What technology area does this patent fall under?

Primary CPC classification G06F9/455. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Jun 15 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Techniques for serverless runtime application self-protection

US11036534B2 · US · B2

Patent metadata
Field	Value
Publication number	US-11036534-B2
Application number	US-201816144347-A
Country	US
Kind code	B2
Filing date	Sep 27, 2018
Priority date	Jul 19, 2018
Publication date	Jun 15, 2021
Grant date	Jun 15, 2021

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A system and method for serverless runtime application self-protection. The method includes embedding a serverless defender function into a function serverless bundle containing an application deployment bundle of a serverless application, wherein the embedding further comprises modifying the function serverless bundle to include a serverless defender shared library and a security policy, wherein the serverless defender shared library is configured to install at least one hook into at least one system call of the serverless application when the serverless application is executed, wherein each hook only allows running of system calls and library functions that satisfy the security policy during execution of the serverless application, wherein the serverless defender function is loaded at a system when the serverless application is initiated by the system, wherein the serverless defender function is configured to perform at least one mitigation action when the security policy is violated during execution of the serverless application.

First claim

Opening claim text (preview).

What is claimed is: 1. A method for serverless runtime application self-protection, comprising: embedding a serverless defender function into a function serverless bundle containing an application deployment bundle of a serverless application, wherein the embedding further comprises modifying the function serverless bundle to include a serverless defender shared library and a security policy, wherein the serverless defender shared library is configured to install at least one hook into at least one system call of the serverless application when the serverless application is executed, wherein each hook only allows running of system calls and library functions that satisfy the security policy during execution of the serverless application, wherein the serverless defender function is loaded at a system when the serverless application is initiated by the system, wherein the serverless defender function is configured to perform at least one mitigation action when the security policy is violated during execution of the serverless application. 2. The method of claim 1 , wherein the embedding further comprises: injecting loader code into the function serverless bundle, wherein the loader code, when executed by a system, configures the system to load the serverless defender upon startup of the serverless application. 3. The method of claim 2 , further comprising: hiding at least one environmental variable used to inject the loader code. 4. The method of claim 1 , wherein the at least one mitigation action includes generating an audit, wherein the audit is a report indicating a violation of the security policy. 5. The method of claim 1 , wherein the serverless defender is invoked when a system call occurs. 6. The method of claim 1 , wherein the serverless defender is configured to generate a protected task based on each of at least one task definition of the serverless application. 7. The method of claim 1 , further comprising: modifying a sidecar container to use an image of the serverless defender and to share a volume with the serverless defender, wherein the modified sidecar container is configured to copy an executable file of the serverless defender and the serverless application shared library to the shared volume. 8. The method of claim 1 , further comprising: uploading the function serverless bundle to a cloud computing platform for execution of the serverless application and the serverless defender by the cloud computing platform. 9. The method of claim 1 , wherein the serverless defender is run as a first entry point of each of at least one container of the system, wherein the serverless defender is configured to execute a second entry point of each of the at least one container, and to attach the serverless application shared library to each process of each of the at least one container, wherein the second entry point is an original entry point of the container. 10. The method of claim 1 , wherein the serverless application shared library is configured to hijack all functions including interaction with a kernel by the serverless application, wherein the kernel is a kernel of a system executing the serverless application. 11. A non-transitory computer readable medium having stored thereon instructions for causing a processing circuitry to execute a process, the process comprising: embedding a serverless defender function into a function serverless bundle containing an application deployment bundle of a serverless application, wherein the embedding further comprises modifying the function serverless bundle to include a serverless defender shared library and a security policy, wherein the serverless defender shared library is configured to install at least one hook into at least one system call of the serverless application when the serverless application is executed, wherein each hook only allows running of system calls and library functions that satisfy the security policy during execution of the serverless application, wherein the serverless defender function is loaded at a system when the serverless application is initiated by the system, wherein the serverless defender function is configured to perform at least one mitigation action when the security policy is violated during execution of the serverless application. 12. A system for serverless runtime application self-protection, comprising: a processing circuitry; and a memory, the memory containing instructions that, when executed by the processing circuitry, configure the system to: embed a serverless defender function into a function serverless bundle containing an application deployment bundle of a serverless application, wherein the embedding further comprises modifying the function serverless bundle to include a serverless defender shared library and a security policy, wherein the serverless defender shared library is configured to install at least one hook into at least one system call of the serverless application when the serverless application is executed, wherein each hook only allows running of system calls and library functions that satisfy the security policy during execution of the serverless application, wherein the serverless defender function is loaded at a system when the serverless application is initiated by the system, wherein the serverless defender function is configured to perform at least one mitigation action when the security policy is violated during execution of the serverless application. 13. The system of claim 12 , wherein the system is further configured to: inject loader code into the function serverless bundle, wherein the loader code, when executed by a system, configures the system to load the serverless defender upon startup of the serverless application. 14. The system of claim 13 , wherein the system is further configured to: hide at least one environmental variable used to inject the loader code. 15. The system of claim 12 , wherein the at least one mitigation action includes generating an audit, wherein the audit is a report indicating a violation of the security policy. 16. The system of claim 12 , wherein the serverless defender is invoked when a system call occurs. 17. The system of claim 12 , wherein the serverless defender is configured to generate a protected task based on each of at least one task definition of the serverless application. 18. The system of claim 12 , wherein the system is further configured to: modify a sidecar container to use an image of the serverless defender and to share a volume with the serverless defender, wherein the modified sidecar container is configured to copy an executable file of the serverless defender and the serverless application shared library to the shared volume. 19. The system of claim 12 , wherein the system is further configured to: upload the function serverless bundle to a cloud computing platform for execution of the serverless application and the serverless defender by the cloud computing platform. 20. The system of claim 12 , wherein the serverless defender is run as a first entry point of each of at least one container of the system, wherein the serverless defender is configured to execute a second entry point of each of the at least one container, and to attach the serverless application shared library to each process of each of the at least one container, wherein the second entry point is an original entry point of the container. 21. The system of claim 12 , wherein the serverless application shared library is configured to hijack all

Assignees

Twistlock Ltd

Inventors

Classifications

G06F9/455Primary
Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines · CPC title
G06F9/45558Primary
Hypervisor-specific management and integration aspects · CPC title
G06F18/214
Generating training patterns; Bootstrap methods, e.g. bagging or boosting · CPC title
G06F21/51
at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability · CPC title
G06F21/552
involving long-term monitoring or reporting · CPC title

Patent family

Related publications grouped by family.

View patent family 69161293

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11036534B2 cover?: A system and method for serverless runtime application self-protection. The method includes embedding a serverless defender function into a function serverless bundle containing an application deployment bundle of a serverless application, wherein the embedding further comprises modifying the function serverless bundle to include a serverless defender shared library and a security policy, where…
Who is the assignee on this patent?: Twistlock Ltd
What technology area does this patent fall under?: Primary CPC classification G06F9/455. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Jun 15 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).