-
公开(公告)号:US20220012042A1
公开(公告)日:2022-01-13
申请号:US17484455
申请日:2021-09-24
摘要: Various systems and methods for providing secure and resilient configuration upgrades are described herein. A system, includes a processor; and memory to store instructions, which when executed by the processor, cause the system to: receive at a resilient security island (RSI) partition of a first network node, an update from a source, the first network node hosting the RSI partition and a host partition, the RSI comprising reserved hardware resources of the first network node; verify, by the RSI, provenance of the update; apply, by the RSI, the update to modify a configuration of the RSI or the host partition; test, by the RSI, the modified configuration of the RSI or the host partition; and provide a cryptographic proof that the test was completed and an update status to an update coordinator.
-
公开(公告)号:US20210152563A1
公开(公告)日:2021-05-20
申请号:US17131615
申请日:2020-12-22
申请人: Sunil Cheruvu , Ned M. Smith , Francesc Guim Bernat , Kshitij Arun Doshi , Eve M. Schooler , Dario Sabella
发明人: Sunil Cheruvu , Ned M. Smith , Francesc Guim Bernat , Kshitij Arun Doshi , Eve M. Schooler , Dario Sabella
IPC分类号: H04L29/06 , H04L12/721 , H04L29/08 , G06F8/60
摘要: A named function network (NFN) system includes a routing node, a function generation node, and a server node. The routing node receives requests for new functions, the requests including data values for generating the new functions. The function generation node receives the data values from the routing node and generates a new function for the NFN using the data values. The server node receives a request from the routing node to execute the new function, executes the new function, and transmits results of the execution to the routing node.
-
公开(公告)号:US20230010406A1
公开(公告)日:2023-01-12
申请号:US17711933
申请日:2022-04-01
IPC分类号: H04L9/40
摘要: The subject matter described herein provides technical solutions for technical problems facing computing network security. Technical solutions described herein include adaptive sniffing of networking traffic, such as using a brokered network traffic sniffing framework. A brokered sniffing framework may be used to provide dynamic adjustment of network access points and network traffic sampling queries, such as by providing dynamic adjustment in response to changes to the network topology or network traffic. The brokered sniffing framework may provide improved statistical sampling of network traffic using improved network traffic telemetry, such as by modifying a statistical profile of network traffic contents that are collected. The network traffic telemetry may be used to identify various changes in network traffic, such as by identifying statistically significant changes in latencies, bandwidths, or other data center performance metrics.
-
公开(公告)号:US20220114251A1
公开(公告)日:2022-04-14
申请号:US17561134
申请日:2021-12-23
申请人: Francesc Guim Bernat , Kshitij Arun Doshi , Adrian Hoban , Thijs Metsch , Dario Nicolas Oliver , Marcos E. Carranza , Mats Gustav Agerstam , Bin Li , Patrick Koeberl , Susanne M. Balle , John J. Browne , Cesar Martinez-Spessot , Ned M. Smith
发明人: Francesc Guim Bernat , Kshitij Arun Doshi , Adrian Hoban , Thijs Metsch , Dario Nicolas Oliver , Marcos E. Carranza , Mats Gustav Agerstam , Bin Li , Patrick Koeberl , Susanne M. Balle , John J. Browne , Cesar Martinez-Spessot , Ned M. Smith
IPC分类号: G06F21/51 , G06F21/57 , H04L43/0823 , H04L41/5009
摘要: Various systems and methods for implementing reputation management and intent-based security mechanisms are described herein. A system for implementing intent-driven security mechanisms, configured to: determine, based on a risk tolerance intent related to execution of an application on a compute node, whether execution of a software-implemented operator requires a trust evaluation; and in response to determining that the software-implemented operator requires the trust evaluation: obtain a reputation score of the software-implemented operator; determine a minimum reputation score from the risk tolerance intent; compare the reputation score of the software-implemented operator to the minimum reputation score; and reject or permit execution of the software-implemented operator based on the comparison
-
公开(公告)号:US20220113914A1
公开(公告)日:2022-04-14
申请号:US17560945
申请日:2021-12-23
IPC分类号: G06F3/06 , G06F12/02 , G06F12/0888
摘要: Systems and techniques for storage-class memory device including a network interface are described herein. A write for a network communication is received by the host interface of the memory device. Here, the network communication includes a header. The header is written to a non-volatile storage array managed by a memory controller. A network command is detected by the memory device. Here, the network command includes a pointer to the header in the non-volatile storage array. The header is retrieved from the non-volatile storage array and a packet based on the header is transmitted via a network interface of the memory controller.
