Patent application number | Description | Published |
20110085461 | FLEXIBLE NETWORK MEASUREMENT - A method and a computer-readable storage medium are disclosed for flexible network measurement. Embodiments disclose receiving a network measurement request, transmitting portions of the request to network devices, configuring the network devices to collect metrics from packet data based on the portions of the request, and performing operations to generate metrics as a response to the network measurement request. Embodiments also disclose a flexible, dynamically configurable packet parser. Other embodiments are also disclosed. | 04-14-2011 |
20110293097 | VIRTUAL MACHINE MEMORY COMPARTMENTALIZATION IN MULTI-CORE ARCHITECTURES - Techniques for memory compartmentalization for trusted execution of a virtual machine (VM) on a multi-core processing architecture are described. Memory compartmentalization may be achieved by encrypting layer 3 (L3) cache lines using a key under the control of a given VM within the trust boundaries of the processing core on which that VMs is executed. Further, embodiments described herein provide an efficient method for storing and processing encryption related metadata associated with each encrypt/decrypt operation performed for the L3 cache lines. | 12-01-2011 |
20110296201 | METHOD AND APPARATUS FOR TRUSTED EXECUTION IN INFRASTRUCTURE AS A SERVICE CLOUD ENVIRONMENTS - The present disclosure presents a method and apparatus configured to provide for the trusted execution of virtual machines (VMs) on a virtualization server, e.g., for executing VMs on a virtualization server provided within Infrastructure as a Service (IaaS) cloud environment. A physical multi-core CPU may be configured with a hardware trust anchor. The trust anchor itself may be configured to manage session keys used to encrypt/decrypt instructions and data when a VM (or hypervisor) is executed on one of the CPU cores. When a context switch occurs due to an exception, the trust anchor swaps the session key used to encrypt/decrypt the contents of memory and cache allocated to a VM (or hypervisor). | 12-01-2011 |
20110302400 | SECURE VIRTUAL MACHINE BOOTSTRAP IN UNTRUSTED CLOUD INFRASTRUCTURES - Techniques are described for securely booting and executing a virtual machine (VM) image in an untrusted cloud infrastructure. A multi-core processor may be configured with additional hardware components—referred to as a trust anchor. The trust anchor may be provisioned with a private/public key pair, which allows the multi-core CPU to authenticate itself as being able to securely boot and execute a virtual machine (VM) image in an untrusted cloud infrastructure. | 12-08-2011 |
20130091321 | METHOD AND APPARATUS FOR UTILIZING NAND FLASH IN A MEMORY SYSTEM HIERARCHY - In one embodiment, a method includes obtaining a request for data, determining if the data is present in a physical memory, and obtaining the data from a non-volatile random access memory if it is determined that the data is not present in the physical memory. The request is obtained by an overall system that includes the physical memory and the non-volatile random access memory, and the overall system is configured to push information from the physical memory to the non-volatile random access memory. | 04-11-2013 |
20130301584 | SYSTEM AND METHOD FOR ENABLING A VEHICULAR ACCESS NETWORK IN A VEHICULAR ENVIRONMENT - A method includes joining a vehicular access network (VAN) comprising cooperative communication between a plurality of on-board units (OBU) in respective vehicles, scanning the VAN to pick up a coverage of at least one infrastructure access point (IAP), which operates on a control channel in a radio access tree (RAT) comprising a plurality of cells, listening to a channel allocation information from the IAP that includes a request for a mobile cell gateway (MCG) at a nominal location in the RAT, and sending a candidacy message to the at least one IAP to become an MCG. Certain embodiments include establishing the VAN in a highway, and in urban areas, aggregating traffic in a cell and transmitting to the IAP via the MCG, and other features. | 11-14-2013 |
20140237456 | METHOD AND SYSTEM FOR DATA PLANE ABSTRACTION TO ENABLE A DYNAMIC CREATION OF NETWORK APPLICATIONS - The method includes receiving, by a data plane definition language compiler, a first data plane definition describing customized functionality of a data plane of a first network application, and compiling the data plane definition to generate a first set of customized data processing modules and a program interface that allows a control plane of the network application to access the first set of customized data processing modules. The method also includes loading the first set of customized data processing modules into a data plane container, wherein the network application is executed via a network operating system, and wherein, upon execution of the network application the customized data processing module causes the data plane container of the network application to process packets differently than prior to loading the customized data processing module in the data plane container. | 08-21-2014 |
20140337391 | METHOD AND SYSTEM FOR DATA PLANE ABSTRACTION TO ENABLE A NETWORK STORAGE PLATFORM ECOSYSTEM - A method for network storage by receiving, by a storage compiler, a first storage definition from a storage application developer, where the first storage definition describes a customized storage implementation for storing data in an abstraction of at least one physical storage device, compiling the first storage definition to generate a first customized storage implementation module, and loading the first customized storage implementation module into an IO engine. The first customized storage implementation module causes data to be stored in the at least one physical storage device differently than prior to loading the first customized storage implementation module in the IO engine. | 11-13-2014 |
20150029987 | SYSTEM AND METHOD FOR WIRELESS INTERFACE SELECTION AND FOR COMMUNICATION AND ACCESS CONTROL OF SUBSYSTEMS, DEVICES, AND DATA IN A VEHICULAR ENVIRONMENT - A method in one embodiment includes intercepting a message in an on-board unit (OBU) of a vehicular network environment between a source and a receiver in the vehicular network environment, verifying the message is sent from the source, verifying the message is not altered, evaluating a set of source flow control policies associated with the source, and blocking the message if the set of source flow control policies indicate the message is not permitted. In specific embodiments, the message is not permitted if a level of access assigned to the source in the set of source flow control policies does not match a level of access tagged on the message. In further embodiments, the method includes evaluating a set of receiver flow control policies associated with the receiver, and blocking the message if the set of receiver flow control policies indicates the message is not permitted. | 01-29-2015 |