公开(公告)号：US11775640B1

公开(公告)日：2023-10-03

申请号：US16835166

申请日：2020-03-30

Applicant: Amazon Technologies, Inc.

Inventor： Mihir Sathe ,  Niall Mullen

IPC: G06F21/54 ,  G06F21/56 ,  G06F21/55 ,  G06F9/50

CPC classification number: G06F21/566 ,  G06F21/54 ,  G06F21/552 ,  G06F9/5005

Abstract: Systems and methods are described for detecting and preventing execution of malware on an on-demand code execution system. An on-demand code execution system may execute user-submitted code on virtual machine instances, which may be provisioned with various computing resources (memory, storage, processors, network bandwidth, etc.). These resources may be utilized in varying amounts or at varying rates during execution of the user-submitted code. The user-submitted code may also be unavailable for inspection for security or other reasons. A malware detection system may thus identify user-submitted code that corresponds to malware by monitoring resource utilization during execution of the code and generating a resource utilization signature, which enables comparison between the signature of the user-submitted code and resource utilization signatures of codes previously identified as malware. The malware detection system may then take actions such as notifying the user who requested execution or preventing execution of the user-submitted code.

公开(公告)号：US11010188B1

公开(公告)日：2021-05-18

申请号：US16268353

申请日：2019-02-05

Applicant: Amazon Technologies, Inc.

Inventor： Marc Brooker ,  Timothy Allen Wagner ,  Mikhail Danilov ,  Niall Mullen ,  Holly Mesrobian ,  Philip Daniel Piwonka

IPC: G06F9/455 ,  H04L29/08 ,  G06F3/06 ,  G06F11/34

Abstract: Systems and methods are described for simulated data object storage on a data storage system. The system may allow clients to store computed data objects, which are generated from a source data object based on a user-defined transformation. For example, computed data objects may be thumbnail images generated based on a full resolution image. When a request to store a computed data object is received, the system can predict a timing of a next request for the data object. If expected resource consumption associated with storing the data object until a next request exceeds expected resource consumption associated with generating the data object in response to the next request, the system can acknowledge the request to store the data object, but not actually store the data object. Instead, the system may generate the data object in response to the next request.

公开(公告)号：US20190391841A1

公开(公告)日：2019-12-26

申请号：US16017970

申请日：2018-06-25

Applicant: Amazon Technologies, Inc.

Inventor： Niall Mullen ,  Philip Daniel Piwonka ,  Timothy Allen Wagner ,  Marc John Brooker

IPC: G06F9/48

Abstract: Systems and methods are described for providing auxiliary functions in an on-demand code execution system in a manner that enables efficient execution of code. A user may generate a task on the system by submitting code. The system may determine the auxiliary functions that the submitted code may require when executed on the system, and may provide these auxiliary functions by provisioning sidecar virtual machine instances that work in conjunction with the virtual machine instance executing the submitted code. The sidecars may provide auxiliary functions on a per-task, per-user, or per-request basis, and the lifecycles of the sidecars may be determined based on the lifecycles of the virtual machine instances that execute submitted code. Auxiliary functions may thus be provided only when needed, and may be provided securely by preventing a user from accessing the sidecars of other users.