The subject matter discussed in the background section should not be assumed to be prior art merely as a result of its mention in the background section. Similarly, a problem mentioned in the background section or associated with the subject matter of the background section should not be assumed to have been previously recognized in the prior art. The subject matter in the background section merely represents different approaches, which in and of themselves may also correspond to implementations of the claimed inventions.
Operating-system—level virtualization, also known as containerization, refers to an operating system feature in which the operating system kernel enables the existence of multiple isolated user-space instances. Each of these instances, called software containers, partitions, virtualization engines, or jails, may appear like an ordinary computer from the point of view of an application program executing in the instance An application program, or application, executing on an ordinary computer's operating system can identify all of that ordinary computer's resources, such as connected devices, files and folders, network shares, central processing unit (CPU) power, and quantifiable hardware capabilities. However, an application executing inside a software container can only identify the software container's contents and the devices that are assigned to the software container. A software container can wrap a developing application in a complete environment containing everything that the application needs, such as memory, disk space, network access, and an operating system. The use of software containers reduces the time between application development and deployment. However, as the use of software containers grows, so does the potential for software container malware. Additionally, as the volume and diversity of normal application instances increases, the detection of unauthorized or malicious application instances in software containers becomes more difficult.