-
公开(公告)号:WO2021006973A1
公开(公告)日:2021-01-14
申请号:PCT/US2020/036575
申请日:2020-06-08
Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC
Inventor: RENKE, Maxwell Christopher , STARK, Taylor James , SCHULTZ, Benjamin M. , VISWANATHAN, Giridhar , SMITH, Frederick Justus , THOMAS, Deepu Chandy , PULAPAKA, Hari R. , GUO, Amber Tianqi
Abstract: Memory is partitioned and isolated in container-based memory enclaves. The container-based memory enclaves have attestable security guarantees. During provisioning of the container-based memory enclaves from a container image, a purported link in the container to a memory address of the enclave is modified to verifiably link to an actual memory address of the host, such as partitioned memory enclave. In some instances, enclave attestation reports can be validated without transmitting corresponding attestation requests to remote attestation services, based on previous attestation of one or more previous container attestation reports from a similar container and without requiring end-to-end attestation between the container and remote attestation service for each new attestation request.
-
公开(公告)号:WO2020180546A1
公开(公告)日:2020-09-10
申请号:PCT/US2020/019776
申请日:2020-02-26
Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC
Inventor: GUO, Amber Tianqi , SCHULTZ, Benjamin M. , SMITH, Frederick Justus, IV , RIETSCHIN, Axel , PULAPAKA, Hari R. , IYIGUN, Mehmet , DE MARCO, Jonathan
IPC: G06F9/455
Abstract: Techniques of deferred container deployment are disclosed herein. In one embodiment, a method includes receiving, at a computing device, a container image corresponding to the container. The container image includes a first set of files identified by symbolic links individually directed to a file in the host filesystem on the computing device and a second set of files identified by hard links. The method also includes in response to receiving the container image, at the computing device, storing the received container image in a folder of the host filesystem on the computing device without resolving the symbolic links of the first set of the files until runtime of the requested container.
-
公开(公告)号:WO2018200159A1
公开(公告)日:2018-11-01
申请号:PCT/US2018/026411
申请日:2018-04-06
Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC
Inventor: BRADY, Kyle Thomas , GORDON, John C. , SCHULTZ, Benjamin M. , HAJY, Ali , OLUGBADE, Morakinyo Korede , PULAPAKA, Hari R. , BOZZAY, Paul McAlpin , SMITH, Frederick Justus , İYİGÜN, Mehmet
Abstract: A container comprising an isolated computing session is associated with a project. One or more users associated with the container can access the container across multiple usage sessions as the container keeps data, applications, and so on for the project together. The container can comprise multiple layers that require user authentication to access.
-
公开(公告)号:WO2017030795A1
公开(公告)日:2017-02-23
申请号:PCT/US2016/045444
申请日:2016-08-04
Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC
Inventor: GARG, Mohit , SCHULTZ, Benjamin M. , GADDEHOSUR, Poornananda R.
IPC: H04L12/931 , H04L12/24
CPC classification number: H04L41/0813 , H04L43/0817
Abstract: Disclosed herein are systems, methods, computer media, and apparatuses for providing resource tracking, such as in a data center environment. A control and monitoring node receives updates indicating instantiation of resources in the computing system network. The control and monitoring node determines that there are duplicate resources in the network, and then determines which of the duplicate resources to provide connectivity to. The control and monitoring node provides network configuration updates to various networking resources in the network to provide network connectivity to the one of the duplicate resources in the network.
Abstract translation: 本文公开了用于提供资源跟踪的系统,方法,计算机介质和装置,例如在数据中心环境中。 控制和监视节点接收指示计算系统网络中资源的实例化的更新。 控制和监视节点确定网络中有重复的资源,然后确定哪些重复资源提供连接。 控制和监视节点为网络中的各种网络资源提供网络配置更新,以向网络中的一个重复资源提供网络连接。
-
公开(公告)号:WO2017011606A1
公开(公告)日:2017-01-19
申请号:PCT/US2016/042175
申请日:2016-07-14
Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC
Inventor: SWAMY, Vinod K L , ARNEJA, Aman , SCHULTZ, Benjamin M.
