发明名称 |
PROFILING OF CONTAINER IMAGES AND ENFORCING SECURITY POLICIES RESPECTIVE THEREOF |
摘要 |
A method for securing execution of software containers using security profiles. The method comprises receiving an event indicating that a container image requires profiling, wherein the container image includes resources utilized to execute a corresponding application container; generating a security profile for the container image, wherein the generated security profile includes at least a system calls profile; monitoring the operation of a runtime execution of the application container; and detecting a violation of the security profile based on the monitored operation, wherein the security profile is of the container image corresponding to the application container. |
申请公布号 |
US2017116415(A1) |
申请公布日期 |
2017.04.27 |
申请号 |
US201715397230 |
申请日期 |
2017.01.03 |
申请人 |
Twistlock, Ltd. |
发明人 |
STOPEL Dima;LEVIN Liron;YANKOVICH Lior |
分类号 |
G06F21/55;G06F21/57;G06F21/52 |
主分类号 |
G06F21/55 |
代理机构 |
|
代理人 |
|
主权项 |
1. A method for securing execution of software containers using security profiles, comprising:
receiving an event indicating that a container image requires profiling, wherein the container image includes resources utilized to execute a corresponding application container; generating a security profile for the container image, wherein the generated security profile includes at least a system calls profile; monitoring the operation of a runtime execution of the application container; and detecting a violation of the security profile based on the monitored operation, wherein the security profile is of the container image corresponding to the application container. |
地址 |
Herzliya IL |