US 12,229,251 B2
Shim based secure module access
Brian Gallagher, Waterford (IE); and Cathal O'Connor, Waterford (IE)
Assigned to Red Hat, Inc., Raleigh, NC (US)
Filed by Red Hat, Inc., Raleigh, NC (US)
Filed on Dec. 16, 2022, as Appl. No. 18/083,324.
Prior Publication US 2024/0202319 A1, Jun. 20, 2024
Int. Cl. G06F 21/54 (2013.01); G06F 21/57 (2013.01); G06F 21/60 (2013.01)
CPC G06F 21/54 (2013.01) [G06F 21/57 (2013.01); G06F 21/604 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system, comprising:
at least one node comprising an application container;
a container image associated with the application container;
a static analyzer module deployed to analyze the container image, with instructions configured to autonomously:
parse, code of an application, during compile time of the application, wherein the application is to be deployed in the application container;
determine, based on the parsing, for at least one section of the code, at least one module necessary for execution of the at least one section;
annotate, the at least one section of the code, based on the determined at least one module; and
inject, at least one wrapper around the at least one section of the code, wherein the wrapper adds at least one restriction to an execution of the at least one section at runtime, wherein the at least one restriction is based on at least one condition.