Intrusion detection for storage resources provisioned to containers in multi-tenant environments

Intrusion detection for storage resources provisioned to containers in multi-tenant environments

An apparatus comprises at least one container host device implementing containers for respective tenants of a multi-tenant environment, a storage platform coupled to the container host device and implementing storage resources for utilization by the containers, a container storage controller associa...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: Khanduja, Vaibhav
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title
container_volume
creator Khanduja, Vaibhav
description An apparatus comprises at least one container host device implementing containers for respective tenants of a multi-tenant environment, a storage platform coupled to the container host device and implementing storage resources for utilization by the containers, a container storage controller associated with the container host device, and a storage intrusion detector. The container storage controller is configured to provision portions of the storage resources for respective ones of the containers including for each of the containers at least one storage volume. The storage intrusion detector is configured to detect a condition under which a process not associated with a given one of the containers attempts to access the storage volume provisioned for that container. An alert is generated responsive to the detected condition. The storage intrusion detector may comprise a monitoring component that interacts with a kernel module implemented in kernel space of the container host device operating system.
format Patent
fullrecord <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_US10146936B1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>US10146936B1</sourcerecordid><originalsourceid>FETCH-epo_espacenet_US10146936B13</originalsourceid><addsrcrecordid>eNqNysEKglAQRmE3LaJ6h-kBhMQQ2hZFrau1Xa6_ckFnZGb0-UPoAVqds_jW2efBrpMlYWrgiL5cK0rmoqEDKUwmjTAaVea0SDTkQlHYQ2KoUWIapt5T7uDATuA5qfAAdttmqzb0ht2vm2x_u74u9xyj1LAxRDC8fj-LQ3GsTmV1Lsp_zBeVcj8C</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>Intrusion detection for storage resources provisioned to containers in multi-tenant environments</title><source>esp@cenet</source><creator>Khanduja, Vaibhav</creator><creatorcontrib>Khanduja, Vaibhav</creatorcontrib><description>An apparatus comprises at least one container host device implementing containers for respective tenants of a multi-tenant environment, a storage platform coupled to the container host device and implementing storage resources for utilization by the containers, a container storage controller associated with the container host device, and a storage intrusion detector. The container storage controller is configured to provision portions of the storage resources for respective ones of the containers including for each of the containers at least one storage volume. The storage intrusion detector is configured to detect a condition under which a process not associated with a given one of the containers attempts to access the storage volume provisioned for that container. An alert is generated responsive to the detected condition. The storage intrusion detector may comprise a monitoring component that interacts with a kernel module implemented in kernel space of the container host device operating system.</description><language>eng</language><subject>CALCULATING ; COMPUTING ; COUNTING ; ELECTRIC DIGITAL DATA PROCESSING ; PHYSICS</subject><creationdate>2018</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20181204&amp;DB=EPODOC&amp;CC=US&amp;NR=10146936B1$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,780,885,25562,76317</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20181204&amp;DB=EPODOC&amp;CC=US&amp;NR=10146936B1$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>Khanduja, Vaibhav</creatorcontrib><title>Intrusion detection for storage resources provisioned to containers in multi-tenant environments</title><description>An apparatus comprises at least one container host device implementing containers for respective tenants of a multi-tenant environment, a storage platform coupled to the container host device and implementing storage resources for utilization by the containers, a container storage controller associated with the container host device, and a storage intrusion detector. The container storage controller is configured to provision portions of the storage resources for respective ones of the containers including for each of the containers at least one storage volume. The storage intrusion detector is configured to detect a condition under which a process not associated with a given one of the containers attempts to access the storage volume provisioned for that container. An alert is generated responsive to the detected condition. The storage intrusion detector may comprise a monitoring component that interacts with a kernel module implemented in kernel space of the container host device operating system.</description><subject>CALCULATING</subject><subject>COMPUTING</subject><subject>COUNTING</subject><subject>ELECTRIC DIGITAL DATA PROCESSING</subject><subject>PHYSICS</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2018</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNqNysEKglAQRmE3LaJ6h-kBhMQQ2hZFrau1Xa6_ckFnZGb0-UPoAVqds_jW2efBrpMlYWrgiL5cK0rmoqEDKUwmjTAaVea0SDTkQlHYQ2KoUWIapt5T7uDATuA5qfAAdttmqzb0ht2vm2x_u74u9xyj1LAxRDC8fj-LQ3GsTmV1Lsp_zBeVcj8C</recordid><startdate>20181204</startdate><enddate>20181204</enddate><creator>Khanduja, Vaibhav</creator><scope>EVB</scope></search><sort><creationdate>20181204</creationdate><title>Intrusion detection for storage resources provisioned to containers in multi-tenant environments</title><author>Khanduja, Vaibhav</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_US10146936B13</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng</language><creationdate>2018</creationdate><topic>CALCULATING</topic><topic>COMPUTING</topic><topic>COUNTING</topic><topic>ELECTRIC DIGITAL DATA PROCESSING</topic><topic>PHYSICS</topic><toplevel>online_resources</toplevel><creatorcontrib>Khanduja, Vaibhav</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Khanduja, Vaibhav</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>Intrusion detection for storage resources provisioned to containers in multi-tenant environments</title><date>2018-12-04</date><risdate>2018</risdate><abstract>An apparatus comprises at least one container host device implementing containers for respective tenants of a multi-tenant environment, a storage platform coupled to the container host device and implementing storage resources for utilization by the containers, a container storage controller associated with the container host device, and a storage intrusion detector. The container storage controller is configured to provision portions of the storage resources for respective ones of the containers including for each of the containers at least one storage volume. The storage intrusion detector is configured to detect a condition under which a process not associated with a given one of the containers attempts to access the storage volume provisioned for that container. An alert is generated responsive to the detected condition. The storage intrusion detector may comprise a monitoring component that interacts with a kernel module implemented in kernel space of the container host device operating system.</abstract><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier
ispartof
issn
language eng
recordid cdi_epo_espacenet_US10146936B1
source esp@cenet
subjects CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
title Intrusion detection for storage resources provisioned to containers in multi-tenant environments
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-14T17%3A18%3A15IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=Khanduja,%20Vaibhav&rft.date=2018-12-04&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EUS10146936B1%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true