SYSTEM AND METHOD FOR CONTAINER FILE INTEGRITY MONITORING

SYSTEM AND METHOD FOR CONTAINER FILE INTEGRITY MONITORING

A system for monitoring file integrity in a host computing device having a process and a storage device storing computer executable code. The computer executable code is configured to: provide containers, an agent external to the containers, and a policy file configuring policy for the containers; i...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Zhan, Zhenxin, Su, Jimmy, Zeng, Junyuan, Chen, Yuan
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A system for monitoring file integrity in a host computing device having a process and a storage device storing computer executable code. The computer executable code is configured to: provide containers, an agent external to the containers, and a policy file configuring policy for the containers; intercept a system call indicating mounting, and construct a first correspondence between a container file path and a host file path having mounting correspondence; intercept a system call of the container indicating opening of the policy file, and construct a second correspondence between the container file path and the violation of the container file path; aggregate the first and second correspondences to obtain a correspondence between the host file path and the violation; and monitor file integrity of the container by detecting violation of the host file path.