DE112020000694T5 - Erzeugung und ausführung von sicheren containern - Google Patents

Erzeugung und ausführung von sicheren containern Download PDF

Info

Publication number
DE112020000694T5
DE112020000694T5 DE112020000694.8T DE112020000694T DE112020000694T5 DE 112020000694 T5 DE112020000694 T5 DE 112020000694T5 DE 112020000694 T DE112020000694 T DE 112020000694T DE 112020000694 T5 DE112020000694 T5 DE 112020000694T5
Authority
DE
Germany
Prior art keywords
layer
container
encrypted
secure
blocks
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
DE112020000694.8T
Other languages
German (de)
English (en)
Inventor
Utz Bacher
Reinhard Buendgen
Peter Morjan
Janosch Frank
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of DE112020000694T5 publication Critical patent/DE112020000694T5/de
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/11File system administration, e.g. details of archiving or snapshots
    • G06F16/116Details of conversion of file system types or formats
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45583Memory management, e.g. access or allocation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • G06F8/63Image based installation; Cloning; Build to order

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)
DE112020000694.8T 2019-02-06 2020-01-31 Erzeugung und ausführung von sicheren containern Pending DE112020000694T5 (de)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
EP19155755.2 2019-02-06
EP19155755 2019-02-06
PCT/IB2020/050789 WO2020161577A1 (en) 2019-02-06 2020-01-31 Creation and execution of secure containers

Publications (1)

Publication Number Publication Date
DE112020000694T5 true DE112020000694T5 (de) 2021-10-21

Family

ID=65351936

Family Applications (1)

Application Number Title Priority Date Filing Date
DE112020000694.8T Pending DE112020000694T5 (de) 2019-02-06 2020-01-31 Erzeugung und ausführung von sicheren containern

Country Status (6)

Country Link
US (1) US11475138B2 (https=)
JP (1) JP7368476B2 (https=)
CN (1) CN113383330B (https=)
DE (1) DE112020000694T5 (https=)
GB (1) GB2594225B (https=)
WO (1) WO2020161577A1 (https=)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114780139A (zh) * 2022-04-01 2022-07-22 上海安势信息技术有限公司 一种镜像成分的分析方法、系统及存储介质
US12242363B2 (en) 2023-07-12 2025-03-04 Bank Of America Corporation System and method for securing resolution of a system alarm
US12314124B2 (en) 2023-07-12 2025-05-27 Bank Of America Corporation System and method for resolving a system alarm

Families Citing this family (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102223141B1 (ko) * 2019-02-12 2021-03-04 성균관대학교산학협력단 컨테이너 환경에서의 스토리지 드라이버의 동작 방법 및 스토리지 드라이버 장치
US11062022B1 (en) * 2019-05-01 2021-07-13 Intuit Inc. Container packaging device
US10901704B1 (en) * 2020-07-19 2021-01-26 Xmodn Security, Llc Computer-aided design, simulation, and code generation for cryptography
US11455405B2 (en) * 2020-08-07 2022-09-27 EMC IP Holding Company LLC Optimizing docker image encryption—tradeoff between performance and protection level
US11675913B2 (en) * 2020-09-18 2023-06-13 EMC IP Holding Company LLC Optimizing container image encryption
US11455429B2 (en) * 2020-12-03 2022-09-27 International Business Machines Corporation Container-based cryptography hardware security module management
US11874926B2 (en) * 2020-12-07 2024-01-16 Hewlett Packard Enterprise Development Lp Measuring containers
CN113296887B (zh) * 2021-03-31 2023-12-08 阿里巴巴(中国)有限公司 安全容器启动的方法以及装置
CN113391880B (zh) * 2021-06-21 2023-04-07 超越科技股份有限公司 一种分层双重哈希验证的可信镜像传输方法
US12056512B2 (en) 2021-06-25 2024-08-06 Microsoft Technology Licensing, Llc Secure computing mechanism
CN113569232A (zh) * 2021-08-13 2021-10-29 中国光大银行股份有限公司 容器的可信度量方法、装置及数据系统
CN114329442B (zh) * 2021-12-27 2025-12-23 奇安信科技集团股份有限公司 安全防护方法及装置
US20230315678A1 (en) * 2022-03-29 2023-10-05 International Business Machines Corporation Storage driver for managing a multiple layer file system on the cloud
US20220335139A1 (en) * 2022-05-30 2022-10-20 Intel Corporation Method and apparatus for improved container image deployment
US12242879B2 (en) * 2022-07-06 2025-03-04 International Business Machines Corporation Protecting container images and runtime data
CN115344854A (zh) * 2022-07-26 2022-11-15 厦门服云信息科技有限公司 一种容器内监控其他容器文件的方法、终端设备及介质
US12608237B2 (en) * 2022-11-23 2026-04-21 Red Hat, Inc. Detecting and migrating a rogue user application to avoid functional safety interference
US12189572B1 (en) * 2023-01-10 2025-01-07 Palantir Technologies Inc. Streamlining processing and transport of artifacts in air-gapped networks
US12321473B2 (en) * 2023-05-19 2025-06-03 Red Hat, Inc. On-demand encrypted container image download
EP4506843A1 (en) * 2023-08-08 2025-02-12 Intel Corporation Methods and apparatus for container deployment in a network-constrained environment
US12579296B2 (en) * 2024-06-11 2026-03-17 Sylabs IP Holdings, LLC, Series G Data security transactions using software container machine readable configuration data

