Abstract: Examples described herein relate to a security management system to secure a container ecosystem. In some examples, the security management system may protect one or more entities such as container management applications, container images, containers, and/or executable applications within the containers. The security management system may make use of digital cryptography to generate digital signatures corresponding to one or more of these entities and verify them during the execution so that any compromised entities can be blocked from execution and the container ecosystem may be safeguarded from any malicious network attacks.

Abstract: Examples described herein relate to a security management system to secure a container ecosystem. In some examples, the security management system may protect one or more entities such as container management applications, container images, containers, and/or executable applications within the containers. The security management system may make use of digital cryptography to generate digital signatures corresponding to one or more of these entities and verify them during the execution so that any compromised entities can be blocked from execution and the container ecosystem may be safeguarded from any malicious network attacks.

Abstract: Examples described herein relate to a security management system to secure a container ecosystem. In some examples, the security management system may protect one or more entities such as container management applications, container images, containers, and/or executable applications within the containers. The security management system may make use of digital cryptography to generate digital signatures corresponding to one or more of these entities and verify them during the execution so that any compromised entities can be blocked from execution and the container ecosystem may be safeguarded from any malicious network attacks.

Abstract: Examples disclosed herein relate to a security-based container scheduling system for allocating a container to a node. A discovery engine discovers a node in a cluster of nodes and a node security attribute associated with the node. A translation engine generates a node selector from a container security attribute specified in metadata associated with the container.

Abstract: Examples disclosed herein relate to a security-based container scheduling system for allocating a container to a node. A discovery engine discovers a node in a cluster of nodes and a node security attribute associated with the node. A translation engine generates a node selector from a container security attribute specified in metadata associated with the container.

Abstract: Methods and systems of migrating applications (105-1 to 105-3) with dynamic operating system containers (205-1, 205-2) are disclosed, in which a number of applications (105-1 to 105-3) currently executed within a first operating system environment are identified for migration to a second operating system environment; a new operating system container (205-1, 205-2) is created within the first operating system environment; the number of identified applications (105-1 to 105-3) are transferred into the operating system container (205-1, 205-2); and the operating system container (205-1, 205-2) is migrated to the second operating system environment.

Abstract: An embodiment of the invention provides an apparatus and method for automatic detection of a vulnerability exploit. The apparatus and method are configured to post a security vulnerability warning indicating a vulnerability of software; provide an exploit detector; and use the exploit detector to detect an attempted exploit that targets the vulnerability.

Abstract: Methods and systems of migrating applications (105-1 to 105-3) with dynamic operating system containers (205-1, 205-2) are disclosed, in which a number of applications (105-1 to 105-3) currently executed within a first operating system environment are identified for migration to a second operating system environment; a new operating system container (205-1, 205-2) is created within the first operating system environment; the number of identified applications (105-1 to 105-3) are transferred into the operating system container (205-1, 205-2); and the operating system container (205-1, 205-2) is migrated to the second operating system environment.

Abstract: An embodiment of the invention provides an apparatus and method for automatic detection of a vulnerability exploit. The apparatus and method are configured to post a security vulnerability warning indicating a vulnerability of software; provide an exploit detector; and use the exploit detector to detect an attempted exploit that targets the vulnerability.

Abstract: Various embodiments of spam control systems and methods are disclosed. One method embodiment, among others, comprises identifying an IP address as a spam source, and monitoring the activity of the IP address to determine if the IP address is re-assigned to another source.

Abstract: A rule-based selection, storage and access method and system for processing packets from network traffic. First, packet intercepted from network traffic are selected based on at least one rule. Second, the selected packets are stored in an in-kernel storage buffer, which can be tuned to a size that is appropriate to the number packets being captured and the ability of a packet usage application (e.g., a billing program) to process the packets. Third, an access mechanism is provided to a packet usage application for accessing the stored packets. The intercepted network traffic is provided to a receiving application.

Abstract: A connection from a client to a primary server is monitored and state information pertaining to a protocol stack used in the primary server is conveyed to a standby server. When the primary server becomes unhealthy, a crossover message is sent by the standby server to a client according to the conveyed state information.

Abstract: Packet routing method and system that routes packets to one of at least two processes based on at least one routing rule for processing packets from network traffic. First, at least one routing rule is received. The routing rule specifies one or more packet criteria (e.g., network card through which the packet is received or a predetermined source address of the packet). The routing rule also specifies a predetermined route or path for packets that meet the criteria described previously. Second, packets are received from a source (e.g., network traffic). Third, the routing rule is applied to the received packets. When the packet matches the criteria, the packet is routed to a predetermined process (e.g., a first application) through a corresponding route or path. The predetermined process then performs further packet processing on the routed packet. Otherwise, the packet is routed to a predetermined process (e.g., a second application) through a predetermined route.

Abstract: A rule-based selection, storage and access method and system for processing packets from network traffic. First, packet intercepted from network traffic are selected based on at least one rule. Second, the selected packets are stored in an in-kernel storage buffer, which can be tuned to a size that is appropriate to the number packets being captured and the ability of a packet usage application (e.g., a billing program) to process the packets. Third, an access mechanism is provided to a packet usage application for accessing the stored packets. The intercepted network traffic is provided to a receiving application.