Automatic deployment of application security policy using application manifest and dynamic process analysis in a containerization environment
US11966463B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jan 14, 2022 |
| Grant date | Apr 23, 2024 |
| Priority date | — |
| Expiry date | Jan 14, 2042 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/033
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A policy interpreter detects that an application container has been added in a container system, and opens a stored manifest for the application container. The policy interpreter retrieves running services information regarding the application container, and generates a security policy for the application container. The security policy defines a set of actions for which the application container can perform, and the set of actions are determined using the manifest and the running service information associated with the application container. The policy interpreter loads the security policy at a security container. The security container blocks an action performed by the application container in response to determining that the action performed by the application container does not match any action in the set of actions defined in the security policy. The policy interpreter transmits the security policy to a graphical user interface container for presentation to a user via a display device.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.