JP7495190B2 - コンテナのためのブラックボックス・セキュリティ - Google Patents

コンテナのためのブラックボックス・セキュリティ Download PDF

Info

Publication number
JP7495190B2
JP7495190B2 JP2022500153A JP2022500153A JP7495190B2 JP 7495190 B2 JP7495190 B2 JP 7495190B2 JP 2022500153 A JP2022500153 A JP 2022500153A JP 2022500153 A JP2022500153 A JP 2022500153A JP 7495190 B2 JP7495190 B2 JP 7495190B2
Authority
JP
Japan
Prior art keywords
container
component
memory
computer
trusted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2022500153A
Other languages
English (en)
Japanese (ja)
Other versions
JP2022539465A5 (https=
JP2022539465A (ja
Inventor
ハン、ハイ
ラム、ジア、ジュン、ブランドン
スネジャ、サヒル
ジェミオ、リカルド、アンドレイ コラー
ステインダー、マルゴザータ
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of JP2022539465A publication Critical patent/JP2022539465A/ja
Publication of JP2022539465A5 publication Critical patent/JP2022539465A5/ja
Application granted granted Critical
Publication of JP7495190B2 publication Critical patent/JP7495190B2/ja
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2147Locking files
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
JP2022500153A 2019-07-11 2020-07-01 コンテナのためのブラックボックス・セキュリティ Active JP7495190B2 (ja)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US16/509,137 US11409880B2 (en) 2019-07-11 2019-07-11 Blackbox security for containers
US16/509,137 2019-07-11
PCT/EP2020/068570 WO2021004863A1 (en) 2019-07-11 2020-07-01 Blackbox security for containers

Publications (3)

Publication Number Publication Date
JP2022539465A JP2022539465A (ja) 2022-09-09
JP2022539465A5 JP2022539465A5 (https=) 2022-12-02
JP7495190B2 true JP7495190B2 (ja) 2024-06-04

Family

ID=71465331

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2022500153A Active JP7495190B2 (ja) 2019-07-11 2020-07-01 コンテナのためのブラックボックス・セキュリティ

Country Status (5)

Country Link
US (1) US11409880B2 (https=)
EP (1) EP3997602B1 (https=)
JP (1) JP7495190B2 (https=)
CN (1) CN114096965B (https=)
WO (1) WO2021004863A1 (https=)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11520895B2 (en) * 2020-12-07 2022-12-06 Samsung Electronics Co., Ltd. System and method for dynamic verification of trusted applications
JP7610428B2 (ja) * 2021-03-02 2025-01-08 日立Astemo株式会社 制御装置
US12093367B2 (en) * 2021-05-03 2024-09-17 Carnegie Mellon University System and method for providing provable end-to-end guarantees on commodity heterogeneous interconnected computing platforms
EP4170490A1 (de) * 2021-10-19 2023-04-26 Siemens Aktiengesellschaft Priorisieren eines zugriffs von einer containerinstanz auf eine datei in einer dateisystemressource
CN114329531B (zh) * 2021-12-21 2025-05-13 绿盟科技集团股份有限公司 一种容器加密方法、装置、电子设备及存储介质
CN114547661B (zh) * 2022-03-21 2024-09-20 京东科技信息技术有限公司 应用配置数据的加解密方法、装置、设备和存储介质
CN114760154B (zh) * 2022-06-14 2022-08-19 国网浙江省电力有限公司温州供电公司 基于电力载波跨安全区的数据隔离传输方法及通信机器人
US12242879B2 (en) 2022-07-06 2025-03-04 International Business Machines Corporation Protecting container images and runtime data
US12481520B2 (en) * 2023-03-17 2025-11-25 International Business Machines Corporation Dynamic control of eBPF program execution in an operating system kernel
CN116842529B (zh) * 2023-07-13 2024-07-26 海光信息技术股份有限公司 一种计算机程序产品、软件运行方法及其相关装置
CN117873637B (zh) * 2023-12-14 2025-09-05 天翼云科技有限公司 一种基于内存分级和内存压缩的内存热点消除方法
US12395599B2 (en) * 2024-01-26 2025-08-19 Dell Products L.P. Secure static facsimiles of digital information by an information handling system
US12598065B2 (en) * 2024-05-10 2026-04-07 Red Hat, Inc. Managing data encryption during system upgrades

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004046307A (ja) 2002-07-09 2004-02-12 Fujitsu Ltd データ保護プログラムおよびデータ保護方法
JP2008226159A (ja) 2007-03-15 2008-09-25 Ricoh Co Ltd 情報処理装置、ソフトウェア更新方法及び画像処理装置
JP2016519827A (ja) 2013-04-15 2016-07-07 アマゾン・テクノロジーズ、インコーポレイテッド 安全な記憶装置を用いたホストリカバリ

