US 12,073,005 B2
Expanded integrity monitoring of a container image
Christian Knierim, Munich (DE)
Assigned to SIEMENS AKTIENGESELLSCHAFT, Munich (DE)
Appl. No. 18/017,243
Filed by Siemens Aktiengesellschaft, Munich (DE)
PCT Filed Jul. 9, 2021, PCT No. PCT/EP2021/069208
§ 371(c)(1), (2) Date Jan. 20, 2023,
PCT Pub. No. WO2022/022995, PCT Pub. Date Feb. 3, 2022.
Claims priority of application No. 20187911 (EP), filed on Jul. 27, 2020.
Prior Publication US 2023/0244817 A1, Aug. 3, 2023
Int. Cl. G06F 21/64 (2013.01)
CPC G06F 21/64 (2013.01) 15 Claims
OG exemplary drawing
 
1. A method for expanded integrity monitoring of a container image and of container instances generated therefrom, in which the container image contains at least two layers, a base image and at least one application layer, which carries out at least one modification operation on the base image, the method comprising:
when assembling the container image, assigning for at least one of the layers of the container image an integrity rule specific to the layer and checking whether integrity violations of the integrity rule occur which originate in a sequence of layers of the preceding layers;
providing the container image and the assigned integrity rule to a guest computer;
generating, based on the container image, a container instance by a runtime environment of the guest computer;
during a runtime of the container instance on the guest computer, checking each individual layer against the assigned integrity rule while executing the container instance on the runtime environment, and
executing the layer depending on the assigned layer-specific integrity rule.