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018007213A1 (en) 2016-07-07 2018-01-11 Gemalto Sa Method for securely managing a docker image
US20180309747A1 (en) 2011-08-09 2018-10-25 CloudPassage, Inc. Systems and methods for providing container security

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5129082A (en) * 1990-03-27 1992-07-07 Sun Microsystems, Inc. Method and apparatus for searching database component files to retrieve information from modified files
CN101847184A (zh) 2009-12-16 2010-09-29 深圳市虹安信息技术有限公司 采用加密沙箱的文件加密方法
US9176677B1 (en) * 2010-09-28 2015-11-03 Emc Corporation Virtual provisioning space reservation
US9740583B1 (en) * 2012-09-24 2017-08-22 Amazon Technologies, Inc. Layered keys for storage volumes
US9652631B2 (en) * 2014-05-05 2017-05-16 Microsoft Technology Licensing, Llc Secure transport of encrypted virtual machines with continuous owner access
CN105069353B (zh) * 2015-08-11 2017-10-24 武汉大学 一种基于Docker的可信容器安全加固方法
US20170130192A1 (en) * 2015-11-09 2017-05-11 Organovo, Inc. Methods for tissue fabrication
US10002247B2 (en) 2015-12-18 2018-06-19 Amazon Technologies, Inc. Software container registry container image deployment
WO2017111843A1 (en) * 2015-12-24 2017-06-29 Intel Corporation Trusted deployment of application containers in cloud data centers
US10460124B2 (en) * 2016-06-20 2019-10-29 Netapp, Inc. Per-volume tenant encryption and external key manager
US10554690B2 (en) 2016-11-10 2020-02-04 International Business Machines Corporation Security policy inclusion with container deployment
US10572226B2 (en) 2016-12-21 2020-02-25 Aon Global Operations Ltd (Singapore Branch) Methods, systems, and portal using software containers for accelerating aspects of data analytics application development and deployment
CN107729020B (zh) * 2017-10-11 2020-08-28 北京航空航天大学 一种实现大规模容器快速部署的方法
US10997283B2 (en) * 2018-01-08 2021-05-04 Aqua Security Software, Ltd. System for securing software containers with encryption and embedded agent
CN109190386B (zh) * 2018-04-04 2021-11-12 中国电子科技网络信息安全有限公司 基于Device Mapper的容器镜像分层加密存储方法

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180309747A1 (en) 2011-08-09 2018-10-25 CloudPassage, Inc. Systems and methods for providing container security
WO2018007213A1 (en) 2016-07-07 2018-01-11 Gemalto Sa Method for securely managing a docker image

