Abstract: A system and method for detecting vulnerabilities in be images of software containers are disclosed. The method includes receiving an event indicating that at least one base image should be scanned for vulnerabilities, each base image including at least one image layer, wherein the event designates at least one source of the at least one base image, wherein the least one base image includes resources utilized to execute at least a software container; extracting contents of each image layer of each base image; scanning the extracting contents to detect at least one vulnerability; and generating a detection event, when the at least one vulnerability is detected.

Abstract: A method and system for protecting an application from unsecure network exposure. The method includes identifying at least one port through which the application is accessible when the application is not configured correctly, wherein the application is executed at a host device connected to at least one network, the host device having the at least one port; sending, to an external resource, connection data for connecting to the application via the at least one port, wherein the external resource is configured to attempt to connect to the application based on the connection data and to return results of the connection attempt; determining, based on the results of the connection attempt, whether an exposure vulnerability exists; and performing at least one mitigation action when an exposure vulnerability exists.

Abstract: A system and method for defending an application configured to invoke anonymous functions. The method includes analyzing the application to determine at least one branch of the application, wherein each branch is an instruction that deviates from a default behavior of the application; identifying, based on the at least one branch of the application and at least one first anonymous function, at least one potential threat branch, each potential threat branch including a call to one of the at least one first anonymous function; and rewiring at least one first function call of the application to create a secured instance of the application, wherein each of the at least one first function call is to one of the at least one first anonymous function prior to rewiring.

Abstract: A system and method for detecting vulnerabilities in base images of software containers are disclosed. The method includes receiving an event indicating that at least one base image should be scanned for vulnerabilities, each base image including at least one image layer, wherein the event designates at least one source of the at least one base image, wherein the least one base image includes resources utilized to execute at least a software container; extracting contents of each image layer of each base image; scanning the extracting contents to detect at least one vulnerability; and generating a detection event, when the at least one vulnerability is detected.

Abstract: A system and method for traffic enforcement in containerized environments. The method includes analyzing contents of a container image to determine a type of application to be executed by a first container, wherein the first container is a runtime instance of the container image; determining, based on the type of application to be executed by the first container, a filtering profile for the first container, wherein the filtering profile defines a configuration for inspecting and filtering traffic directed to the first container; and filtering, based on the filtering profile, malicious traffic directed to the first container.

Abstract: A system and method for dynamically adapting traffic inspection and filtering in containerized environments. The method includes monitoring the containerized environment to identify deployment of a software container in the containerized environment; inspecting traffic redirected from the software container, wherein the inspecting includes detecting malicious activity of the software container; and filtering the traffic based on at least one filtering rule when the malicious activity is detected, wherein the at least one filtering rule is defined in a filtering profile for the software container, wherein the filtering profile is determined for the software container when a new container image of the software container is detected in the containerized environment.

Abstract: A system and method for runtime detection of vulnerabilities in an application software container that is configured to execute an application.

Abstract: A system and method for securing execution of software containers using security profiles. The method includes receiving an event indicating that a container image requires profiling, wherein the container image includes resources utilized to execute a corresponding application container; generating a security profile for the container image when the event is received, wherein the generated security profile indicates at least networking ports that are allowed for at least one of: access to the application container, and access by the application container; monitoring an operation of a runtime execution of the application container; and detecting a violation of the security profile based on the monitored operation.

Abstract: A system and method for securing execution of software containers using security profiles. The method includes receiving an event indicating that a container image requires profiling, wherein the container image includes resources utilized to execute a corresponding application container; generating a security profile for the container image when the event is received, wherein the generated security profile indicates at least a list of permissible filesystem actions, wherein each permissible filesystem action is an action performed with respect to at least one filesystem resource; monitoring an operation of a runtime execution of the application container; and detecting a violation of the security profile based on the monitored operation.

Abstract: A method and system for detecting vulnerable root certificates in container images are provided. The method includes receiving an event to scan at least one container image hosted in a host device, wherein the least one container image includes resources utilized to execute, by the host device, at least a respective software application container; extracting contents of layers of the at least one container image; scanning the extracted contents to generate a first list designating all root certificates included in the at least one container image; generating a second list designating all root certificates trusted by the host device; comparing the first list to the second list to detect at least one root certificate designated in the first list but not in the second; and determining the at least one detected root certificate as vulnerable.

