Patents by Inventor Da Hu Kuang
Da Hu Kuang has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11275839Abstract: A method and system for code package. A dataset is generated according to a code package. The code package includes an image file associated with a container for a tenant. The dataset includes general information related to security aspects of the image file. The image file includes two or more image layers. Generating the dataset according to the code package includes: exporting an image layer from the image file; and obtaining a configuration file of the exported image layer as the dataset. In response to the vulnerability having been identified, the image file is updated with a patch that fixes the identified vulnerability. The patch includes a new image layer added to the two or more image layers in the updated image file.Type: GrantFiled: July 11, 2019Date of Patent: March 15, 2022Assignee: International Business Machines CorporationInventors: Peng Cui, Dong Xiao Hui, Tan Jiang, Da Hu Kuang, Lan Ling, Xu Peng, Liang Wang, Chun Xiao Zhang, Yu Zhang
-
Patent number: 11275838Abstract: A method and system. A dataset is generated according to a code package. The code package includes an image file associated with a container for a tenant in a cloud environment. The dataset includes general information related to security aspects of the image file. The image file includes two or more image layers. A security indicator of the image file is extracted according to the dataset. A security level of the image file is determined by comparing the extracted security indicator of the image file with a security indicator of an authenticated image file. A vulnerability in the image file is identified based on the determined security level. In response to the vulnerability having been identified, the image file is updated with a patch that fixes the identified vulnerability. The patch includes a new image layer added to the two or more image layers in the updated image file.Type: GrantFiled: July 10, 2019Date of Patent: March 15, 2022Assignee: International Business Machines CorporationInventors: Peng Cui, Dong Xiao Hui, Tan Jiang, Da Hu Kuang, Lan Ling, Xu Peng, Liang Wang, Chun Xiao Zhang, Yu Zhang
-
Publication number: 20190332780Abstract: A method and system for code package. A dataset is generated according to a code package. The code package includes an image file associated with a container for a tenant. The dataset includes general information related to security aspects of the image file. The image file includes two or more image layers. Generating the dataset according to the code package includes: exporting an image layer from the image file; and obtaining a configuration file of the exported image layer as the dataset. In response to the vulnerability having been identified, the image file is updated with a patch that fixes the identified vulnerability. The patch includes a new image layer added to the two or more image layers in the updated image file.Type: ApplicationFiled: July 11, 2019Publication date: October 31, 2019Inventors: Peng Cui, Dong Xiao Hui, Tan Jiang, Da Hu Kuang, Lan Ling, Xu Peng, Liang Wang, Chun Xiao Zhang, Yu Zhang
-
Publication number: 20190332779Abstract: A method and system. A dataset is generated according to a code package. The code package includes an image file associated with a container for a tenant in a cloud environment. The dataset includes general information related to security aspects of the image file. The image file includes two or more image layers. A security indicator of the image file is extracted according to the dataset. A security level of the image file is determined by comparing the extracted security indicator of the image file with a security indicator of an authenticated image file. A vulnerability in the image file is identified based on the determined security level. In response to the vulnerability having been identified, the image file is updated with a patch that fixes the identified vulnerability. The patch includes a new image layer added to the two or more image layers in the updated image file.Type: ApplicationFiled: July 10, 2019Publication date: October 31, 2019Inventors: Peng Cui, Dong Xiao Hui, Tan Jiang, Da Hu Kuang, Lan Ling, Xu Peng, Liang Wang, Chun Xiao Zhang, Yu Zhang
-
Patent number: 10402569Abstract: A method and associated system. A dataset is generated according to a code package. The code package includes an image file associated with a container for a tenant in a cloud environment. The dataset includes general information related to security aspects of the image file. A security level of the image file is determined according to the generated dataset. A vulnerability corresponding to the code package is identified based on the security level. In response to the vulnerability having been identified, the code package is updated with a patch associated with the identified vulnerability.Type: GrantFiled: October 20, 2016Date of Patent: September 3, 2019Assignee: International Business Machines CorporationInventors: Peng Cui, Dong Xiao Hui, Tan Jiang, Da Hu Kuang, Lan Ling, Xu Peng, Liang Wang, Chun Xiao Zhang, Yu Zhang
-
Publication number: 20180114025Abstract: A method and associated system. A dataset is generated according to a code package. The code package includes an image file associated with a container for a tenant in a cloud environment. The dataset includes general information related to security aspects of the image file. A security level of the image file is determined according to the generated dataset. A vulnerability corresponding to the code package is identified based on the security level. In response to the vulnerability having been identified, the code package is updated with a patch associated with the identified vulnerability.Type: ApplicationFiled: October 20, 2016Publication date: April 26, 2018Inventors: Peng Cui, Dong Xiao Hui, Tan Jiang, Da Hu Kuang, Lan Ling, Xu Peng, Liang Wang, Chun Xiao Zhang, Yu Zhang
-
Patent number: 9811806Abstract: Systems, methods, and computer program products to perform an operation including receiving an indication to commit a containerized image to an image repository, wherein the containerized image comprises a plurality of layers, and upon validating the containerized image by determining whether each layer of the containerized image is associated with a respective signature value, generating a first signature value for the containerized image, updating a data store for signature values to reflect the first signature value for the containerized image, and committing the containerized image to the repository.Type: GrantFiled: September 15, 2016Date of Patent: November 7, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Da Hu Kuang, Xin Peng Liu, Zhao Liu, Shu Chao Wan
-
Patent number: 9569180Abstract: A computer-implemented method includes monitoring a template registry for changes in the template registry. In response to detecting a new template in the template registry, the method includes analyzing the new template to identify explicit and implicit metadata corresponding to the new template. The method further includes determining one or more possible link dependencies between a container based on the new template and one or more other containers, respectively, based on the identified explicit and implicit metadata. In addition, the method includes providing container setting recommendations to a user based on the one or more possible link dependencies and the identified explicit and implicit metadata.Type: GrantFiled: October 29, 2015Date of Patent: February 14, 2017Assignee: International Business Machines CorporationInventors: Tan Jiang, Da Hu Kuang, Ling Lan, Wei Feng Li, Jing Jing Pan, Shu Chao Wan, Li Yi, Yu Zhang
-
Publication number: 20150186129Abstract: Embodiments of the invention relate to deploying a program module. The deploying includes obtaining a data dependency relationship between the program module and multiple to-be-deployed program modules, and a specific start order. In response to a request to install and configure the program module, data on which the program module depends are identified according to the data dependency relationship. In addition, the program module is installed and configured responsive to the identified data. The program module is started in response to completion of a startup of program modules required to be started before the program module as specified by the specific start order.Type: ApplicationFiled: January 7, 2015Publication date: July 2, 2015Inventors: Ajay A. Apte, Yang Che, Tan Jiang, Orvalle T. Kirby, III, Da Hu Kuang, Ling Lan, Lin Sun, Liang Wang, Yong Yao, Li Yi, Yu Zhang