Patent · US Active

Filesystem action profiling of containers and security enforcement

US10664590B2 · kind B2 · utility

0Cited by

43References

18Claims

0Family size

Assignee

Twistlock Ltd. · IL

Inventors

Liron Levin · Herzliya, IL
Dima Stopel · Herzliya, IL
Eran Yanay · Holon, IL

Key dates

Filing date	Jan 9, 2018
Grant date	May 26, 2020
Priority date	—
Expiry date	Jun 3, 2038

Classification

Technology area (CPC G)Physics
CPC primaryG06N20/00
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A system and method for securing execution of software containers using security profiles. The method includes receiving an event indicating that a container image requires profiling, wherein the container image includes resources utilized to execute a corresponding application container; generating a security profile for the container image when the event is received, wherein the generated security profile indicates at least a list of permissible filesystem actions, wherein each permissible filesystem action is an action performed with respect to at least one filesystem resource; monitoring an operation of a runtime execution of the application container; and detecting a violation of the security profile based on the monitored operation.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.