Abstract: A method for securing execution of software containers using security profiles. The method comprises receiving an event indicating that a container image requires profiling, wherein the container image includes resources utilized to execute a corresponding application container; generating a security profile for the container image, wherein the generated security profile includes at least a spawned processes profile, wherein the security profile is of the container image corresponding to the application container; monitoring the operation of a runtime execution of the application container; and detecting a violation of the spawned processes profile based on the monitored operation.

Abstract: A method for securing execution of software containers using security profiles. The method comprises receiving an event indicating that a container image requires profiling, wherein the container image includes resources utilized to execute a corresponding application container; generating a security profile for the container image, wherein the generated security profile includes at least a system calls profile; monitoring the operation of a runtime execution of the application container; and detecting a violation of the security profile based on the monitored operation, wherein the security profile is of the container image corresponding to the application container.

Abstract: A system and method for detecting vulnerabilities in base images of software containers are disclosed. The method includes receiving an event indicating that at least one base image should be scanned for vulnerabilities, each base image including at least one image layer, wherein the event designates at least one source of the at least one base image, wherein the least one base image includes resources utilized to execute at least a software container; extracting contents of each image layer of each base image; scanning the extracting contents to detect at least one vulnerability; and generating a detection event, when the at least one vulnerability is detected.

Abstract: A system and method for detecting vulnerabilities in software containers at runtime are provided. This method includes intercepting a request to instantiate a new software container in a first execution environment; creating a second execution environment; migrating the new software container from the first execution environment to the second execution environment for execution therein; monitoring the operation of the new software container in the second execution environment to detect at least one unauthorized action; and upon detection of the at least one unauthorized action, generating a detection event identifying at least a type of vulnerability associated with the detected unauthorized action.

Abstract: A system and method for detecting vulnerabilities in software containers at runtime are provided. The method includes monitoring events triggered as a result of changes to an application layer of a software container; based on the monitored events, determining if at least one file has been changed; upon determination that at least one file has been changed, scanning the at least one file to detect at least one type of vulnerability; and upon determination of at least one type of known vulnerability, generating a detection event.

Abstract: An embodiment of the invention provides a check-in verification system (VCS) that verifies a check-in by a user using a smartphone to check-in at a venue, by verifying that a geolocation provided by the smartphone agrees with a location of the venue and that a password used by the user and the venue are the same.

Abstract: One or more techniques and/or systems are provided for inferring user intent and/or for inferring a user location type of a user based upon venue boundary evaluation. For example, a user is located at a current user location, such as a downtown district of a city. One or more venue evaluation boundaries, corresponding to areas around the current user location, may be defined. Potential user intents, corresponding to venue types of venues within a venue evaluation boundary, may be identified (e.g., a buy coffee intent, a go to theatre intent, a meet a friend for lunch, intent, etc.) and may be assigned user intent values (e.g., the meet a friend for lunch intent may be assigned a lower value due to a current time being 9 am). Venue evaluation boundaries may be evaluated until an inferred user intent and/or inferred user location type (e.g., commercial, residential, etc.) is identified.

Abstract: Architecture that enables the discovery of relevant applications, where the relevance is personalized to the user and user interests. New, relevant, and interesting applications are personalized to the user based on friends and/or people with whom the user shares common interests (e.g., social networks), based on queries for a popular application within a geographical area, and/or collaborative filtering. Moreover, users who employ the disclosed architecture can maintain anonymity to prevent the exposure of personal identifying details. Social-based application discovery, location-based application discovery, anonymous-profile-based application discovery, and collaborative-filtering-based application discovery, are provided. Application installs, uninstalls, and frequency of user interaction are also available, as well as privacy modes for privacy protection.

Abstract: An embodiment of the invention provides a location based service (LBS) that updates a first version of information provided a mobile terminal responsive to a geo-query relative to a second, later version of information responsive to the geo-query by transmitting portions of the second version to the mobile terminal rather than all of the second version.

Abstract: Location-based notification architecture that provides notification relevance to a user and/or a user goal. The size of the virtual perimeter or boundary is changed dynamically based on changes in relevance to a user and/or user goal, and thus, can be made dependent on various factors. The size of the perimeter can increase or decrease according to user preferences that are learned over time (e.g., preference for a gas station of a specific company). These capabilities improve the relevance of the notification the user receives. The relevance of a notification to the user can be improved by tuning the perimeter size according to known parameters that depend on the point of interest (e.g., business) itself and/or by tuning of the size of virtual perimeter according to parameters associated with user behavior. Other parameters can be considered as well, such as environmental conditions, and traffic conditions, for example.