-
公开(公告)号:US20190394281A1
公开(公告)日:2019-12-26
申请号:US16125792
申请日:2018-09-10
申请人: NICIRA, INC.
发明人: Nilesh Awate , Vivek Parikh , Amit Vasant Patil , Vaibhav Rekhate
IPC分类号: H04L29/08 , G06F9/455 , H04L29/12 , H04L12/725 , H04L12/721 , H04L12/741
摘要: Described herein are systems, methods, and software to enhance packet . In one implementation, a host computing element identifies a packet from a process executing on the host computing element. In response to identifying the packet, the host computing element determines whether the packet originates from a container namespace corresponding to a container on the host computing element or a host namespace corresponding to the host computing element. If the packet originates from a container namespace, the host computing element may determine supplemental information for the container associated with the container namespace, and process the packet based on the supplemental information.
-
公开(公告)号:US10678935B2
公开(公告)日:2020-06-09
申请号:US15647269
申请日:2017-07-12
申请人: NICIRA, INC.
发明人: Laxmikant Gunda , Nilesh Awate , Priyal Rathi
摘要: A method of providing security for containers executing on a physical host machine is provided. The method receives a notification of a file access request. The notification includes a path in a file system of the host machine being accessed by a process. From the path, the method determines whether the file access event is for accessing a location in the file system to which container file systems are mapped. The method identifies a namespace of the process using the identification of the process included in the file path. The method determines the process is a container when the namespace belongs to a service that is used to implement containers on the host machine. The method sends the identifier of the container, the identification of a VM executing the container, and the file path to a set of security applications to determine whether the file access request to be allowed.
-
公开(公告)号:US11811879B2
公开(公告)日:2023-11-07
申请号:US17745228
申请日:2022-05-16
申请人: Nicira, Inc.
发明人: Nilesh Awate , Vivek Parikh , Amit Vasant Patil , Vaibhav Rekhate
IPC分类号: G06F15/16 , H04L67/141 , G06F9/455 , H04L45/302 , H04L45/745 , H04L45/00 , H04L61/4552 , H04L67/10 , H04L101/365
CPC分类号: H04L67/141 , G06F9/45558 , H04L45/306 , H04L45/72 , H04L45/745 , H04L61/4552 , G06F2009/45562 , H04L67/10 , H04L2101/365
摘要: Described herein are systems, methods, and software to enhance packet processing. In one implementation, a host computing element identifies a packet from a process executing on the host computing element. In response to identifying the packet, the host computing element determines whether the packet originates from a container namespace corresponding to a container on the host computing element or a host namespace corresponding to the host computing element. If the packet originates from a container namespace, the host computing element may determine supplemental information for the container associated with the container namespace, and process the packet based on the supplemental information.
-
公开(公告)号:US20220279044A1
公开(公告)日:2022-09-01
申请号:US17745228
申请日:2022-05-16
申请人: Nicira, Inc.
发明人: Nilesh Awate , Vivek Parikh , Amit Vasant Patil , Vaibhav Rekhate
IPC分类号: H04L67/141 , G06F9/455 , H04L45/302 , H04L45/745 , H04L45/00 , H04L61/4552
摘要: Described herein are systems, methods, and software to enhance packet processing. In one implementation, a host computing element identifies a packet from a process executing on the host computing element. In response to identifying the packet, the host computing element determines whether the packet originates from a container namespace corresponding to a container on the host computing element or a host namespace corresponding to the host computing element. If the packet originates from a container namespace, the host computing element may determine supplemental information for the container associated with the container namespace, and process the packet based on the supplemental information.
-
公开(公告)号:US11336733B2
公开(公告)日:2022-05-17
申请号:US16125792
申请日:2018-09-10
申请人: NICIRA, INC.
发明人: Nilesh Awate , Vivek Parikh , Amit Vasant Patil , Vaibhav Rekhate
IPC分类号: G06F15/16 , H04L67/141 , G06F9/455 , H04L61/4552 , H04L45/30 , H04L45/745 , H04L45/00 , H04L67/10 , H04L101/365
摘要: Described herein are systems, methods, and software to enhance packet . In one implementation, a host computing element identifies a packet from a process executing on the host computing element. In response to identifying the packet, the host computing element determines whether the packet originates from a container namespace corresponding to a container on the host computing element or a host namespace corresponding to the host computing element. If the packet originates from a container namespace, the host computing element may determine supplemental information for the container associated with the container namespace, and process the packet based on the supplemental information.
-
公开(公告)号:US11057385B2
公开(公告)日:2021-07-06
申请号:US16033243
申请日:2018-07-12
申请人: NICIRA, INC.
摘要: Certain embodiments described herein are generally directed to systems and methods for preventing access to files on a virtual machine. One example method involves receiving network information associated with a network connection opened at the virtual machine and determining a process that opened the network connection. The method further involves receiving information indicative of a file access event attempted at the virtual machine and determining the process that opened the network connection initiated the file access event. The method further involves transmitting information indicative of the file access event and the network connection to a security virtual machine and receiving an enforcement decision for the file access event from the security virtual machine based on the information indicative of the file access event and the network connection. The method further involves applying the enforcement decision to either allow or prevent the file access event by the process.
-
-
-
-
-
搜索结果
6 条记录 (耗时 0.013 秒)
