Security inspection of massive virtual hosts for immutable infrastructure and infrastructure as code
First Claim
1. A method for performing a security inspection of a set of virtual images in a cloud infrastructure, the method comprising:
- merging the virtual images into a tree structure having a root and a plurality of leaves such that child leaves and a parent leaf to the child leaves have common ones of the virtual images;
identifying a security violation in a given one of the virtual images at a given one of the plurality of leaves;
applying a bisection method against a path in the tree from the root to the given one of the plurality of leaves to find a particular one of the virtual images that is a root cause of the security violation; and
performing a corrective action for any of the plurality of images having the security violation.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system are provided for performing a security inspection of a set of virtual images in a cloud infrastructure. The method includes merging the virtual images into a tree structure having a root and a plurality of leaves such that child leaves and a parent leaf to the child leaves have common ones of the virtual images. The method further includes identifying a security violation in a given one of the virtual images at a given one of the plurality of leaves. The method also includes applying a bisection method against a path in the tree from the root to the given one of the plurality of leaves to find a particular one of the virtual images that is a root cause of the security violation. The method additionally includes performing a corrective action for any of the plurality of images having the security violation.
9 Citations
20 Claims
-
1. A method for performing a security inspection of a set of virtual images in a cloud infrastructure, the method comprising:
-
merging the virtual images into a tree structure having a root and a plurality of leaves such that child leaves and a parent leaf to the child leaves have common ones of the virtual images; identifying a security violation in a given one of the virtual images at a given one of the plurality of leaves; applying a bisection method against a path in the tree from the root to the given one of the plurality of leaves to find a particular one of the virtual images that is a root cause of the security violation; and performing a corrective action for any of the plurality of images having the security violation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer program product for performing a security inspection of a set of virtual images in a cloud infrastructure, the computer program product comprising a non-transitory computer readable storage medium having program instructions embodied therewith, the program instructions executable by a computer to cause the computer to perform a method comprising:
-
merging the virtual images into a tree structure having a root and a plurality of leaves such that child leaves and a parent leaf to the child leaves have common ones of the virtual images; identifying a security violation in a given one of the virtual images at a given one of the plurality of leaves; applying a bisection method against a path in the tree from the root to the given one of the plurality of leaves to find a particular one of the virtual images that is a root cause of the security violation; and performing a corrective action for any of the plurality of images having the security violation. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A system for performing a security inspection of a set of virtual images in a cloud infrastructure, the system comprising:
a hardware processor and a memory device, configured to; merge the virtual images into a tree structure having a root and a plurality of leaves such that child leaves and a parent leaf to the child leaves have common ones of the virtual images; identify a security violation in a given one of the virtual images at a given one of the plurality of leaves; apply a bisection method against a path in the tree from the root to the given one of the plurality of leaves to find a particular one of the virtual images that is a root cause of the security violation; and perform a corrective action for any of the plurality of images having the security violation.
Specification