公开(公告)号：US09864617B1

公开(公告)日：2018-01-09

申请号：US14629459

申请日：2015-02-23

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F15/173 ,  G06F9/455

CPC classification number: G06F9/45533 ,  G06F2009/45562

Abstract: A computer system image is executed on a computing node over a network. A system specification file transmitted over the network specifies the computer system image by specifying components of the computer system image. The components include an operating system and at least one resource. The system specification file also contains a signature associated with the resource. A resource is determined to be authorized to be incorporated into the computer system image by verifying the signature. A computer system image can then be formed based on the components specified by the system specification file and executed locally.

公开(公告)号：US20170364384A1

公开(公告)日：2017-12-21

申请号：US15697191

申请日：2017-09-06

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F9/455 ,  G06F9/44 ,  G06F9/445

CPC classification number: G06F9/45558 ,  G06F3/0619 ,  G06F3/065 ,  G06F3/067 ,  G06F8/63 ,  G06F8/71 ,  G06F9/4401 ,  G06F9/4406 ,  G06F2009/45562 ,  G06F2009/45583

Abstract: A method and apparatus for configuring an overlay network are provided. In the method and apparatus, an application source comprising an executable portion is obtained. A computer system instance is caused to execute at least some of the executable portion, and a snapshot of the computer system instance after partial but incomplete execution of the executable portion is obtained such that the snapshot is usable to instantiate another computer system instance to continue execution of the executable portion from a point in execution at which the snapshot was obtained.

公开(公告)号：US09804945B1

公开(公告)日：2017-10-31

申请号：US13733763

申请日：2013-01-03

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F11/00 ,  G06F11/36

CPC classification number: G06F8/00 ,  G06F11/3688

Abstract: Systems and methods are described for analyzing and verifying distributed application programs. In one embodiment, an application program is divided into as one or more independently executable components. During execution of the independently executable components, non-deterministic events are modified in order to effectuate deterministic results. The non-deterministic events may be modified in accordance with a predetermined set of constraints.

公开(公告)号：US09781053B1

公开(公告)日：2017-10-03

申请号：US14019400

申请日：2013-09-05

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F15/173 ,  H04L12/911 ,  H04L29/08 ,  H04N1/32 ,  G06F17/30

CPC classification number: H04L47/74 ,  G06F9/5027 ,  G06F17/30386 ,  H04L29/08945 ,  H04L67/10 ,  H04N1/32545

Abstract: Remote computing resource service providers allow customers to reduce overhead by using computer hardware resources of the service provider to execute a variety of operations. Computer hardware resources of the service provider may be widely distributed between various geographic locations and may have differing computing capacity. Therefore it may be advantageous to coordinate processing of customer operations between computer hardware resource locations of the service provider. Customer requests to perform operations may be distributed to various locations and coordinated by the service provider using various techniques such as a cancellation manager to terminate unprocessed requests distributed to the various locations once one or more of the distributed requests have been processed.

公开(公告)号：US09692757B1

公开(公告)日：2017-06-27

申请号：US14717937

申请日：2015-05-20

Applicant: Amazon Technologies, Inc.

Inventor： Andrew Paul Mikulski ,  Nicholas Alexander Allen ,  Gregory Branchek Roth

IPC: H04L29/06 ,  H04L9/32 ,  G06F7/04 ,  G06F15/16 ,  G06F17/30

CPC classification number: H04L63/0876 ,  H04L9/3234 ,  H04L9/3242 ,  H04L9/3247 ,  H04L9/3271 ,  H04L9/3297 ,  H04L63/061 ,  H04L63/0884 ,  H04L63/123 ,  H04L63/166 ,  H04L2463/121

Abstract: A server obtains a challenge from another computer system during a negotiation with a client according to a protocol. The server injects the challenge into a message of the protocol to the client. The client uses the challenge in an authentication request. The server submits the authentication request to the other computer system for verification. The other computer system verifies the authentication request using a key registered to the client. The server operates further dependent at least in part on whether verification of the authentication request was successful.

公开(公告)号：US20170153899A1

公开(公告)日：2017-06-01

申请号：US15430273

申请日：2017-02-10

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F9/44 ,  G06F9/455 ,  G06F3/06

Abstract: Execution of an executable portion of an application source executing in a first computer instance is monitored at least up to a point relative to a variation point. The execution is halted at the point. An application image of the first computer instance usable to instantiate a second computer instance is copied based at least in part on the variation point such that the second computer instance continues execution of the executable portion of the application source from the variation point, and the application image is caused to be stored.

公开(公告)号：US09641406B1

公开(公告)日：2017-05-02

申请号：US14133006

申请日：2013-12-18

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F15/173 ,  H04L12/26

CPC classification number: G06F8/65

Abstract: Remote computing resource service providers allow customers to execute virtual computer systems in a virtual environment on hardware provided by the computing resource service provider. The virtual computer systems may be suspended for an indeterminate amount of time and saved as images in one or more storage systems of the service provider. Periodically, updates for the virtual computer systems are required. In order to update virtual computer systems that are stored in a suspended state, an offline patch and indirection map is generated and used to update the virtual computer systems.

公开(公告)号：US09633073B1

公开(公告)日：2017-04-25

申请号：US14223760

申请日：2014-03-24

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F17/30

CPC classification number: G06F17/30424 ,  G06F17/30315 ,  G06F17/30536

Abstract: A computing resource service provider may store user data in a distributed data storage system. The distributed data storage system may contain one or more storage nodes configured to store hierarchical data in one or more data stores such as a column data store. Data in the data stores may be compressed or otherwise encoded, by a storage optimizer, in order to reduce that redundancy in the hierarchical data stored in the one or more data stores. Responses to user queries may be fulfilled based at least in part on data stored in the one or more data stores. A query processor may scan multiple different data stores across various storage nodes in order to obtain items responsive to the user query.

公开(公告)号：US09530007B1

公开(公告)日：2016-12-27

申请号：US14469200

申请日：2014-08-26

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F12/14 ,  G06F21/57

CPC classification number: G06F21/577 ,  G06F11/3688 ,  G06F12/145 ,  G06F2212/151 ,  G06F2221/034

Abstract: Techniques for identifying tamper-resistant characteristics for kernel data structures are disclosed herein. A set of kernel data structures is received, the set based on an operating system kernel. A plurality of virtual machines are instantiated based on the operating system kernel, each virtual machine of the plurality of virtual machine instances based on one or more modifications to one or more values to the virtual machine, the modifications based on the kernel data structures. Those modifications which cause virtual machine failures indicate which kernel data structures may be tamper-resistant.

Abstract translation: 本文公开了用于识别内核数据结构的防篡改特性的技术。 接收一组内核数据结构，该集合基于操作系统内核。 基于内核数据结构的修改，基于操作系统内核，多个虚拟机实例中的每个虚拟机基于对虚拟机的一个或多个值的一个或多个修改来实例化多个虚拟机。 导致虚拟机故障的那些修改表明哪些内核数据结构可能是防篡改的。

公开(公告)号：US20160248869A1

公开(公告)日：2016-08-25

申请号：US15146823

申请日：2016-05-04

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: H04L29/08 ,  H04L29/06

CPC classification number: H04L67/28 ,  G06F21/606 ,  H04L45/64 ,  H04L45/74 ,  H04L61/103 ,  H04L61/25 ,  H04L63/0281 ,  H04L63/0428 ,  H04L63/0471 ,  H04L63/08

Abstract: A method and apparatus for configuring an overlay network are provided. In the method and apparatus, a first application is caused to be deployed for execution on the first computer system, with the application being member of an application group. First information is provided to the first computer system, with the first information being usable for securing communication between at least the first application and a second application deployed to a second computer system. Second information usable for establishing a routing entity for the first computer system is provided to the first computer system, with the routing entity established to route data from or to the first application.

Abstract translation: 提供了一种用于配置覆盖网络的方法和装置。 在所述方法和装置中，使得第一应用被部署以在第一计算机系统上执行，应用是应用组的成员。 第一信息被提供给第一计算机系统，其中第一信息可用于保护至少第一应用和部署到第二计算机系统的第二应用之间的通信。 可用于建立用于第一计算机系统的路由实体的第二信息被提供给第一计算机系统，路由实体被建立以从第一应用路由数据或向第一应用路由数据。