Abstract: A method for the dynamic integrity monitoring of a container runtime environment executed on a host computer, in which environment at least one container is executed and is managed by an orchestration device, in the orchestration device, when a container instance is started in the container runtime environment by the orchestration device, creating an instance-specific integrity rule concerning at least one resource of the host computer adding the instance-specific integrity rule to form a host-computer-specific integrity standard which includes an instance-specific integrity rule for each container instance already executed in the container runtime environment transmitting the host-computer-specific integrity standard to the host computer; in the host computer, checking the resources on the host computer allocated by container instances against the host-computer-specific integrity standard, and outputting an alarm message if the check reveals a breach of the host-computer-specific integrity standard.

Abstract: Various embodiments of the teachings herein include a container runtime environment comprising: container application instances; and container monitoring instances. The container monitoring instances monitor the container application instances. Monitoring of the container application instances includes subdivided monitoring tasks. Each monitoring task is assigned at least one privilege exclusively enabling an execution of the respective assigned monitoring task. Execution of the monitoring task comprises enforcement of an assigned set of rules. The container monitoring instances are each allocated a monitoring task. The container monitoring instances each have the at least one privilege assigned to their monitoring task.

Abstract: A method for securely starting up a container instance in one or more execution environments for one or more components of a technical installation, such an execution environment being designed to execute the container instance includes the following method steps: a) providing a configurable check function that is performed before and/or while starting up the container instance, b) logging each step for preparing at least one execution limitation required for starting up and/or executing the container instance, c) checking each logged step using at least one permissibility criterion configured in the check function, and d) completing the startup and if necessary the execution of the container instance if the at least one permissibility criterion is satisfied, or e) initiating an alerting measure or a measure that counteracts the startup if at least one of the possible permissibility criteria is not satisfied.

Abstract: A method for updating a software component is provided, having the steps of: retrieving deployment information for the software component, wherein the deployment information includes information on program parts of the software component and the runtime configuration thereof; checking whether at least one program part has a flaw and identifying the program part; determining a runtime limitation for the program part which has been identified as having a flaw; adding runtime limitation information to the deployment information for the software component; and carrying out the deployment of the software component on the basis of the deployment information, wherein upon being ran, the software component is subject to the runtime limitation according to the runtime limitation information. Analyzing and temporarily adapting runtime configuration information of a deployment configuration for correcting flaws in software components to be updated simplifies the handling of zero-day exploit vulnerabilities.

Abstract: A method for protecting a process of setting up a subdirectory and/or a network interface for a container instance for providing a container-based application, is provided including—generating a directory guideline which includes at least one incorporation rule for assigning the subdirectory of the container instance to the subdirectory in the source directory; and/or generating an interface guideline which includes at least one incorporation rule for assigning the network interface of the container instance to the network interface of the associated host computer—loading a container image, an associated configuration file and the directory guideline and/or the interface guideline into a runtime environment of the host computer, —checking, before the process of starting the container instance and—generating the container instance from the container image in the host computer only in the event of a positive checking result.

Abstract: A method and device for the automatic, security-induced relocation of at least one container instance in an orchestrated environment that contains more than one guest computer managed by an orchestration apparatus is provided, including the following steps: the orchestration apparatus launching the container instance on a first guest computer that comprises security functions in accordance with a first security level, receiving a security alarm message including at least one criticality parameter that indicates a security status of the orchestrated environment from a monitoring apparatus in the orchestration apparatus, the orchestration apparatus determining a second security level, different from the first security level, for the container instance based on a relocation policy depending on the criticality parameter, the orchestration apparatus relocating the container instance to a second guest computer in the orchestrated environment that includes security functions in accordance with the second security le

Abstract: A method is provided for enforcing integrity conditions of a first container-based application with respect to all second container-based applications running in a shared runtime environment of a host system, the method including: assigning a first integrity standard including at least one requirement with regard to a second application; receiving a first piece of provisioning information and the first integrity standard from a user of the first application in the runtime environment, before the start of a first container instance of the first application; verifying the first piece of provisioning information with respect to a second integrity standard verifying the second pieces of provisioning information for each of the second applications with respect to the first integrity standard; reporting to the user a violation; and carrying out an operation to rectify the at least one violation and running the first container instance in the runtime environment.

Abstract: A method for executing privileged operations of an application program executed in a container on a host computer is provided, in which an extended execution permission to execute the container on a host computer is required in order to execute the privileged operation over non-privileged operations of the application program, including receiving a privilege policy monitoring called operations of the application program that are executed in the main container by way of a runtime environment of the host computer, launching a separate auxiliary container including the extended execution permission when a privileged operation contained in the privilege policy is called within the main container, executing the privileged operation in the auxiliary container on behalf of the main container, terminating the auxiliary container after the privileged operation has been executed, and continuing with the main container depending on feedback from the auxiliary container and/or the privilege policy.

Abstract: A method and assembly for resource sharing in an orchestrated environment is provided including a first cluster and a second cluster, wherein each cluster automatically managing a container instance on at least one node of the clusters, the instance being designed to: receive a request including a provisioning policy; determine a first utilization status of first nodes of the first cluster; determine a second utilization status of second nodes; select a target node from one of the first and second according to the provisioning policy and according to the first utilization status and the second utilization status via the first orchestration unit; and start the container instance on the target node using the second orchestration unit, if the selected target node is a second node.

