Method and System for known vulnerability detection within a virtual container
Publication Date: 2017-Jun-02
The IP.com Prior Art Database
Title: Method and System for known vulnerability detection within a virtual container
In these last years, containers are becoming one the most important pieces of enterprise solutions. Products like Docker are now widely adopted in enterprise solutions because of the flexibility that container technologies have over more traditional approaches based on virtual machines.
An “image” is an application with all its dependencies that lives in an isolated “space” within the container. Usually, these dependencies are software libraries.
Typically, software libraries are not maintained by the same people that maintains the business logic running within the container. These libraries are usually maintained by a 3rd party, and from time to time someone exploit bugs, and vulnerability issues. A good example of this situation is the “Heartbleed” vulnerability of OpenSSL, that affected thousands of applications that leverage on some capabilities of OpenSSL.
When you have a solution that is based on virtual container technologies, it is not easy, nor trivial looking for known vulnerabilities.
The object of the present disclosure is to provide a method to efficiently solve the problem of detecting the known vulnerabilities of applications running within a container. Without losing generality, we will use Docker as a reference for virtual containers technologies, but the method discussed in this discloser is applicable to other technologies as well.
The solution will leverage on a solution of endpoint management that provides tools and infrastructure to deploy this method in large scale, as well as it provides our knowledge base of known vulnerabilities.
Usually, the Docker container runs in a computer where we can install an agent that is part of the endpoint management solution. The solution proposed in this disclosure can be implemented as a new capability of this software component.
Without loss of generality, let’s assume that we have a computer that hosts a Docker container and that has the agent described in the above section up and running. Let’s also assume that the container is running on a Linux host. The object of this disclosure explains how we will be able to collect information from an arbitrary number of Docker container through the agent, in order to make them available through a centralized management system via analyses available within the endpoint management product. The agent is instrumented with a brand new software component that will be called container inspector, and that will be identified by the name of the image that we are interested in. This software component is capable to do introspection of the properties of the virtual container. Through this inspector we will be able to inspect what is within the virtual container and to report the results to the server. The following properties can be retrieved using this inspector:
• The collection of the container instances available on the...