SYSTEM FOR SECURING SOFTWARE CONTAINERS WITH EMBEDDED AGENT
First Claim
1. A computer-implemented method of providing security for a software container, comprising:
- receiving a software container image comprising a software application and security agent that is separate from the software application, wherein an execution entry point of the software container image that was previously configured to launch the software application has been modified to instead launch the security agent;
receiving a request to instantiate the software container image as a software container;
launching the security agent based on the request;
authenticating the contents of the software container image; and
controlling operation of the software application based on the authenticating.
4 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method of providing security for a software container, according to an example of the present disclosure includes, receiving a software container image with a software application and security agent that is separate from the software application. An execution entry point of the software container image that was previously configured to launch the software application has been modified to instead launch the security agent. The method includes receiving a request to instantiate the software container image as a software container, launching the security agent based on the request, authenticating the contents of the software container image, and controlling operation of the software application based on the authenticating.
-
Citations
24 Claims
-
1. A computer-implemented method of providing security for a software container, comprising:
-
receiving a software container image comprising a software application and security agent that is separate from the software application, wherein an execution entry point of the software container image that was previously configured to launch the software application has been modified to instead launch the security agent; receiving a request to instantiate the software container image as a software container; launching the security agent based on the request; authenticating the contents of the software container image; and controlling operation of the software application based on the authenticating. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
13. A computer-implemented method of providing security for a software container image, comprising:
-
embedding a security agent within a software container image that also includes a software application, wherein the security agent is configured to control operation of the software application when the software container image is instantiated as a software container based on a security policy and a cryptographic fingerprint of the software container image; and replacing an initial execution entry point of the software container image that would have launched the software application upon software container image instantiation with a modified execution entry point that instead launches the security agent upon software container image instantiation. - View Dependent Claims (14, 15)
-
-
16. A computing device comprising:
-
memory configured to store a software container image that includes a software application and a security agent that is separate from the software application, wherein an execution entry point of the software container image that was previously configured to launch the software application has been modified to instead launch the security agent; and a processor operatively connected to the memory and configured to; receive a request to instantiate the software container image as a software container; launch the security agent based on the request; authenticate the contents of the software container image; and control operation of the software application based on the authentication. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. A computing device comprising:
-
memory configured to store a software container image comprising a software application; and a processor operatively connected to the memory and configured to; embed a security agent within the software container image, wherein the security agent is configured to control operation of the software application when the software container image is instantiated as a software container based on a security policy and a cryptographic fingerprint of the software container image; and replace an initial execution entry point of the software container image that would have launched the software application upon software container image instantiation with a modified execution entry point that instead launches the security agent upon software container image instantiation. - View Dependent Claims (23, 24)
-
Specification