Abstract: A method for automatically analyzing the exploitability of vulnerabilities of a software image executed on a target computer is provided, including: identifying all the software components contained in the software image, determining vulnerabilities of the identified software component for each software component of the software image using a vulnerability database, determining all exploits associated with the at least one determined vulnerability of the software component, for each identified software component, using an exploit database associating the determined exploits with the software image, and executing the software image and the exploit associated with the software image on a configuration of an execution environment specific to the target computer, and confirming the exploitability of the at least one identified vulnerability on the specific configuration of the execution environment if the execution of the at least one exploit leads to exploitation of the vulnerability.

Abstract: A method for expanded integrity monitoring of a container image, wherein the container image contains at least two layers, a base image and at least one application layer, which carries out at least one modification operation on the base image, includes the following steps: during assembly of the container image, allocating an integrity rule specific to the layer to the layer, for at least one of the layers of the container image, providing the container image and the allocated integrity rules to a guest computer, and—generating a container instance on the basis of the container image via a real-time environment of the guest computer, checking each individual layer in relation to the allocated integrity rules during execution of the container instance in the real-time environment, and—executing the layer according to the allocated layer-specific integrity rule.

Abstract: Various embodiments of the teachings herein include a method for checking container applications on a host system for manipulation. An example method includes: starting a respective checking process on the host system for each of at least two of the container applications; and assigning the respective checking process using a data-technology linkage. The checking processes subject the current behavior of at least one of the container applications other than the respective assigned container application to a comparison with a reference behavior of the at least one other container application.

Abstract: A method for automatically assigning changed permissions for diagnostic purposes for work container instances is provided including: in a reconfiguration unit of a runtime environment of the device or an orchestration device, receiving configuration information for starting a container instance, identifying diagnostic configuration information for providing at least one diagnostic container instance of a diagnostic application that carries out diagnostic activities, retrieving existing work container instances from a classification database, determining) a reconfiguration requirement of the retrieved work container instances, changing initial work configuration information to provide diagnostic data according to the diagnostic configuration information for each work container instance for which a reconfiguration requirement has been determined, restarting the changed work container instances according to the changed work configuration information, and starting the at least one diagnostic container instance of

Abstract: Method and system for providing control applications for industrial automation devices, wherein in order to provide control applications, which are each provided via flow control components, the flow control components are each classified, based on configuration information, or referenced memory maps, with respect to access to at least one socket of a flow control environment when their execution is started, where a classification for each of the flow control components is used to create or reference a permissions profile for socket access, an individual token, associated with a permissions profile, for the socket access is created for each flow control component and transferred to the respective flow control component, and where the tokens and/or the permissions profiles each have an application-specific resource access guideline combined with therewith which is transmitted to a control component for application, which control component opens the respective socket.

Abstract: A method for expanded integrity monitoring of a container image, wherein the container image contains at least two layers, a base image and at least one application layer, which carries out at least one modification operation on the base image, includes the following steps: during assembly of the container image, allocating an integrity rule specific to the layer to the layer, for at least one of the layers of the container image, providing the container image and the allocated integrity rules to a guest computer, and—generating a container instance on the basis of the container image via a real-time environment of the guest computer, checking each individual layer in relation to the allocated integrity rules during execution of the container instance in the real-time environment, and—executing the layer according to the allocated layer-specific integrity rule.

Abstract: A method is provided for storing at least one domain name system container image, wherein the domain name system container image is configured to create at least one domain name system container instance in a domain name system infrastructure. The method includes: creating at least one item of signed domain name system information, wherein the at least one item of signed domain name system information is created by a cryptographic signature of an item of domain name system information, wherein the cryptographic signature is created outside the domain name system server infrastructure; creating at least one domain name system container image, wherein the at least one domain name system container image has the signed domain name system information and at least one item of domain name system server software; and storing the at least one domain name system container image in a container registry.

Abstract: Various embodiments include an automated method for analyzing a container instance running on a host system in a runtime environment. The method may include: capturing an initial reference picture including a reproduction of the container instance; transferring the picture to a test system; capturing data when triggered by an event relating to an operation on the container instance; transmitting the data to the test system; producing an updated reference picture of the container instance by adjusting the initial reference picture for effects that the operations have on the container instance, the effects expected effects that the operations cause as expected; and analyzing the updated reference picture using the test system.

Abstract: Provided is a method for overload protection in a container-virtualized computing apparatus that provides a computer-implemented application by at least one work container, having the following steps: —receiving a request message to call the application, checking the currently existing workload of the computing apparatus against a stipulated load limit value, and if the current workload is higher than the load limit value, forwarding the request message to a load rejection container that provides at least one form of handling of the application that is modified compared to the work container.

Abstract: A method is provided for storing at least one domain name system container image, wherein the domain name system container image is configured to create at least one domain name system container instance in a domain name system infrastructure. The method includes: creating at least one item of signed domain name system information, wherein the at least one item of signed domain name system information is created by a cryptographic signature of an item of domain name system information, wherein the cryptographic signature is created outside the domain name system server infrastructure; creating at least one domain name system container image, wherein the at least one domain name system container image has the signed domain name system information and at least one item of domain name system server software; and storing the at least one domain name system container image in a container registry.