-
公开(公告)号:US20220215088A1
公开(公告)日:2022-07-07
申请号:US17576432
申请日:2022-01-14
Applicant: NeuVector, Inc.
Inventor: Glen K. Kosaka , Gang Duan , Fei Huang
Abstract: A policy interpreter detects that an application container has been added in a container system, and opens a stored manifest for the application container. The policy interpreter retrieves running services information regarding the application container, and generates a security policy for the application container. The security policy defines a set of actions for which the application container can perform, and the set of actions are determined using the manifest and the running service information associated with the application container. The policy interpreter loads the security policy at a security container. The security container blocks an action performed by the application container in response to determining that the action performed by the application container does not match any action in the set of actions defined in the security policy. The policy interpreter transmits the security policy to a graphical user interface container for presentation to a user via a display device.
-
公开(公告)号:US20230412628A1
公开(公告)日:2023-12-21
申请号:US18452539
申请日:2023-08-20
Applicant: NeuVector, Inc.
CPC classification number: H04L63/1425 , H04L43/06 , G06F2009/45591 , H04L41/22 , H04L63/168 , G06F9/45558
Abstract: A container system monitors one or more activities of an application container in a container system by intercepting data from the one or more activities of the application container. The application container includes computer-readable instructions and initiated via a container service and isolated using operating system-level virtualization. The monitoring is performed at a layer between the app container and the container service. The container system also transmits a report of the intercepted one or more activities to a designated source. The container system inspects the intercepted one or more activities, and in response to the intercepted one or more activities violating a policy in a policy store, triggers an action specified in the policy.
-
公开(公告)号:US20190394219A1
公开(公告)日:2019-12-26
申请号:US16019368
申请日:2018-06-26
Applicant: NeuVector, Inc.
Abstract: A container system monitors one or more activities of an application container in a container system by intercepting data from the one or more activities of the application container. The application container includes computer-readable instructions and initiated via a container service and isolated using operating system-level virtualization. The monitoring is performed at a layer between the app container and the container service. The container system also transmits a report of the intercepted one or more activities to a designated source. The container system inspects the intercepted one or more activities, and in response to the intercepted one or more activities violating a policy in a policy store, triggers an action specified in the policy.
-
公开(公告)号:US10341387B2
公开(公告)日:2019-07-02
申请号:US15427004
申请日:2017-02-07
Applicant: NeuVector, Inc.
Abstract: The various implementations described herein include systems, methods and/or devices method for applying security policies in a virtualization environment. In one aspect, the method is performed at an electronic device of a plurality of electronic devices in a computing network, the electronic device having one or more processors and memory storing instructions for execution by the one or more processors. A plurality of user-space instances is instantiated. Furthermore, a security instance distinct from the plurality of user-space instances is instantiated. The security instance, which executes in user space of a respective virtual address space, monitors operations and data communications for the plurality of user-space instances. The security instance applies security policies to the monitored operations and data communications for the plurality of user-space instances so as to detect and/or remediate violations of the security policies.
-
公开(公告)号:US11232192B2
公开(公告)日:2022-01-25
申请号:US16238524
申请日:2019-01-03
Applicant: NeuVector, Inc.
Inventor: Glen K. Kosaka , Gang Duan , Fei Huang
Abstract: A policy interpreter detects that an application container has been added in a container system, and opens a stored manifest for the application container. The policy interpreter retrieves running services information regarding the application container, and generates a security policy for the application container. The security policy defines a set of actions for which the application container can perform, and the set of actions are determined using the manifest and the running service information associated with the application container. The policy interpreter loads the security policy at a security container. The security container blocks an action performed by the application container in response to determining that the action performed by the application container does not match any action in the set of actions defined in the security policy. The policy interpreter transmits the security policy to a graphical user interface container for presentation to a user via a display device.
-
Patent Agency Ranking
6.发明申请公开(公告)号:US20170353499A1
公开(公告)日:2017-12-07
申请号:US15427004
申请日:2017-02-07
Applicant: NeuVector, Inc.
