GENERATION OF SECURITY POLICIES FOR CONTAINER EXECUTION
Automated generation of security policies for container execution includes performing automated static analysis of binary code of a containerized application and generating, based on the static analysis, a control-flow graph of expected runtime execution flow of the containerized application, the co...
Gespeichert in:
| Hauptverfasser: | , |
|---|---|
| Format: | Patent |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | Automated generation of security policies for container execution includes performing automated static analysis of binary code of a containerized application and generating, based on the static analysis, a control-flow graph of expected runtime execution flow of the containerized application, the containerized application providing an expected set of functionality when properly executing, inferring, from the expected runtime execution flow of the containerized application, security policy configurations for a plurality of resources used in execution of the containerized application and that suffice for the containerized application to provide the expected set of functionality, and automatically generating, as part of configuration file(s) used in deploying a container having the containerized application for execution, a security policy for execution of the container including the containerized application thereof, the security policy specifying the security policy configurations for the plurality of resources used in the execution of the containerized application. |
|---|