What technology area does this patent fall under?

Primary CPC classification G06F21/554. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Jan 08 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Maintaining secure clustered software with a container-based architecture

US10176319B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10176319-B2
Application number	US-201514951076-A
Country	US
Kind code	B2
Filing date	Nov 24, 2015
Priority date	Nov 24, 2015
Publication date	Jan 8, 2019
Grant date	Jan 8, 2019

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

The subject matter of this specification can be implemented in, among other things, a method that includes receiving, by a processing device in a platform-as-a-service (PaaS) system, package metadata including one or more attributes for each of a plurality of packages. Each of the plurality of packages includes one or more components of one or more applications to execute on the PaaS system. The method further includes receiving threat metadata including one or more attributes for each of a plurality of threats. The method further includes storing the package metadata or the threat metadata in one or more data stores. The method further includes comparing, by the processing device, the attributes of the packages to the attributes of the threats to determine that at least one package among the packages includes at least one threat from the threats.

First claim

Opening claim text (preview).

What is claimed is: 1. A method comprising: receiving, by a processing device in a platform-as-a-service (PaaS) system, package metadata comprising one or more attribute values for each of a plurality of packages, wherein each of the packages comprises one or more components of one or more applications to execute on the PaaS system, and wherein receiving the package metadata comprises receiving the attribute values of one or more trusted packages among the packages from a trusted source that provides the trusted packages and without scanning, by the PaaS system, contents of the trusted packages for the attribute values of the trusted packages; receiving threat metadata comprising one or more attribute values for each of a plurality of threats; storing the package metadata or the threat metadata in one or more data stores; and comparing, by the processing device, the attribute values of the packages to corresponding ones of the attribute values of the threats to determine that at least one package among the packages comprises at least one threat from the threats. 2. The method of claim 1 , further comprising rebuilding and redeploying the package in response to the determination that the package comprises the threat. 3. The method of claim 2 , wherein the comparison of the attribute values of the packages to the corresponding ones of the attribute values of the threats occurs without a comparison of the attribute values of the packages to the corresponding ones of the attribute values of the threats at runtime of the applications in the packages. 4. The method of claim 3 , wherein receiving the package metadata comprises creating hashes of one or more untrusted packages among the packages that are provided by an untrusted source. 5. The method of claim 4 , wherein one or more known packages among the packages have a known package type, wherein known attribute types of the attribute values of the known packages are predefined for the known package type, and wherein receiving the package metadata comprises accessing a portion of the known packages based on the known package type to identify the attribute values for the known attribute types of the known packages. 6. The method of claim 5 , wherein one or more custom packages among the packages have a custom package type, wherein custom attribute types of the attribute values of the custom packages are defined in a configuration setting for the custom package type, wherein the configuration setting specifies identifiers or locations of the custom attribute types in the custom packages that are used to locate the attribute values for the custom attribute types within the custom packages, and wherein receiving the package metadata comprises identifying the custom packages as having the custom package type and using the identifiers or the locations of the custom attribute types for the custom package type to identify the attribute values for the custom attribute types within the custom packages. 7. A non-transitory computer-readable medium having instructions stored therein that, when executed by a processing device, cause the processing device to: receive, by the processing device in a platform-as-a-service (PaaS) system, package metadata comprising one or more attribute values for each of a plurality of packages, wherein each of the packages comprises one or more components of one or more applications to execute on the PaaS system, and wherein, to receive the package metadata, the instructions are further to cause the processing device to receive the attribute values of one or more trusted packages among the packages from a trusted source that provides the trusted packages and without a scan, by the PaaS system, of contents of the trusted packages for the attribute values of the trusted packages; receive threat metadata comprising one or more attribute values for each of a plurality of threats; store the package metadata or the threat metadata in one or more data stores; and compare, by the processing device, the attribute values of the packages to corresponding ones of the attribute values of the threats to determine that at least one package among the packages comprises at least one threat from the threats. 8. The computer-readable medium of claim 7 , wherein the instructions are further to cause the processing device to rebuild and redeploy the package in response to the determination that the package comprises the threat. 9. The computer-readable medium of claim 8 , wherein the comparison of the attribute values of the packages to the corresponding ones of the attribute values of the threats occurs without a comparison of the attribute values of the packages to the corresponding ones of the attribute values of the threats at runtime of the applications in the packages. 10. The computer-readable medium of claim 9 , wherein, to receive the package metadata, the instructions are further to cause the processing device to create hashes of one or more untrusted packages among the packages that are provided by an untrusted source. 11. The computer-readable medium of claim 10 , wherein one or more known packages among the packages have a known package type, wherein known attribute types of the attribute values of the known packages are predefined for the known package type, and wherein, to receive the package metadata, the instructions are further to cause the processing device to access a portion of the known packages based on the known package type to identify the attribute values for the known attribute types of the known packages. 12. The computer-readable medium of claim 11 , wherein one or more custom packages among the packages have a custom package type, wherein custom attribute types of the attribute values of the custom packages are defined in a configuration setting for the custom package type, wherein the configuration setting specifies identifiers or locations of the custom attribute types in the custom packages that are used to locate the attribute values for the custom attribute types within the custom packages, and wherein, to receive the package metadata, the instructions are further to cause the processing device to identify the custom packages as having the custom package type and use the identifiers or the locations of the custom attribute types for the custom package type to identify the attribute values for the custom attribute types within the custom packages. 13. A system comprising: a memory that stores instructions; and a processing device, in a platform-as-a-service (PaaS) system, configured to execute the instructions to: receive package metadata comprising one or more attribute values for each of a plurality of packages, wherein each of the packages comprises one or more components of one or more applications to execute on the PaaS system, and wherein, to receive the package metadata, the processing device is further configured to execute the instructions to receive the attribute values of one or more trusted packages among the packages from a trusted source that provides the trusted packages and without a scan, by the PaaS system, of contents of the trusted packages for the attribute values of the trusted packages; receive threat metadata comprising one or more attribute values for each of a plurality of threats; store the package metadata or the threat metadata in one or more data stores; and compare the attribute values of the packages to corresponding ones of the attribute values of the threats to determine that at least one package among the packages comprises at least one threat from the threats. 14. The system of claim 13 , wherein the processing device is furt

Assignees

Red Hat Inc

Inventors

Classifications

G06F9/45558
Hypervisor-specific management and integration aspects · CPC title
G06F21/56
Computer malware detection or handling, e.g. anti-virus arrangements · CPC title
G06F2009/45562
Creating, deleting, cloning virtual machine instances · CPC title
G06F21/50
Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems · CPC title
G06F21/554Primary
involving event detection and direct action · CPC title

Patent family

Related publications grouped by family.

View patent family 58720181

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10176319B2 cover?: The subject matter of this specification can be implemented in, among other things, a method that includes receiving, by a processing device in a platform-as-a-service (PaaS) system, package metadata including one or more attributes for each of a plurality of packages. Each of the plurality of packages includes one or more components of one or more applications to execute on the PaaS system. Th…
Who is the assignee on this patent?: Red Hat Inc
What technology area does this patent fall under?: Primary CPC classification G06F21/554. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Jan 08 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).