-
1.发明申请METHOD AND SYSTEM FOR DATA PLANE ABSTRACTION TO ENABLE A DYNAMIC CREATION OF NETWORK APPLICATIONS 有权用于数据平面提取的方法和系统,以实现网络应用的动态创建公开(公告)号:US20140237456A1
公开(公告)日:2014-08-21
申请号:US13771026
申请日:2013-02-19
申请人: Pere Monclus , Sushil Singh , Brenden Blanco , Alexei Starovoitov , Awais Nemat
发明人: Pere Monclus , Sushil Singh , Brenden Blanco , Alexei Starovoitov , Awais Nemat
IPC分类号: G06F9/45
摘要: The method includes receiving, by a data plane definition language compiler, a first data plane definition describing customized functionality of a data plane of a first network application, and compiling the data plane definition to generate a first set of customized data processing modules and a program interface that allows a control plane of the network application to access the first set of customized data processing modules. The method also includes loading the first set of customized data processing modules into a data plane container, wherein the network application is executed via a network operating system, and wherein, upon execution of the network application the customized data processing module causes the data plane container of the network application to process packets differently than prior to loading the customized data processing module in the data plane container.
摘要翻译: 该方法包括通过数据平面定义语言编译器接收描述第一网络应用的数据平面的定制功能的第一数据平面定义,以及编译数据平面定义以生成第一组定制数据处理模块和程序 接口,允许网络应用程序的控制平面访问第一组定制数据处理模块。 该方法还包括将第一组定制数据处理模块加载到数据平面容器中,其中通过网络操作系统执行网络应用,并且其中,在执行网络应用时,定制数据处理模块使数据平面容器 的网络应用程序处理数据包的方式与将数据处理模块加载到数据平面容器之前不同。
-
公开(公告)号:US20110302400A1
公开(公告)日:2011-12-08
申请号:US12795466
申请日:2010-06-07
CPC分类号: G06F21/575 , G06F21/72 , H04L9/0825 , H04L9/0897
摘要: Techniques are described for securely booting and executing a virtual machine (VM) image in an untrusted cloud infrastructure. A multi-core processor may be configured with additional hardware components—referred to as a trust anchor. The trust anchor may be provisioned with a private/public key pair, which allows the multi-core CPU to authenticate itself as being able to securely boot and execute a virtual machine (VM) image in an untrusted cloud infrastructure.
摘要翻译: 描述了在不受信任的云基础架构中安全地引导和执行虚拟机(VM)映像的技术。 多核处理器可以被配置为附加的硬件组件 - 被称为信任锚。 信任锚可以配置私钥/公钥对,这允许多核CPU将其自身认证为能够在不受信任的云基础设施中安全地引导和执行虚拟机(VM)映像。
-
3.发明申请公开(公告)号:US20150295750A1
公开(公告)日:2015-10-15
申请号:US14253775
申请日:2014-04-15
CPC分类号: G06F9/5077 , G06F9/455 , G06F9/50 , G06F11/181 , H04L41/0803 , H04L41/0816 , H04L41/50 , H04L49/354
摘要: A method and apparatus is disclosed herein for use of a connectivity manager and a network infrastructure including the same. In one embodiment, the network infrastructure comprises one or more physical devices communicably coupled into a physical network infrastructure or via the overlay provided by the physical servers; and a virtual network domain containing a virtual network infrastructure executing on the physical network infrastructure. In one embodiment, the virtual network domain comprises one or more virtual network functions connected together through one or more links and executing on the one or more physical devices, and one or more interfaces coupled to one or more network functions via one or more links to communicate data between the virtual network domain and at least one of the one or more physical devices of the physical network infrastructure while the virtual network domain is isolated from other virtual infrastructures executing on the physical network infrastructure.