-
公开(公告)号:US20210152543A1
公开(公告)日:2021-05-20
申请号:US17127852
申请日:2020-12-18
摘要: Systems and techniques for automatic escalation of trust credentials are described herein. Requestor data may be received that describes workloads of a requestor. A set of trust credentials may be determined by using an escalation prediction model to evaluate the requestor data. The multi-access token may be assembled from the set of trust credentials. The multi-access token may be transmitted to an information provider to fulfill a request of a requestor.
-
公开(公告)号:US20210006972A1
公开(公告)日:2021-01-07
申请号:US17025519
申请日:2020-09-18
摘要: Methods, systems, and use cases for geofence-based edge service control and authentication are discussed, including an orchestration system with memory and at least one processing circuitry coupled to the memory. The processing circuitry is configured to perform operations to obtain, from a plurality of connectivity nodes providing edge services, physical location information, and resource availability information associated with each of the plurality of connectivity nodes. An edge-to-edge location graph (ELG) is generated based on the physical location information and the resource availability information, the ELG indicating a subset of the plurality of connectivity nodes that are available for executing a plurality of services associated with an edge workload. The connectivity nodes are provisioned with the ELG and a workflow execution plan to execute the plurality of services, the workflow execution plan including metadata with a geofence policy. The geofence policy specifies geofence restrictions associated with each of the plurality of services.
-
公开(公告)号:US20200084202A1
公开(公告)日:2020-03-12
申请号:US16683410
申请日:2019-11-14
申请人: Ned M. Smith , John J. Browne , Kapil Sood , Francesc Guim Bernat , Kshitij Arun Doshi , Rajesh Poornachandran , Tarun Viswanathan , Manish Dave
发明人: Ned M. Smith , John J. Browne , Kapil Sood , Francesc Guim Bernat , Kshitij Arun Doshi , Rajesh Poornachandran , Tarun Viswanathan , Manish Dave
摘要: Various approaches for implementing attestation using an attestation token are described. In an edge computing system deployment, an edge computing device includes an attestable feature (e.g., resource, service, entity, property, etc.) which is accessible from use of an attestation token, by the operations of: obtaining a first instance of a token that provides proof of attestation for an accessible feature of the edge computing device, with the token including data to indicate trust level designations for the feature as attested by an attestation provider; receiving, from a prospective user of the feature, a request to use the feature and a second instance of the token, with the second instance of the token originating from the attestation provider; and providing access to the feature based on a verification of the instances of the token, by using the verification to confirm attestation of the trust level designations for the feature.
-
公开(公告)号:US20190327171A1
公开(公告)日:2019-10-24
申请号:US16457480
申请日:2019-06-28
申请人: Venkatesan Nallampatti Ekambaram , Satish Chandra Jha , Ned M. Smith , S. M. Iftekharul Alam , Maria Ramirez Loaiza , Yi Zhang , Gabriel Arrobo Vidal
发明人: Venkatesan Nallampatti Ekambaram , Satish Chandra Jha , Ned M. Smith , S. M. Iftekharul Alam , Maria Ramirez Loaiza , Yi Zhang , Gabriel Arrobo Vidal
IPC分类号: H04L12/723 , G06N3/04 , G06N3/08
摘要: Systems and techniques for machine generation of content names in an information centric network (ICN) are described herein. For example, a node may obtain content. An inference engine may be invoked to produce a name for the content. Once the content is named, the node may respond to an interest packet that includes the name of the content. The response is a data packet that includes the content.
-
公开(公告)号:US20200027022A1
公开(公告)日:2020-01-23
申请号:US16586593
申请日:2019-09-27
摘要: Systems and techniques for distributed machine learning (DML) in an information centric network (ICN) are described herein. Finite message exchanges, such as those used in many DML exercises, may be efficiently implemented by treating certain data packets as interest packets to reduce overall network overhead when performing the finite message exchange. Further, network efficiency in DML may be improved achieved by using local coordinating nodes to manage devices participating in a distributed machine learning exercise. Additionally, modifying a round of DML training to accommodate available participant devices, such as by using a group quality of service metric to select the devices, or extending the round execution parameters to include additional devices, may have an impact on DML performance.
-
-
-
-
-
-
-
-
-