Taskless containers for enhanced isolation of users and multi-tenant applications
US10025924B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Aug 26, 2016 |
| Grant date | Jul 17, 2018 |
| Priority date | — |
| Expiry date | Dec 16, 2036 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/2149
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A system for managing Containers, including a hardware node running an OS; a multi-tenant application on the node; and a plurality of Containers under the OS. A process of the multi-tenant application uses only one Container at a time. Remaining Containers available to the process are taskless Containers. An arbiter controls permissions for the process to switch from one Container to another Container. The arbiter defines trusted and untrusted execution contexts. Code of the process executing in the untrusted context is not permitted to switch Containers, and the code of the process executing in the trusted context is permitted to switch Containers. The arbiter detects attempts to switch Containers, and prevents them when executing untrusted code. Upon a request to the multi-tenant application, the arbiter switches the process that will process the user request to one of the taskless Containers and executes the request in the untrusted context.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.