Systems and methods for protecting a service mesh from external attacks on exposed software vulnerabilities
US10999312B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | May 8, 2019 |
| Grant date | May 4, 2021 |
| Priority date | — |
| Expiry date | Nov 13, 2039 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L67/56
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Systems and method handling software vulnerabilities in service meshes can include receiving information on software vulnerabilities from external feeds. From a services catalog which maintains data associated with service instances supported by a service mesh, one or more vulnerable service instances supported by the service mesh are identified. Notifications are provided to sidecar proxies associated with vulnerable service instances. The notifications include criteria such as criticality levels and categories associated with the software vulnerabilities. Based on destination policies for the vulnerable service instances, instructions are provided to the sidecar proxies to trip circuit breakers associated with the vulnerable service instances and thus prevent further access and cascading impact of the software vulnerabilities. The software vulnerabilities are reported to an orchestration system for the service mesh and a fix or different version of the vulnerable service instance is installed where possible.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.