Image vulnerability repair in a networked computing environment
First Claim
1. A method for repairing image vulnerability in a networked computing environment, comprising:
- identifying an image in the networked computing environment having a vulnerability, the image being identified based on a database of known vulnerabilities;
establishing a firewall around the image to isolate the vulnerability;
repairing the image to remove the vulnerability, the repairing comprising discarding the image and generating a new image; and
removing the firewall.
3 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present invention provide an approach to repair vulnerabilities (e.g., security vulnerabilities) in images (e.g., application images) in a networked computing environment (e.g., a cloud computing environment). Specifically, an image is checked for vulnerabilities using a database of known images and/or vulnerabilities. If a vulnerability is found, a flexible/elastic firewall is established around the image so as to isolate the vulnerability. Once the firewall has been put in place, the vulnerability can be repaired by a variety of means such as upgrading the image, quarantining the image, discarding the image, and/or generating a new image. Once the image has been repaired, the firewall can be removed.
-
Citations
19 Claims
-
1. A method for repairing image vulnerability in a networked computing environment, comprising:
-
identifying an image in the networked computing environment having a vulnerability, the image being identified based on a database of known vulnerabilities; establishing a firewall around the image to isolate the vulnerability; repairing the image to remove the vulnerability, the repairing comprising discarding the image and generating a new image; and removing the firewall. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for repairing image vulnerability in a networked computing environment, comprising:
-
a bus; a processor coupled to the bus; and a memory medium coupled to the bus, the memory medium comprising instructions to; identify an image in the networked computing environment having a vulnerability, the image being identified based on a database of known vulnerabilities; establish a firewall around the image to isolate the vulnerability; repair the image to remove the vulnerability, the repairing comprising discarding the image and generating a new image; and remove the firewall. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer program product for repairing image vulnerability in a networked computing environment, the computer program product comprising a computer readable storage device, and program instructions stored on the computer readable storage media, to:
-
identify an image in the networked computing environment having a vulnerability, the image being identified based on a database of known vulnerabilities; establish a firewall around the image to isolate the vulnerability; repair the image to remove the vulnerability, the repairing comprising discarding the image and generating a new image; and remove the firewall. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A method for deploying a system for repairing image vulnerability in a networked computing environment, comprising:
deploying a computer infrastructure being operable to; identify an image in the networked computing environment having a vulnerability, the image being identified based on a database of known vulnerabilities; establish a firewall around the image to isolate the vulnerability; repair the image to remove the vulnerability, the repairing comprising discarding the image and generating a new image; and remove the firewall.
Specification