Family Cites Families (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8468356B2 (en) 2008-06-30 2013-06-18 Intel Corporation Software copy protection via protected execution of applications
US8412945B2 (en) 2011-08-09 2013-04-02 CloudPassage, Inc. Systems and methods for implementing security in a cloud computing environment
US9032506B2 (en) 2012-08-09 2015-05-12 Cisco Technology, Inc. Multiple application containerization in a single container
US20140108793A1 (en) 2012-10-16 2014-04-17 Citrix Systems, Inc. Controlling mobile device access to secure data
EP3161635B1 (en) * 2014-06-30 2023-11-01 Amazon Technologies, Inc. Machine learning service
US9886670B2 (en) * 2014-06-30 2018-02-06 Amazon Technologies, Inc. Feature processing recipes for machine learning
US9703965B1 (en) 2014-06-30 2017-07-11 EMC IP Holding Company LLC Secure containers for flexible credential protection in devices
GB2533098B (en) * 2014-12-09 2016-12-14 Ibm Automated management of confidential data in cloud environments
US9635055B2 (en) 2015-01-28 2017-04-25 defend7, Inc. Encryption levels for secure application containers
US20160292431A1 (en) 2015-04-02 2016-10-06 defend7, Inc. Management of encryption keys in an application container environment
US9710401B2 (en) * 2015-06-26 2017-07-18 Intel Corporation Processors, methods, systems, and instructions to support live migration of protected containers
US10114947B1 (en) 2016-06-29 2018-10-30 Symantec Corporation Systems and methods for logging processes within containers
US10263988B2 (en) * 2016-07-02 2019-04-16 Intel Corporation Protected container key management processors, methods, systems, and instructions
US11403086B2 (en) 2016-10-28 2022-08-02 Virtuozzo International Gmbh System and method for upgrading operating system of a container using an auxiliary host
US10691816B2 (en) 2017-02-24 2020-06-23 International Business Machines Corporation Applying host access control rules for data used in application containers
US10496610B2 (en) 2017-03-07 2019-12-03 Code 42 Software, Inc. Self destructing portable encrypted data containers
US20180285139A1 (en) 2017-04-02 2018-10-04 vEyE Security Ltd. Hypervisor-based containers
US10587411B2 (en) 2017-04-11 2020-03-10 International Business Machines Corporation Zero-knowledge verifiably attestable transaction containers using secure processors
US10909248B2 (en) * 2017-06-29 2021-02-02 Microsoft Technology Licensing, Llc Executing encrypted boot loaders
US11601467B2 (en) * 2017-08-24 2023-03-07 L3 Technologies, Inc. Service provider advanced threat protection
US11184323B2 (en) * 2017-09-28 2021-11-23 L3 Technologies, Inc Threat isolation using a plurality of containers
US10001990B2 (en) 2017-10-26 2018-06-19 Iomaxis, Llc Method and system for enhancing application container and host operating system security in a multi-tenant computing environment
US11017092B2 (en) * 2018-09-27 2021-05-25 Intel Corporation Technologies for fast launch of trusted containers

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004046307A (ja) 2002-07-09 2004-02-12 Fujitsu Ltd データ保護プログラムおよびデータ保護方法
JP2008226159A (ja) 2007-03-15 2008-09-25 Ricoh Co Ltd 情報処理装置、ソフトウェア更新方法及び画像処理装置
JP2016519827A (ja) 2013-04-15 2016-07-07 アマゾン・テクノロジーズ、インコーポレイテッド 安全な記憶装置を用いたホストリカバリ

Also Published As

Publication number Publication date
CN114096965B (zh) 2024-07-26
WO2021004863A1 (en) 2021-01-14
EP3997602A1 (en) 2022-05-18
CN114096965A (zh) 2022-02-25
JP2022539465A (ja) 2022-09-09
US11409880B2 (en) 2022-08-09
EP3997602B1 (en) 2025-06-18
US20210012011A1 (en) 2021-01-14

Similar Documents

Publication Publication Date Title
JP7495190B2 (ja) コンテナのためのブラックボックス・セキュリティ
JP7601522B2 (ja) コンテンツ管理方法、システム、プログラム
JP7461697B2 (ja) Kubernetesにおけるワークロードの保護を行うための方法、システム、及びコンピュータ・プログラム
JP7546675B2 (ja) セキュア・ゲストへのセキュリティ・モジュールのセキュア・オブジェクトのバインディング
US20220382869A1 (en) Secure execution guest owner environmental controls
US20200285746A1 (en) Binding secure keys of secure guests to a hardware security module
US20190104115A1 (en) Restricting guest instances in a shared environment
US12050700B2 (en) Secure execution guest owner controls for secure interface control
US11755721B2 (en) Trusted workload execution
US12254099B2 (en) Autoencryption system for data in a container
US20230044731A1 (en) Attestation of a secure guest
US20170091473A1 (en) Inter-process access control
US12099614B2 (en) Secrets swapping in code
JP2024528834A (ja) メタデータを介した、機密データのセキュアなゲストへの提供
WO2023035742A1 (en) Open-source container data management
US11645092B1 (en) Building and deploying an application
US11809568B2 (en) Hypervisor having local keystore

Legal Events

Date Code Title Description
RD04 Notification of resignation of power of attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7424

Effective date: 20220518

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20221122

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20221223

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20231211

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20231219

RD12 Notification of acceptance of power of sub attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7432

Effective date: 20240216

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20240319

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20240507

RD14 Notification of resignation of power of sub attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7434

Effective date: 20240509

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20240521

R150 Certificate of patent or registration of utility model

Ref document number: 7495190

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150