STATEFUL MICROSERVICE-AWARE INTRUSION DETECTION

STATEFUL MICROSERVICE-AWARE INTRUSION DETECTION

A method, system, and computer program product for performing microservice-aware reference policy checking that accept stateful security policies. The method may include receiving a security policy for a container that is part of a microservice architecture. The method may also include obtaining a f...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Araujo, Frederico, Blair, William, Taylor, Teryl Paul
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A method, system, and computer program product for performing microservice-aware reference policy checking that accept stateful security policies. The method may include receiving a security policy for a container that is part of a microservice architecture. The method may also include obtaining a first effect graph of the security policy, resulting in a security model for the container. The method may also include identifying execution behavior of the container. The method may also include generating a second effect graph of the execution behavior of the container, where the generating includes summarizing operations and interactions between entities in the execution behavior and results in a behavioral model. The method may also include comparing the behavioral model to the security model. The method may also include determining whether the container has deviated from the security policy based on the comparing. The method may also include enforcing the security policy against the container.