Security within a software-defined infrastructure
First Claim
1. A computer program product comprising a computer readable storage medium having stored thereon program instructions programmed to:
- establish a security container describing a workload and a set of resources in a software-defined environment, the security container including a set of sub-containers that are self-describing sub-containers having associated metadata describing content of a respectively corresponding sub-container, each sub-container of the set of sub-containers respectively corresponds to a resource-divisible portion of the workload, the set of resources being required by the workload, wherein a sub-container of the set of sub-containers is an operating system sub-container;
monitor the workload and the set of resources for security events; and
responsive to identifying a security event, adjust isolation mechanisms provided by the plurality of sub-containers at various layers of a stack;
wherein;
the set of sub-containers represents an end-to-end run time environment for processing the workload using the set of resources.
1 Assignment
0 Petitions
Accused Products
Abstract
There is a computer program product and computer system that includes program instructions programmed to establish a security container describing a workload and a set of resources in a software-defined environment, the security container including a set of sub-containers that are self-describing sub-containers having associated metadata describing content of a respectively corresponding sub-container, each sub-container of the set of sub-containers respectively corresponds to a resource-divisible portion of the workload, the set of resources being required by the workload, wherein a sub-container of the set of sub-containers is an operating system sub-container; monitor the workload and the set of resources for security events; and responsive to identifying a security event, adjust isolation mechanisms provided by the plurality of sub-containers at various layers of a stack. The set of sub-containers represents an end-to-end run time environment for processing the workload using the set of resources.
-
Citations
14 Claims
-
1. A computer program product comprising a computer readable storage medium having stored thereon program instructions programmed to:
-
establish a security container describing a workload and a set of resources in a software-defined environment, the security container including a set of sub-containers that are self-describing sub-containers having associated metadata describing content of a respectively corresponding sub-container, each sub-container of the set of sub-containers respectively corresponds to a resource-divisible portion of the workload, the set of resources being required by the workload, wherein a sub-container of the set of sub-containers is an operating system sub-container; monitor the workload and the set of resources for security events; and responsive to identifying a security event, adjust isolation mechanisms provided by the plurality of sub-containers at various layers of a stack; wherein; the set of sub-containers represents an end-to-end run time environment for processing the workload using the set of resources. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer system comprising:
-
a processor(s) set; and a computer readable storage medium; wherein; the processor set is structured, located, connected, and/or programmed to run program instructions stored on the computer readable storage medium; and the program instructions include program instructions programmed to; establish a security container describing a workload and a set of resources in a software-defined environment, the security container including a set of sub-containers that are self-describing sub-containers having associated metadata describing content of a respectively corresponding sub-container, each sub-container of the set of sub-containers respectively corresponds to a resource-divisible portion of the workload, the set of resources being required by the workload, wherein a sub-container of the set of sub-containers is an operating system sub-container; monitor the workload and the set of resources for security events; and responsive to identifying a security event, adjust isolation mechanisms provided by the plurality of sub-containers at various layers of a stack; wherein; the set of sub-containers represents an end-to-end run time environment for processing the workload using the set of resources. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification