Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This Examiner’s Reasons for Allowance action is in response to the filing of 09/11/2019. Claims 1-20 are presently pending in the application and have been considered as follows.

EXAMINER’S NOTE
In regards to claims 17-20 the limitation “computer readable storage medium” is defined in paragraph 0102 of the published specification as “A computer readable storage medium, as used herein, is not to be construed as being transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission media (e.g., light pulses passing through a fiber-optic cable), or electrical signals transmitted through a wire.” Therefore, the claim is statutory and no 35 U.S.C 101 rejection is deemed warranted.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 09/12/2019 and 01/11/2021 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Allowance
Claims 1-20 are allowed.

Examiner’s Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: although the prior art of record (such as Bignon et al. (US20140223556)) With the method according to the invention, a virtual machine under attack is migrated toward an environment dedicated to security, adapted for treating the attack. Without this migration toward an environment dedicated to security, a virtual machine under attack would risk being subject to several successive migrations, or causing successive migrations of co-tenant virtual machines, without the attack being treated at the end of it all, which would penalize the whole architecture in terms of performance, and thus penalize all the clients. Indeed, the resource requirements of a virtual machine under attack tend to increase. If the attack is not treated, there is a risk that new migrations will ultimately be caused, either of the virtual machine under attack, or of co-tenant virtual machines of the machine under attack, or that the host server and the co-tenant virtual machines will be made unavailable. The method of the invention palliates the risks of uncontrolled successive migrations since in the event of an attack, the migrated machine is treated in an environment dedicated to security. Once treated, the virtual machine has requirements that are a priori fewer than when it was under attack; it therefore does not a priori require another migration. This advantage is important since migrations are restrictive and these restrictions limit the migration possibilities. The target host server must indeed have access to the same sub-network as the source host server, be based on the same type of processor, etc.. (Para. 0013)

none of the prior art, alone or in combination, teaches

 Independent Claim 1:  “…based on detecting the attack, identifying a time-to-contamination, the time-to-contamination taken as an amount of time for an active container of the active container pool to become contaminated as a result of the attack; provisioning new containers into the reserve container pool at a determined rate that is based on the identified time-to-contamination; and continuously removing, from the active container pool, active containers servicing the workload and concurrently deploying reserve containers from the reserve container pool to the active container pool to replace the removed active containers and takeover servicing the workload”.


in view of other limitations of claim 1.

Independent Claims 12 and 17 are allowed based on reasons mentioned above in regards to independent claim 1.

Dependent claims are allowed as they depend from an allowable independent claim.

The closest prior art made of record are:
Bignon et al. (US20140223556) A method is provided for attack detection and protection of a set of virtual machines in a system, which includes at least one first host server hosting said set of virtual machines. The method includes: receiving an attack detection message regarding a virtual machine, triggering a first migration of the virtual machine from the first host server toward a security system, and receiving an attack treatment message regarding the migrated virtual machine.  
Beachem et al. (US 20110078797) Methods and apparatus involve the mitigation of security threats at a computing endpoint, such as a server, including dynamic virtual machine imaging. During use, a threat assessment is undertaken to determine whether a server is compromised by a security threat. If so, a countermeasure to counteract the security threat is developed and installed on a virtual representation of the server. In this manner, the compromised server can be replaced with its virtual representation, but while always maintaining the availability of the endpoint in the computing environment. Other features contemplate configuration of the virtual representation from a cloned image of the compromised server at least as of a time just before the compromise and configuration on separate or same hardware platforms. Testing of the countermeasure to determine success is another feature as is monitoring data flows to identifying compromises, including types or severity. Computer program products and systems are also taught.
Beddus et al. (US 20200183716) Containerised computing processes are generated by an orchestration processor interpreting user commands and user 
 Benameur et al. (US 9794275)   Methods, computer program products, computer systems, and the like, which provide security in cloud-based services using lightweight replicas, are disclosed. The methods, computer program products, computer systems, and the like include detecting an intrusion into an application server, dynamically provisioning a replica application server in a server system in response to the detecting the intrusion, and transitioning a datastream from the application server to the replica application server, where the application server is provisioned in the server system, the intrusion is an attack on the application server, and the attack is conducted via a datastream between a first computing system and the application server. The replica application server is a replica of at least a portion of the application server.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance”.

Conclusion



Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER C HARRIS whose telephone number is (571)270-7841.  The examiner can normally be reached on Monday through Friday between 8:00 AM to 4:00 PM CST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469) 295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.