摘要翻译: 本文公开了一种使用连接管理器和包括其的网络基础设施的方法和装置。 在一个实施例中,网络基础设施包括可通信地耦合到物理网络基础设施中或经由物理服务器提供的覆盖物的一个或多个物理设备; 以及包含在物理网络基础设施上执行的虚拟网络基础设施的虚拟网络域。 在一个实施例中,虚拟网络域包括通过一个或多个链路连接在一起并在一个或多个物理设备上执行的一个或多个虚拟网络功能,以及经由一个或多个链路耦合到一个或多个网络功能的一个或多个接口 在虚拟网络域与物理网络基础设施上执行的其他虚拟基础设施隔离的同时,在虚拟网络域与物理网络基础设施的一个或多个物理设备中的至少一个之间传送数据。
-
4.发明授权System and method for transport, network, translation, and adaptive coding in a vehicular network environment 有权车载网络环境中的传输,网络,翻译和自适应编码的系统和方法公开(公告)号:US09154900B1
公开(公告)日:2015-10-06
申请号:US13114659
申请日:2011-05-24
申请人: Sateesh K. Addepalli , Preethi Natarajan , Raghuram S. Sudhaakar , Lillian Lei Dai , Vina Ermagan , Christian Ibars Casas , Pere Monclus
发明人: Sateesh K. Addepalli , Preethi Natarajan , Raghuram S. Sudhaakar , Lillian Lei Dai , Vina Ermagan , Christian Ibars Casas , Pere Monclus
IPC分类号: H04W4/00 , H04L29/06 , H04W4/10 , H04L1/00 , H04W80/02 , H04W12/04 , H04W12/02 , H04W28/06 , H04W76/00
CPC分类号: H04W4/046 , B60R16/023 , B60W50/10 , G06F3/017 , G06F3/167 , G06F9/542 , G06F21/45 , H04L1/008 , H04L29/06578 , H04L43/0811 , H04L43/0858 , H04L43/0876 , H04L45/12 , H04L51/02 , H04L61/2592 , H04L63/08 , H04L63/107 , H04L67/12 , H04L67/32 , H04L69/18 , H04Q9/00 , H04W4/00 , H04W4/10 , H04W8/06 , H04W8/08 , H04W8/26 , H04W12/02 , H04W12/04 , H04W12/06 , H04W12/08 , H04W28/0215 , H04W28/06 , H04W36/08 , H04W40/02 , H04W40/20 , H04W48/02 , H04W48/06 , H04W48/16 , H04W48/18 , H04W52/12 , H04W52/143 , H04W52/225 , H04W52/241 , H04W52/346 , H04W72/0406 , H04W72/042 , H04W72/0493 , H04W76/45 , H04W80/02 , H04W84/005 , H04W84/12 , H04W92/18 , Y02A30/60
摘要: In accordance with one embodiment, a system and method are provided for translation services to facilitate interoperation between mobility schemes. In other embodiments, the system and method may provide transport and network services for legacy applications, and adaptive coding for message, packet, link and physical layers.
摘要翻译: 根据一个实施例,提供了一种用于翻译服务以促进移动性方案之间的互操作的系统和方法。 在其他实施例中,系统和方法可以为传统应用提供传输和网络服务,以及针对消息,分组,链路和物理层的自适应编码。
-
公开(公告)号:US08990582B2
公开(公告)日:2015-03-24
申请号:US12789207
申请日:2010-05-27
申请人: Fabio R. Maino , Pere Monclus , David A. McGrew
发明人: Fabio R. Maino , Pere Monclus , David A. McGrew
CPC分类号: G06F12/1408 , G06F12/0811 , G06F12/084 , G06F12/0848 , G06F21/123
摘要: Techniques for memory compartmentalization for trusted execution of a virtual machine (VM) on a multi-core processing architecture are described. Memory compartmentalization may be achieved by encrypting layer 3 (L3) cache lines using a key under the control of a given VM within the trust boundaries of the processing core on which that VMs is executed. Further, embodiments described herein provide an efficient method for storing and processing encryption related metadata associated with each encrypt/decrypt operation performed for the L3 cache lines.
摘要翻译: 描述了用于多核处理架构上的虚拟机(VM)的可信执行的用于存储器区分的技术。 可以通过使用在执行VM的处理核心的信任边界内的给定VM的控制下的密钥来加密层3(L3)高速缓存线来实现内存区分。 此外,本文描述的实施例提供了一种用于存储和处理与针对L3高速缓存行执行的每个加密/解密操作相关联的加密相关元数据的有效方法。
-
6.发明申请Architecture and method having redundancy in active/active stateful devices based on symmetric global load balancing protocol (sGLBP) 审中-公开基于对称全局负载平衡协议(sGLBP)的主动/主动状态设备中的冗余的架构和方法公开(公告)号:US20060092950A1
公开(公告)日:2006-05-04
申请号:US11141808
申请日:2005-05-31
IPC分类号: H04L12/56
CPC分类号: H04L45/24 , G06F11/2007 , G06F11/2038 , H04L45/28 , H04L63/0254
摘要: An architecture, arrangement, system, and method for or controlling traffic flow into and out of a server farm having active-active stateful devices. A symmetric Gateway Load Balancing Protocol (sGLBP) eliminates asymmetric traffic flow for out-bound traffic. Load distribution for in-bound traffic is balanced between a redundant pair of aggregation switches using either static host routes, Route Health Injection or in a more general manner, with external routes with a mask longer than the connected subnet advertised by the routing protocol. The return traffic is symmetric because it returns through the same aggregation switch that it came from. Similarly, traffic originating from a server farm exits from one of the redundant aggregation switches and returns from the same aggregation switch.
摘要翻译: 用于或控制流入和流出具有主动 - 有状态的设备的服务器场的架构,安排,系统和方法。 对称网关负载平衡协议(sGLBP)消除了出站流量的不对称流量。 入站流量的负载分配在使用静态主机路由,路由健康注入或更通用的冗余对聚合交换机之间进行平衡,外部路由的掩码长于路由协议发布的连接子网。 返回流量是对称的,因为它返回通过它来自相同的聚合交换机。 类似地,源自服务器场的业务从一个冗余聚合交换机退出,并从同一聚合交换机返回。
-
公开(公告)号:US08856504B2
公开(公告)日:2014-10-07
申请号:US12795466
申请日:2010-06-07
CPC分类号: G06F21/575 , G06F21/72 , H04L9/0825 , H04L9/0897
摘要: Techniques are described for securely booting and executing a virtual machine (VM) image in an untrusted cloud infrastructure. A multi-core processor may be configured with additional hardware components—referred to as a trust anchor. The trust anchor may be provisioned with a private/public key pair, which allows the multi-core CPU to authenticate itself as being able to securely boot and execute a virtual machine (VM) image in an untrusted cloud infrastructure.
摘要翻译: 描述了在不受信任的云基础架构中安全地引导和执行虚拟机(VM)映像的技术。 多核处理器可以被配置为附加的硬件组件 - 被称为信任锚。 信任锚可以配置私钥/公钥对,这允许多核CPU将其自身认证为能够在不受信任的云基础设施中安全地引导和执行虚拟机(VM)映像。
-
8.发明申请METHOD AND APPARATUS FOR TRUSTED EXECUTION IN INFRASTRUCTURE AS A SERVICE CLOUD ENVIRONMENTS 有权作为服务云环境的基础设施执行的方法和装置公开(公告)号:US20110296201A1
公开(公告)日:2011-12-01
申请号:US12789189
申请日:2010-05-27
申请人: PERE MONCLUS , Fabio R. Maino
发明人: PERE MONCLUS , Fabio R. Maino
CPC分类号: H04L9/0894 , G06F9/45558 , G06F21/53 , G06F21/72 , G06F21/79 , G06F2009/45587
摘要: The present disclosure presents a method and apparatus configured to provide for the trusted execution of virtual machines (VMs) on a virtualization server, e.g., for executing VMs on a virtualization server provided within Infrastructure as a Service (IaaS) cloud environment. A physical multi-core CPU may be configured with a hardware trust anchor. The trust anchor itself may be configured to manage session keys used to encrypt/decrypt instructions and data when a VM (or hypervisor) is executed on one of the CPU cores. When a context switch occurs due to an exception, the trust anchor swaps the session key used to encrypt/decrypt the contents of memory and cache allocated to a VM (or hypervisor).
摘要翻译: 本公开提供了一种方法和装置,被配置为提供虚拟化服务器上虚拟机(VM)的可信执行,例如用于在基础架构即服务(IaaS)云环境中提供的虚拟化服务器上执行虚拟机。 物理多核CPU可以配置有硬件信任锚点。 当在其中一个CPU核上执行VM(或管理程序)时,信任锚本身可以被配置为管理用于加密/解密指令和数据的会话密钥。 当由于异常而发生上下文切换时,信任锚转换用于加密/解密分配给VM(或管理程序)的内存和缓存内容的会话密钥。
-
公开(公告)号:US20110293097A1
公开(公告)日:2011-12-01
申请号:US12789207
申请日:2010-05-27
申请人: FABIO R. MAINO , Pere Monclus , David A. McGrew
发明人: FABIO R. MAINO , Pere Monclus , David A. McGrew
CPC分类号: G06F12/1408 , G06F12/0811 , G06F12/084 , G06F12/0848 , G06F21/123
摘要: Techniques for memory compartmentalization for trusted execution of a virtual machine (VM) on a multi-core processing architecture are described. Memory compartmentalization may be achieved by encrypting layer 3 (L3) cache lines using a key under the control of a given VM within the trust boundaries of the processing core on which that VMs is executed. Further, embodiments described herein provide an efficient method for storing and processing encryption related metadata associated with each encrypt/decrypt operation performed for the L3 cache lines.
摘要翻译: 描述了用于多核处理架构上的虚拟机(VM)的可信执行的用于存储器区分的技术。 可以通过使用在执行VM的处理核心的信任边界内的给定VM的控制下的密钥来加密层3(L3)高速缓存线来实现内存区分。 此外,本文描述的实施例提供了一种用于存储和处理与针对L3高速缓存行执行的每个加密/解密操作相关联的加密相关元数据的有效方法。
-
10.发明授权Method and apparatus for trusted execution in infrastructure as a service cloud environments 有权在基础架构中作为服务云环境中的可信执行的方法和装置公开(公告)号:US08812871B2
公开(公告)日:2014-08-19
申请号:US12789189
申请日:2010-05-27
申请人: Pere Monclus , Fabio R. Maino
发明人: Pere Monclus , Fabio R. Maino
IPC分类号: G06F21/00
CPC分类号: H04L9/0894 , G06F9/45558 , G06F21/53 , G06F21/72 , G06F21/79 , G06F2009/45587
摘要: The present disclosure presents a method and apparatus configured to provide for the trusted execution of virtual machines (VMs) on a virtualization server, e.g., for executing VMs on a virtualization server provided within Infrastructure as a Service (IaaS) cloud environment. A physical multi-core CPU may be configured with a hardware trust anchor. The trust anchor itself may be configured to manage session keys used to encrypt/decrypt instructions and data when a VM (or hypervisor) is executed on one of the CPU cores. When a context switch occurs due to an exception, the trust anchor swaps the session key used to encrypt/decrypt the contents of memory and cache allocated to a VM (or hypervisor).
摘要翻译: 本公开提供了一种方法和装置,被配置为提供虚拟化服务器上虚拟机(VM)的可信执行,例如用于在基础架构即服务(IaaS)云环境中提供的虚拟化服务器上执行虚拟机。 物理多核CPU可以配置有硬件信任锚点。 当在其中一个CPU核上执行VM(或管理程序)时,信任锚本身可以被配置为管理用于加密/解密指令和数据的会话密钥。 当由于异常而发生上下文切换时,信任锚转换用于加密/解密分配给VM(或管理程序)的内存和缓存内容的会话密钥。
-
-
-
-
-
-
-
-
-
搜索结果
18 条记录 (耗时 0.013 秒)