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114780139A (zh) * 2022-04-01 2022-07-22 上海安势信息技术有限公司 一种镜像成分的分析方法、系统及存储介质
US12242363B2 (en) 2023-07-12 2025-03-04 Bank Of America Corporation System and method for securing resolution of a system alarm
US12314124B2 (en) 2023-07-12 2025-05-27 Bank Of America Corporation System and method for resolving a system alarm

Also Published As

Publication number Publication date
JP7368476B2 (ja) 2023-10-24
US11475138B2 (en) 2022-10-18
GB202112113D0 (en) 2021-10-06
JP2022520703A (ja) 2022-04-01
GB2594225B (en) 2022-03-02
CN113383330A (zh) 2021-09-10
CN113383330B (zh) 2025-05-09
GB2594225A (en) 2021-10-20
US20200250319A1 (en) 2020-08-06
WO2020161577A1 (en) 2020-08-13

Similar Documents

Publication Publication Date Title
DE112020000694T5 (de) Erzeugung und ausführung von sicheren containern
DE102012219155B4 (de) Verschlüsseln von Datenobjekten zur Datensicherung
DE69815599T2 (de) Verfahren und Vorrichtung zum Schutz von Anwendungsdaten in sicheren Speicherbereichen
DE112018002031B4 (de) Sichern einer betriebssystemkonfiguration unter verwendung von hardware
DE112014000584T5 (de) Erreichen von Speichereffizienz bei durchgängiger Verschlüsselung unter Verwendung von nachgelagerten (Downstream-)Decryptern
DE102012221813B4 (de) Verfahren zur optimierung der speicherzuordnung in einer virtuellen arbeitsplatzumgebung
DE112015004555B4 (de) Verarbeiten eines Gast-Ereignisses in einem von einem Hypervisor gesteuerten System
DE112012003988B4 (de) Schützen des Arbeitsspeichers eines virtuellen Gasts
DE69428262T2 (de) Vereinigung von Dateiverzeichnisdienst mit Dateisystemdiensten
DE112010004931B4 (de) Mehrphasige Wiederherstellung von Dateisystemen mit Selektiver Bedarfsweiser Verfügbarkeit von Daten
DE112020000558T5 (de) Dynamisches ändern einer isolierung einer containerisierten arbeitslast in reaktion auf eine erfassung eines auslösenden faktors
DE112017000190B4 (de) Durchgehende Verschlüsselung und Backup in Datenschutzumgebungen
DE112019006667T5 (de) Nutzen von blockchaintechnologie zum prüfen eines cloud-dienstes für die datenschutzkonformität
EP2488986B1 (de) Verfahren und vorrichtung zum betreiben einer virtuellen maschine gemäss einer zugeordneten rechteinformation
DE112019006676T5 (de) Blockchaintechnologie zur Regelung der Datenintegrität und zum Existenzbeweis bei Datenschutzsystemen
DE112019006678T5 (de) Blockchaintechnologie für die Einhaltung gesetzlicher Bestimmungen bei Datenverwaltungssystemen
DE102013208930A1 (de) Zusammenfassen von Einträgen in einem Deduplizierungs-lndex
DE112020003929B4 (de) Verwaltung von metadaten von virtuellen speichern
DE112020002859T5 (de) Verschlüsselter wissens-graph
DE102022108863A1 (de) Sicherung von daten für einen namensraum, der einem mandanten zugeordnet ist
DE112021003270B4 (de) Deduplizierung von mit mehreren schlüsseln verschlüsselten daten
DE112022004898T5 (de) Schutz von geclusterten containern
DE112018002947T5 (de) Computersystem-software/firmware und prozessoreinheit mit einem sicherheitsmodul
DE112020005517T5 (de) Prozessgestütztes virtualisierungssystem zum ausführen eines sicheren anwendungsprozesses
DE112017005588T5 (de) Speichern und abrufen von eingeschränkten datensätzen in und aus einem cloud-netzwerk mit nichteingeschränkten datensätzen

Legal Events

Date Code Title Description
R012 Request for examination validly filed
R084 Declaration of willingness to licence