Security within a software-defined infrastructure
First Claim
Patent Images
1. A method comprising:
- establishing a security container in a software-defined environment, the security container describing a workload and a set of resources, the set of resources being required by the workload;
determining a set of resource-divisible portions of the workload including a compute-resource portion, a storage resource portion, and a network resource portion;
generating a plurality of sub-containers within the security container, a sub-container within the plurality of sub-containers representing only one resource-divisible portion of the workload;
determining a set of security criteria for the security container;
monitoring the workload and the set of resources for security events based, at least in part, upon the set of security criteria; and
responsive to identifying a security event, adjusting one or more security mechanisms;
wherein;
the plurality of sub-containers represent an end-to-end run time environment for processing the workload;
the end-to-end run time environment includes bare metal sub-containers and hypervisor-specific sub-containers;
the set of resources are software abstractions; and
at least the steps of monitoring and adjusting are operated within the software-defined environment.
1 Assignment
0 Petitions
Accused Products
Abstract
There is a method and system that includes establishing a security container that describes a workload and a set of resources that corresponds to the workload in a software-defined environment, determining a set of security criteria for the security container, monitoring the workload and the set of resources for security events based, at least in part, upon the set of security criteria, and responsive to identifying a security event, adjusting one or more security mechanisms. The steps of monitoring and adjusting are operated within the software-defined environment.
18 Citations
16 Claims
-
1. A method comprising:
-
establishing a security container in a software-defined environment, the security container describing a workload and a set of resources, the set of resources being required by the workload; determining a set of resource-divisible portions of the workload including a compute-resource portion, a storage resource portion, and a network resource portion; generating a plurality of sub-containers within the security container, a sub-container within the plurality of sub-containers representing only one resource-divisible portion of the workload; determining a set of security criteria for the security container; monitoring the workload and the set of resources for security events based, at least in part, upon the set of security criteria; and responsive to identifying a security event, adjusting one or more security mechanisms; wherein; the plurality of sub-containers represent an end-to-end run time environment for processing the workload; the end-to-end run time environment includes bare metal sub-containers and hypervisor-specific sub-containers; the set of resources are software abstractions; and at least the steps of monitoring and adjusting are operated within the software-defined environment. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer program product comprising a computer readable storage medium having stored thereon program instructions programmed to:
-
establish a security container in a software-defined environment, the security container describing a workload and a set of resources, the set of resources being required by the workload; determine a set of resource-divisible portions of the workload including a compute-resource portion, a storage resource portion, and a network resource portion; generate a plurality of sub-containers within the security container, a sub-container within the plurality of sub-containers representing only one resource-divisible portion of the workload; determine a set of security criteria for the security container; monitor the workload and the set of resources for security events based, at least in part, upon the set of security criteria; and responsive to identifying a security event, adjust one or more security mechanisms; wherein; the plurality of sub-containers represent an end-to-end run time environment for processing the workload; the end-to-end run time environment includes bare metal sub-containers and hypervisor-specific sub-containers; and the set of resources are software abstractions. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A computer system comprising:
-
a processor(s) set; and a computer readable storage medium; wherein; the processor set is structured, located, connected, and/or programmed to run program instructions stored on the computer readable storage medium; and the program instructions include program instructions programmed to; establish a security container in a software-defined environment, the security container describing a workload and a set of resources, the set of resources being required by the workload; determine a set of resource-divisible portions of the workload including a compute-resource portion, a storage resource portion, and a network resource portion; generate a plurality of sub-containers within the security container, a sub-container within the plurality of sub-containers representing only one resource-divisible portion of the workload; determine a set of security criteria for the security container; monitor the workload and the set of resources for security events based, at least in part, upon the set of security criteria; and responsive to identifying a security event, adjust one or more security mechanisms; wherein; the plurality of sub-containers represent an end-to-end run time environment for processing the workload; the end-to-end run time environment includes bare metal sub-containers and hypervisor-specific sub-containers; and the set of resources are software abstractions. - View Dependent Claims (13, 14, 15, 16)
-
Specification