) The container manager maintains Optimus’s trace and container mapping tables by extracting container context from the container platform. (2) The system call monitor updates system call records in the trace table using information obtained from the container mapping tableBack to article page