Image vulnerability repair in a networked computing environment

US 8,646,086 B2
Filed: 11/22/2010
Issued: 02/04/2014
Est. Priority Date: 11/22/2010
Status: Active Grant

First Claim

Patent Images

1. A method for repairing image vulnerability in a networked computing environment, comprising:

identifying an image in the networked computing environment having a vulnerability, the image being identified based on a database of known vulnerabilities;

establishing a firewall around the image to isolate the vulnerability;

repairing the image to remove the vulnerability, the repairing comprising discarding the image and generating a new image; and

removing the firewall.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention provide an approach to repair vulnerabilities (e.g., security vulnerabilities) in images (e.g., application images) in a networked computing environment (e.g., a cloud computing environment). Specifically, an image is checked for vulnerabilities using a database of known images and/or vulnerabilities. If a vulnerability is found, a flexible/elastic firewall is established around the image so as to isolate the vulnerability. Once the firewall has been put in place, the vulnerability can be repaired by a variety of means such as upgrading the image, quarantining the image, discarding the image, and/or generating a new image. Once the image has been repaired, the firewall can be removed.

59 Citations

View as Search Results

19 Claims

1. A method for repairing image vulnerability in a networked computing environment, comprising:
- identifying an image in the networked computing environment having a vulnerability, the image being identified based on a database of known vulnerabilities;
  
  establishing a firewall around the image to isolate the vulnerability;
  
  repairing the image to remove the vulnerability, the repairing comprising discarding the image and generating a new image; and
  
  removing the firewall.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, the image being an application image.
  - 3. The method of claim 1, the vulnerability being a security vulnerability.
  - 4. The method of claim 1, the repairing comprising upgrading the image.
  - 5. The method of claim 1, the repairing comprising quarantining the image.
  - 6. The method of claim 1, further comprising updating the database based on the repairing.

7. A system for repairing image vulnerability in a networked computing environment, comprising:
- a bus;
  
  a processor coupled to the bus; and
  
  a memory medium coupled to the bus, the memory medium comprising instructions to;
  
  identify an image in the networked computing environment having a vulnerability, the image being identified based on a database of known vulnerabilities;
  
  establish a firewall around the image to isolate the vulnerability;
  
  repair the image to remove the vulnerability, the repairing comprising discarding the image and generating a new image; and
  
  remove the firewall.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, the image being an application image.
  - 9. The system of claim 7, the vulnerability being a security vulnerability.
  - 10. The system of claim 7, the memory medium further comprising instructions to upgrade the image.
  - 11. The system of claim 7, the memory medium further comprising instructions to quarantine the image.
  - 12. The system of claim 7, the memory medium further comprising instructions to update the database based on the repair.

13. A computer program product for repairing image vulnerability in a networked computing environment, the computer program product comprising a computer readable storage device, and program instructions stored on the computer readable storage media, to:
- identify an image in the networked computing environment having a vulnerability, the image being identified based on a database of known vulnerabilities;
  
  establish a firewall around the image to isolate the vulnerability;
  
  repair the image to remove the vulnerability, the repairing comprising discarding the image and generating a new image; and
  
  remove the firewall.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer program product of claim 13, the image being an application image.
  - 15. The computer program product of claim 13, the vulnerability being a security vulnerability.
  - 16. The computer program product of claim 13, further comprising program instructions stored on the computer readable storage media to upgrade the image.
  - 17. The computer program product of claim 13, further comprising program instructions stored on the computer readable storage media to quarantine the image.
  - 18. The computer program product of claim 13, further comprising program instructions stored on the computer readable storage device to update the database based on the repair.

19. A method for deploying a system for repairing image vulnerability in a networked computing environment, comprising:
- deploying a computer infrastructure being operable to;
  
  identify an image in the networked computing environment having a vulnerability, the image being identified based on a database of known vulnerabilities;
  
  establish a firewall around the image to isolate the vulnerability;
  
  repair the image to remove the vulnerability, the repairing comprising discarding the image and generating a new image; and
  
  remove the firewall.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Finjan Blue, Inc. (SoftBank Group Corp.)
Original Assignee
International Business Machines Corporation
Inventors
Chakra, Al, Dawson, Christopher J., Deng, Yu, Hamilton, Rick A. II, Li, Jenny S., Zeng, Liangzhao
Primary Examiner(s)
McNally, Michael S

Application Number

US12/951,373
Publication Number

US 20120131677A1
Time in Patent Office

1,170 Days
Field of Search

726/25
US Class Current

726/25
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/02   for separating internal fro...

H04L 63/1433   Vulnerability analysis

Image vulnerability repair in a networked computing environment

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

59 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Image vulnerability repair in a networked computing environment

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

59 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links