Security within a software-defined infrastructure

Assignee

• International Business Machines Corporation · US

Inventors

• Brad L. Brech · Rochester, US
• Scott W. Crowder · Pleasantville, US
• Hubertus Franke · Somers, US
• Nagui Halim · Yorktown Heights, US
• Matt R. Hogstrom · Raleigh, US
• Chung-Sheng Li · Scarsdale, US
• Pratap C. Pattnaik · Ossining, US
• Dimitrios Pendarakis · Westport, US
• Josyula R. Rao · Briarcliff Manor, US
• Radha P. Ratnaparkhi · Ridgefield, US
• Michael D. Williams · Gardiner, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/034
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

There is a computer program product and computer system that includes program instructions programmed to establish a security container describing a workload and a set of resources in a software-defined environment, the security container including a set of sub-containers that are self-describing sub-containers having associated metadata describing content of a respectively corresponding sub-container, each sub-container of the set of sub-containers respectively corresponds to a resource-divisible portion of the workload, the set of resources being required by the workload, wherein a sub-container of the set of sub-containers is an operating system sub-container; monitor the workload and the set of resources for security events; and responsive to identifying a security event, adjust isolation mechanisms provided by the plurality of sub-containers at various layers of a stack. The set of sub-containers represents an end-to-end run time environment for processing the workload using the set of resources.