Security within a software-defined infrastructure
First Claim
1. A computer program product comprising a computer readable storage medium having stored thereon program instructions programmed to:
- identify, in a software-defined environment, a security container describing a workload and a set of resources required by the workload, the security container including self-describing sub-containers having associated metadata describing content of a respectively corresponding sub-container;
determine, for the workload, a set of resource-divisible portions of the workload including a compute-resource portion;
generate a plurality of sub-containers within the security container, a sub-container within the plurality of sub-containers being a self-describing sub-container having associated metadata describing the content of the sub-container representing only one resource-divisible portion, the sub-container being an operating system sub-container; and
responsive to identifying a security event while processing the workload, adjust a security mechanism associated with the security container;
wherein;
the plurality of sub-containers represents an end-to-end run time environment for processing the workload.
1 Assignment
0 Petitions
Accused Products
Abstract
There is a computer program product and computer system that includes program instructions programmed to identify, in a software-defined environment, a security container describing a workload and a set of resources required by the workload, the security container including self-describing sub-containers having associated metadata describing content of a respectively corresponding sub-container; determine, for the workload, a set of resource-divisible portions of the workload including a compute-resource portion; generate a plurality of sub-containers within the security container, a sub-container within the plurality of sub-containers being a self-describing sub-container having associated metadata describing the content of the sub-container representing only one resource-divisible portion, the sub-container being an operating system sub-container; and responsive to identifying a security event while processing the workload, adjust a security mechanism associated with the security container. The plurality of sub-containers represents an end-to-end run time environment for processing the workload.
-
Citations
20 Claims
-
1. A computer program product comprising a computer readable storage medium having stored thereon program instructions programmed to:
-
identify, in a software-defined environment, a security container describing a workload and a set of resources required by the workload, the security container including self-describing sub-containers having associated metadata describing content of a respectively corresponding sub-container; determine, for the workload, a set of resource-divisible portions of the workload including a compute-resource portion; generate a plurality of sub-containers within the security container, a sub-container within the plurality of sub-containers being a self-describing sub-container having associated metadata describing the content of the sub-container representing only one resource-divisible portion, the sub-container being an operating system sub-container; and responsive to identifying a security event while processing the workload, adjust a security mechanism associated with the security container; wherein; the plurality of sub-containers represents an end-to-end run time environment for processing the workload. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer system comprising:
-
a processor(s) set; and a computer readable storage medium; wherein; the processor set is structured, located, connected, and/or programmed to run program instructions stored on the computer readable storage medium; and the program instructions include program instructions programmed to; identify, in a software-defined environment, a security container describing a workload and a set of resources required by the workload, the security container including self-describing sub-containers having associated metadata describing content of a respectively corresponding sub-container; determine, for the workload, a set of resource-divisible portions of the workload including a compute-resource portion; generate a plurality of sub-containers within the security container, a sub-container within the plurality of sub-containers being a self-describing sub-container having associated metadata describing the content of the sub-container representing only one resource-divisible portion, the sub-container being an operating system sub-container; and responsive to identifying a security event while processing the workload, adjust a security mechanism associated with the security container; wherein; the plurality of sub-containers represents an end-to-end run time environment for processing the workload. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification