VMware, Inc.
Security context aware nano-segmentation for container based microservices

Abstract:

The present disclosure provides an approach for creating one or more firewall rules to regulate communication between containers. The approach includes calculating a trust score for each container. To generate a rule for any two containers, a difference between the trust scores is computed, and if the difference in trust levels is too large, then the more trustworthy container is not allowed to communicate with the less trustworthy container. If the difference in trust scores is not too large, then the trustworthy container is allowed to communicate with the other trustworthy container, or an untrustworthy container is allowed to communicate with another untrustworthy container.