公开(公告)号：US20230133020A1

公开(公告)日：2023-05-04

申请号：US18090653

申请日：2022-12-29

申请人： Deboleena Minz Sakalley ,  Kshitij Arun Doshi ,  Francesc Guim Bernat

发明人： Deboleena Minz Sakalley ,  Kshitij Arun Doshi ,  Francesc Guim Bernat

IPC分类号： G06F9/50 ,  G06F9/48

摘要： Various approaches for deploying and controlling distributed accelerated compute operations with the use of infrastructure processing units (IPUs) and similar networked processing units are disclosed. A system for orchestrating acceleration functions in a network compute mesh is configured to access a flowgraph, the flowgraph including data producer-consumer relationships between a plurality of tasks in a workload; identify available artifacts and resources to execute the artifacts to complete each of the plurality of tasks, wherein an artifact is an instance of a function to perform a task of the plurality of tasks; determine a configuration assigning artifacts and resources to each of the plurality of tasks in the flowgraph; and schedule, based on the configuration, the plurality of tasks to execute using the assigned artifacts and resources.

公开(公告)号：US20220222337A1

公开(公告)日：2022-07-14

申请号：US17711768

申请日：2022-04-01

申请人： Kshitij Arun Doshi ,  Francesc Guim Bernat

发明人： Kshitij Arun Doshi ,  Francesc Guim Bernat

IPC分类号： G06F21/53

摘要： The present disclosure describes a micro-enclave (μenclave) framework including μenclave operations, which are library functions that split off from normal code execution. The μenclaves contain a mix of stateful and stateless operations, including such steps as reading or writing various hardware registers or resource counters in operating system, timer setup, deferring preemption events by a small value within a threshold set by the operating system, and the like. The operations in a μenclave, even though performed at a user level privilege, are compiled by a separate compilation sequence and installed unforgeably as static and unforgeable procedure collections that do not yield control to an operating system scheduler.

公开(公告)号：US20220222077A1

公开(公告)日：2022-07-14

申请号：US17709824

申请日：2022-03-31

申请人： Kshitij Arun Doshi ,  Francesc Guim Bernat

发明人： Kshitij Arun Doshi ,  Francesc Guim Bernat

IPC分类号： G06F9/30 ,  G06K7/00

摘要： System and techniques for tag checking procedure calls include specifying a value for a color in a program-counter relative (PC-relative) call instruction from a call site to a call target. A pointer is provided to steer the PC-relative call instruction to the call target based on the color. A function call is generated to the call target based on the pointer. Other systems, methods and apparatuses are also described.

公开(公告)号：US20220124005A1

公开(公告)日：2022-04-21

申请号：US17561254

申请日：2021-12-23

申请人： Kshitij Arun Doshi ,  John J. Browne ,  Marcos E. Carranza ,  Francesc Guim Bernat ,  Mats Gustav Agerstam ,  Adrian Hoban ,  Thijs Metsch

发明人： Kshitij Arun Doshi ,  John J. Browne ,  Marcos E. Carranza ,  Francesc Guim Bernat ,  Mats Gustav Agerstam ,  Adrian Hoban ,  Thijs Metsch

IPC分类号： H04L41/5003 ,  H04L41/5019 ,  G06F9/50

摘要： Various systems and methods for reactive intent-driven end-to-end (E2E) orchestration are described herein. An orchestrator system, includes a processor; and memory to store instructions, which when executed by the processor, cause the system to: receive, at the orchestrator system, an intent-based service level agreement (SLA) for execution of a series of tasks on a plurality of compute nodes; calculate, based on the intent-based SLA, intermediate latency thresholds corresponding to each task of the series of tasks; calculate slack estimates based on the latency thresholds and real-time telemetry of the plurality of compute nodes or real-time telemetry of connections between the plurality of compute nodes; monitor execution of the series of tasks on the plurality of compute nodes; and perform a corrective action in response to determining that the execution of the series of tasks is predicted to exceed one of the intermediate latency thresholds

公开(公告)号：US20240264874A1

公开(公告)日：2024-08-08

申请号：US18617348

申请日：2024-03-26

申请人： Kshitij Arun Doshi ,  Ned M. Smith ,  Sunil Cheruvu

发明人： Kshitij Arun Doshi ,  Ned M. Smith ,  Sunil Cheruvu

IPC分类号： G06F9/50

CPC分类号： G06F9/5038

摘要： Various systems and methods for synchronizing execution of workload tasks are described herein. A networked computing device is configured to receive a set of barrier messages from a first set of tasks executing on at least one of a plurality of compute nodes in a system, the respective set of tasks operating as a part of a distributed workload; evaluate the set of barrier messages to determine whether a barrier synchronization condition is satisfied; and initiate execution of a second set of tasks executing on at least one of the plurality of compute nodes in the system in response to determining that the barrier synchronization condition is satisfied.

公开(公告)号：US20240244088A1

公开(公告)日：2024-07-18

申请号：US18622080

申请日：2024-03-29

申请人： Malini Bhandaru ,  Kshitij Arun Doshi ,  Ned M. Smith ,  Sunil Cheruvu ,  Anahit Tarkhanyan

发明人： Malini Bhandaru ,  Kshitij Arun Doshi ,  Ned M. Smith ,  Sunil Cheruvu ,  Anahit Tarkhanyan

IPC分类号： H04L9/40 ,  G06F9/50

CPC分类号： H04L63/20 ,  G06F9/5083 ,  H04L63/083

摘要： Various systems and methods for providing cloud-to-edge workload orchestration described herein. A computing node is configured to receive a distributed workload configuration including security intents; decompose, based on the distributed workload configuration, a workload into a plurality of sub-workloads; identify an infrastructure resource of the plurality of compute nodes to execute a sub-workload of the plurality of sub-workloads; determine that an operating environment of the infrastructure resource satisfies the security intents; bind the sub-workload to the infrastructure resource, wherein the binding produces a token that is presented by the sub-workload to the infrastructure resource, and wherein the token is used to ensure trust among framework layers; and deploy the sub-workload to the infrastructure resource.