CPC classification number: H04L63/20 , G06F9/45558 , G06F2009/45587 , H04W12/08
Abstract: The various implementations described herein include systems, methods and/or devices method for applying security policies in a virtualization environment. In one aspect, the method is performed at an electronic device of a plurality of electronic devices in a computing network, the electronic device having one or more processors and memory storing instructions for execution by the one or more processors. A plurality of user-space instances is instantiated. Furthermore, a security instance distinct from the plurality of user-space instances is instantiated. The security instance, which executes in user space of a respective virtual address space, monitors operations and data communications for the plurality of user-space instances. The security instance applies security policies to the monitored operations and data communications for the plurality of user-space instances so as to detect and/or remediate violations of the security policies.
-
公开(公告)号:US20170353498A1
公开(公告)日:2017-12-07
申请号:US15426998
申请日:2017-02-07
Applicant: NeuVector, Inc.
CPC classification number: H04L63/20 , G06F9/45558 , G06F2009/45587 , H04W12/08
Abstract: The various implementations described herein include systems, methods and/or devices method for applying security policies in a virtualization environment. In one aspect, the method is performed at an electronic device of a plurality of electronic devices in a computing network, the electronic device having one or more processors and memory storing instructions for execution by the one or more processors. A plurality of user-space instances is instantiated. Respective properties that characterize the user-space instances are identified, and based on the identified properties, respective security policies that define authorized or unauthorized operations and data communications for user-space instances are identified. Furthermore, the identified security policies are applied so as to detect and/or remediate violations of the identified set of security policies.
-
公开(公告)号:US11792216B2
公开(公告)日:2023-10-17
申请号:US16019368
申请日:2018-06-26
Applicant: NeuVector, Inc.
CPC classification number: H04L63/1425 , G06F9/45558 , H04L41/22 , H04L43/06 , G06F2009/45591 , H04L63/168
Abstract: A container system monitors one or more activities of an application container in a container system by intercepting data from the one or more activities of the application container. The application container includes computer-readable instructions and initiated via a container service and isolated using operating system-level virtualization. The monitoring is performed at a layer between the app container and the container service. The container system also transmits a report of the intercepted one or more activities to a designated source. The container system inspects the intercepted one or more activities, and in response to the intercepted one or more activities violating a policy in a policy store, triggers an action specified in the policy.
-
公开(公告)号:US11106784B2
公开(公告)日:2021-08-31
申请号:US16155742
申请日:2018-10-09
Applicant: NeuVector, Inc.
Inventor: Henrik Rosendahl , Fei Huang , Gang Duan
Abstract: A threat level analyzer probes for one or more threats within an application container in a container system. Each threat is a vulnerability or a non-conformance with a benchmark setting. The threat level analyzer further probes for one or more threats within a host of the container service. The threat level analyzer generates a threat level assessment score based on results from the probing of the one or more threats of the application container and the one or more threats of the host, and generates a report for presentation in a user interface including the threat level assessment score and a list of threats discovered from the probe of the application container and the host. A report is transmitted by the threat level analyzer to a client device of a user for presentation in the user interface.
-
公开(公告)号:US20200218798A1
公开(公告)日:2020-07-09
申请号:US16238524
申请日:2019-01-03
Applicant: NeuVector, Inc.
Inventor: Glen K. Kosaka , Gang Duan , Fei Huang
Abstract: A policy interpreter detects that an application container has been added in a container system, and opens a stored manifest for the application container. The policy interpreter retrieves running services information regarding the application container, and generates a security policy for the application container. The security policy defines a set of actions for which the application container can perform, and the set of actions are determined using the manifest and the running service information associated with the application container. The policy interpreter loads the security policy at a security container. The security container blocks an action performed by the application container in response to determining that the action performed by the application container does not match any action in the set of actions defined in the security policy. The policy interpreter transmits the security policy to a graphical user interface container for presentation to a user via a display device.
-
-
-
-
-
-
-
-
-
Search Results
12
records
(took 0.015 seconds)