IPC: H04L12/721 , H04L12/715 , H04L12/24 , H04L12/851
CPC classification number: H04L41/0893 , H04L41/0816 , H04L41/084 , H04L41/5041 , H04L43/0817 , H04L45/38 , H04L45/64 , H04L47/20 , H04L47/2441 , H04L47/2475
Abstract: Disclosed herein are systems, methods, computer media, and apparatuses for providing service chains. A control and monitoring system orders a service chain - an order of data flow through a plurality of network nodes - based on network node identifiers. The control and monitoring system provides a policy to all networking nodes in order to enforce the order of the service chain. In some embodiments, features are implemented to improve the availability of service chains. Such features include load-balancing, fail-over, traffic engineering, and automated deployment of virtualized network functions at various stages of a service chain, among others.
Abstract translation: 本文公开了用于提供服务链的系统,方法,计算机介质和设备。 控制和监视系统基于网络节点标识符命令服务链 - 通过多个网络节点的数据流的顺序。 控制和监控系统向所有网络节点提供策略,以便执行服务链的顺序。 在一些实施例中,实现特征以改善服务链的可用性。 这些功能包括负载平衡,故障转移,流量工程以及在服务链的各个阶段的虚拟化网络功能的自动部署等等。
-
Patent Agency Ranking6.发明申请
公开(公告)号:WO2023288216A1
公开(公告)日:2023-01-19
申请号:PCT/US2022/073636
申请日:2022-07-12
Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC
Inventor: RENKE, Maxwell Christopher , ALLIEVI, Andrea , VISWANATHAN, Giridhar , SCHULTZ, Benjamin M. , PULAPAKA, Hari R. , WESTON, David Guy
Abstract: Enforcing attestation of read-only protected memory during attestation validity period. A client computer system identifies a change in a read-only protected memory protection status for a software component loaded at the client computer system. The client computer system then determines that a validity time period of an attestation report is unexpired. The attestation report comprises one or more attested properties, including one or more read-only memory protection (ROMP) attested properties for the software component. The client computer system also determines that at least one ROMP attested property for the software component is no longer valid due to the change in the read-only protected memory protection status for a software component. Based on the at least one ROMP attested property for the software component being no longer valid, the client computer system initiates a remedial action to prevent interaction of the software component with a relying party computer system.
-
公开(公告)号:WO2021086737A1
公开(公告)日:2021-05-06
申请号:PCT/US2020/056955
申请日:2020-10-23
Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC
Inventor: SUGANDHI, Tushar Suresh , GUO, Amber Tianqi , BALASUBRAMANYAN, Balaji , SINGH, Abhijat , KARADEMIR, Ahmed Saruhan , SCHULTZ, Benjamin M. , PULAPAKA, Hari R. , SHUBHAM, Gupta , THOMAS, Chase , RAMIREZ, Carlos Ernesto Peza
Abstract: Environment type validation can provide a tamper-resistant validation of the computing environment within which the environment type validation is being performed. Such information can then be utilized to perform policy management, which can include omitting verifications in order to facilitate the sharing of policy, such as application licenses, from a host computing environment into a container virtual computing environment. The environment type validation can perform multiple checks, including verification of the encryption infrastructure of the computing environment, verification of code integrity mechanisms of that computing environment, checks for the presence of functionality evidencing a hypervisor, checks for the presence or absence of predetermined system drivers, or other like operating system components or functionality, checks for the activation or deactivation of resource management stacks, and checks for the presence or absence of predetermined values in firmware.
