US 12,242,879 B2
Protecting container images and runtime data
Wen Yi Gao, Beijing (CN); Qi Feng Huo, Beijing (CN); Si Bo Niu, Beijing (CN); Sen Wang, Beijing (CN); and Dan Li, Beijing (CN)
Assigned to International Business Machines Corporation, Armonk, NY (US)
Filed by International Business Machines Corporation, Armonk, NY (US)
Filed on Jul. 6, 2022, as Appl. No. 17/858,120.
Prior Publication US 2024/0012666 A1, Jan. 11, 2024
Int. Cl. G06F 9/455 (2018.01); G06F 21/60 (2013.01); H04L 9/06 (2006.01)
CPC G06F 9/45558 (2013.01) [G06F 21/602 (2013.01); H04L 9/0643 (2013.01); G06F 2009/45587 (2013.01)] 11 Claims
OG exemplary drawing
 
1. A computer-implemented method for protecting container image and runtime data from host access, the method comprising:
retrieving, by a processor, one or more container images from a container registry, wherein the one or more container images are based on a root file system comprised of one or more layers;
flattening, by the processor, each of the one or more container images of the root file system into a single layer;
generating, by the processor, a container base image for each flattened container image;
building, by the processor, a virtual machine overlay base image based, at least in part, on one or more of the generated container base images;
sharing, by the processor, the virtual machine overlay base image based, at least in part, on a dynamic sharing policy; and
encrypting, by the processor, each generated container base image.