公开(公告)号：US20240243924A1

公开(公告)日：2024-07-18

申请号：US18622200

申请日：2024-03-29

申请人： Ned M. Smith ,  Kshitij Arun Doshi ,  Sunil Cheruvu ,  Anahit Tarkhanyan

发明人： Ned M. Smith ,  Kshitij Arun Doshi ,  Sunil Cheruvu ,  Anahit Tarkhanyan

IPC分类号： H04L9/32

CPC分类号： H04L9/3247

摘要： Various systems and methods are described for implementing attestation microservices and an attestation microservice mesh for cloud-to-edge (C2E) and cloud-native deployments are disclosed. An example method performed by a computing node for coordinating attestation with a distributed workload includes: generating, with an attestation service, first attestation information to provide attestation of a resource at the computing node; generating, with the attestation service, second attestation information to provide attestation of a microservice at the computing node, with the microservice to use the resource at the computing node; generating, with the attestation service, third attestation information to provide attestation of a distributed workload, with the distributed workload to execute the microservice at the computing node; and outputting an attestation result for the distributed workload, based on the first attestation information, the second attestation information, and the third attestation information.

公开(公告)号：US20230342496A1

公开(公告)日：2023-10-26

申请号：US18216927

申请日：2023-06-30

申请人： Kshitij Arun Doshi ,  Ned M. Smith ,  Sunil Cheruvu ,  Rajesh Poornachandran

发明人： Kshitij Arun Doshi ,  Ned M. Smith ,  Sunil Cheruvu ,  Rajesh Poornachandran

IPC分类号： G06F21/62 ,  G06F21/44

CPC分类号： G06F21/6281 ,  G06F21/44

摘要： A system for trust brokering as a service includes an edge computing node and a trust brokering service edge computing device. The trust brokering service edge computing device receives a computing workload request from an application configured to process secure data and identifies a set of security requirements associated with the request. The device also identifies a security feature present in the set of security requirements but not provided by the edge computing node. To address this, the device generates an application execution environment that includes a secure plugin providing the security feature and a virtual device representing the edge computing node. The computing workload request is then executed at the application execution environment, providing a secure and efficient solution for trust brokering as a service.

公开(公告)号：US20210014203A1

公开(公告)日：2021-01-14

申请号：US17032391

申请日：2020-09-25

申请人： Kshitij Arun Doshi ,  Uzair Qureshi ,  Lokpraveen Mosur ,  Patrick Fleming ,  Stephen Doyle ,  Brian Andrew Keating ,  Ned M. Smith

发明人： Kshitij Arun Doshi ,  Uzair Qureshi ,  Lokpraveen Mosur ,  Patrick Fleming ,  Stephen Doyle ,  Brian Andrew Keating ,  Ned M. Smith

IPC分类号： H04L29/06 ,  G06F21/60 ,  G06F13/28

摘要： Methods, systems, and use cases for one-touch inline cryptographic data security are discussed, including an edge computing device with a network communications circuitry (NCC), an enhanced DMA engine coupled to a memory device and including a cryptographic engine, and processing circuitry configured to perform a secure exchange with a second edge computing device to negotiate a shared symmetric encryption key, based on a request for data. An inline encryption command for communication to the enhanced DMA engine is generated. The inline encryption command includes a first address associated with a storage location storing the data, a second address associated with a memory location in the memory device, and the shared symmetric encryption key. The data is retrieved from the storage location using the first address, the data is encrypted using the shared symmetric encryption key, and the encrypted data is stored in the memory location using the second address.

公开(公告)号：US20240241944A1

公开(公告)日：2024-07-18

申请号：US18619826

申请日：2024-03-28

申请人： Ned M. Smith ,  Kshitij Arun Doshi ,  Adrian Hoban ,  Eric W. Multanen ,  Malini Bhandaru ,  Sunil Cheruvu ,  Thijs Metsch ,  Manjunath Ranganathaiah ,  Anahit Tarkhanyan ,  Sharad Mishra ,  Igor Duarte Cardoso ,  Todd Malsbary ,  Bruno Vavala ,  Adarsh Chittilapplly ,  Subin John ,  Alpesh Ramesh Rodage

发明人： Ned M. Smith ,  Kshitij Arun Doshi ,  Adrian Hoban ,  Eric W. Multanen ,  Malini Bhandaru ,  Sunil Cheruvu ,  Thijs Metsch ,  Manjunath Ranganathaiah ,  Anahit Tarkhanyan ,  Sharad Mishra ,  Igor Duarte Cardoso ,  Todd Malsbary ,  Bruno Vavala ,  Adarsh Chittilapplly ,  Subin John ,  Alpesh Ramesh Rodage

IPC分类号： G06F21/54

CPC分类号： G06F21/54 ,  G06F2221/033

摘要： Various systems and methods are described for implementing security intents for the execution of workloads in cloud-to-edge (C2E) and cloud-native execution environments. An example technique for implementing security intents for a workload on a computing node of a cluster includes: identifying a workload for execution on the computing node; identifying security intents that define levels of respective security requirements for the execution of the workload on the computing node; adapting an execution environment of the computing node, based on the identified security intents; and controlling the execution of the workload within the execution environment, based on the identified security intents, to dynamically monitor and adapt to changing security conditions during the execution of the workload.