IDiyas

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 10546121 B1

PDFFull Text
Date of Patent:
Jan. 28, 2020

Filed:

Jun. 22, 2018

Security within a software-defined infrastructure

Applicant:

International Business Machines Corporation, Armonk, NY (US);

Inventors:

Brad L. Brech, Rochester, MN (US);

Scott W. Crowder, Pleasantville, NY (US);

Hubertus Franke, Cortlandt Manor, NY (US);

Nagui Halim, Yorktown Heights, NY (US);

Matt R. Hogstrom, Raleigh, NC (US);

Chung-Sheng Li, Scarsdale, NY (US);

Pratap C. Pattnaik, Ossining, NY (US);

Dimitrios Pendarakis, Westport, CT (US);

Josyula R. Rao, Briarcliff Manor, NY (US);

Radha P. Ratnaparkhi, Ridgefield, CT (US);

Michael D. Williams, Gardiner, NY (US);

Assignee:

International Business Machines Corporation, Armonk, NY (US);

Attorney:

Stephen R. Yoder

Primary Examiner:

Oleg Korsak

Int. Cl.
CPC ...
G06F 21/55 (2013.01); G06F 9/50 (2006.01); G06F 9/455 (2018.01);
U.S. Cl.
CPC ...
G06F 21/554 (2013.01); G06F 9/45558 (2013.01); G06F 9/5083 (2013.01); G06F 21/55 (2013.01); G06F 2009/4557 (2013.01); G06F 2009/45587 (2013.01); G06F 2221/034 (2013.01);
Abstract

There is a computer program product and computer system that includes program instructions programmed to establish a security container describing a workload and a set of resources in a software-defined environment, the security container including a set of sub-containers that are self-describing sub-containers having associated metadata describing content of a respectively corresponding sub-container, each sub-container of the set of sub-containers respectively corresponds to a resource-divisible portion of the workload, the set of resources being required by the workload, wherein a sub-container of the set of sub-containers is an operating system sub-container; monitor the workload and the set of resources for security events; and responsive to identifying a security event, adjust isolation mechanisms provided by the plurality of sub-containers at various layers of a stack. The set of sub-containers represents an end-to-end run time environment for processing the workload using the set of resources.

Find Patent Forward Citations

Loading…