US 12,229,575 B2
Hopping mechanism for container security
Alan Robert Lynn, Burke, VA (US)
Assigned to CISCO TECHNOLOGY, INC., San Jose, CA (US)
Filed by Cisco Technology, Inc., San Jose, CA (US)
Filed on Feb. 3, 2021, as Appl. No. 17/166,145.
Prior Publication US 2022/0244977 A1, Aug. 4, 2022
Int. Cl. G06F 9/455 (2018.01)
CPC G06F 9/45558 (2013.01) [G06F 2009/45562 (2013.01); G06F 2009/45587 (2013.01)] 12 Claims
OG exemplary drawing
 
1. A system comprising:
one or more processors; and
one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the system to perform operations comprising:
selecting a first virtual container associated with one or more software processes;
replicating the first virtual container to create a plurality of replicated virtual containers, each of the plurality of replicated virtual containers is a duplicate of the first virtual container, and the plurality of replicated virtual containers configured to run synchronously;
generating a randomized hopping set that defines a set of replicated virtual containers from the plurality of replicated virtual containers, the randomized hopping set establishing a sequence of the set of replicated virtual containers in which to run the one or more software processes; and
running the one or more software processes across the set of replicated virtual containers based on the sequence of the randomized hopping set, wherein the one or software processes run on each of the replicated virtual containers for a predetermined time period, wherein running further comprises updating the plurality of replicated virtual containers, wherein the updating comprises:
deleting a replicated virtual container of the plurality of replicated virtual containers;
in response to deleting the replicated virtual container, creating an open position in the randomized hopping set by shifting each remaining replicated virtual container of the plurality of virtual containers in the randomized hopping set by one position in the sequence;
creating a new replicated virtual container;
replacing the deleted replicated virtual container with the new replicated virtual container in the randomized hopping set by assigning the new replicated virtual container to the open position in the randomized hopping set, thereby creating an updated randomized hopping set and establishing an updated sequence of the updated set of replicated virtual containers in which to run the one or more software processes; and
running the one or more software processes across the updated set of replicated virtual containers based on the updated sequence of the updated randomized hopping set.