-
公开(公告)号:WO2021076361A1
公开(公告)日:2021-04-22
申请号:PCT/US2020/054460
申请日:2020-10-07
Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC
Inventor: CHENCHEV, Margarit , SCHULTZ, Benjamin M. , KANNAN, Gopikrishna , WONG, Graham , SRINIVASAN, Harish , ROY, Arup , PULAPAKA, Hari
Abstract: A virtualization partition (VP) is executed by a virtualization layer. The VP contains guest software that executes in isolation within the VP. The guest software has a background task (BT) that needs to be performed in the future. The BT is virtualized by a BT service that executes outside of the VP. The guest software registers the BT, through the virtualization layer, with a BT virtualization service. An event occurs outside of the VP that triggers the BT. The BT virtualization service responds to the event by assuring that the VP is available (executing), and optionally triggers (possibly indirectly) the execution of code in the application.
-
公开(公告)号:WO2017176534A1
公开(公告)日:2017-10-12
申请号:PCT/US2017/024873
申请日:2017-03-30
Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC
Inventor: BAK, Yevgeniy M. , REUTHER, Lars , BROAS, Kevin M. , IYIGUN, Mehmet , PULAPAKA, Hari R. , OLUGBADE, Morakinyo Korede , SCHULTZ, Benjamin M.
CPC classification number: G06F9/485 , G06F9/45558 , G06F9/5022 , G06F9/542 , G06F2009/45583
Abstract: An operating system running on a computing device uses containers for hardware resource partitioning. Using the techniques discussed herein, pausing and resuming of containers is managed to reduce the pressure a container exerts on system resources when paused. Resuming of containers can further be managed to reduce the startup time for containers. This managing of containers can implemented various different techniques, such as stopping scheduling of virtual processors, stopping scheduling of processes or threads, compressing memory, swapping pages of memory for the container to a page file on a hard drive, and so forth.
Abstract translation:
运行在计算设备上的操作系统使用容器进行硬件资源分区。 使用本文讨论的技术,管理容器的暂停和恢复以减少容器在暂停时施加在系统资源上的压力。 可以进一步管理容器的恢复,以减少容器的启动时间。 容器的这种管理可以实现各种不同的技术,诸如停止虚拟处理器的调度,停止进程或线程的调度,压缩存储器,将容器的存储器的页面交换到硬盘驱动器上的页面文件等等。 p>
-
公开(公告)号:WO2017165151A1
公开(公告)日:2017-09-28
申请号:PCT/US2017/022227
申请日:2017-03-14
Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC
Inventor: ENGEL, Jeffrey M. , SMITH, Frederick J. , PULAPAKA, Hari R. , SCHULTZ, Benjamin M. , IYIGUN, Mehmet , RICHARDSON, John , STARK, Taylor
CPC classification number: G06F9/541 , G06F8/65 , G06F9/445 , G06F9/44536 , G06F9/45558 , G06F2009/45579
Abstract: Techniques for implementing operating system layering are described herein. In one example, a method includes managing one or more container temporary storage spaces and one or more container runtime environments. Furthermore, the method includes loading, one or more drivers to provide compatibility between a container operating system and a host operating system, the one or more drivers comprising application program interface (API) compatibility libraries to enable API compatibility between the container operating system and the host operating system; metadata arbitration logic to enable compatibility between the container operating system and the host operating system by modifying container operating system references; and file arbitration logic to modify operating system file locations accessed by the container operating system and the host operating system.
Abstract translation: 这里描述了用于实现操作系统分层的技术。 在一个示例中,一种方法包括管理一个或多个容器临时存储空间以及一个或多个容器运行时间环境。 此外,所述方法包括加载一个或多个驱动程序以提供容器操作系统与主机操作系统之间的兼容性,所述一个或多个驱动程序包括应用程序接口(API)兼容性库以实现容器操作系统和 主机操作系统; 元数据仲裁逻辑,通过修改容器操作系统引用来实现容器操作系统和主机操作系统之间的兼容性; 和文件仲裁逻辑来修改由容器操作系统和主机操作系统访问的操作系统文件位置。
-
-
-
-
-
-
-
-
-
Search Results
39
records
(took 0.017 seconds)
