Patent Grant
11775640
Computing devices can utilize communication networks to exchange data. Companies and organizations operate computer networks that interconnect a number of computing devices to support operations or provide services to third parties. The computing systems can be located in a single geographic location or located in multiple, distinct geographic locations (e.g., interconnected via private or public communication networks). Specifically, hosted computing environments or data processing centers, generally referred to herein as “data centers,” may include a number of interconnected computing systems to provide computing resources to users of the data center. The data centers may be private data centers operated on behalf of an organization, or public data centers operated on behalf, or for the benefit of, the general public.
To facilitate increased utilization of data center resources, virtualization technologies allow a single physical computing device to host one or more instances of virtual machines that appear and operate as independent computing devices to users of a data center. With virtualization, the single physical computing device can create, maintain, delete, or otherwise manage virtual machines in a dynamic manner. In turn, users can request computing resources from a data center, such as single computing devices or a configuration of networked computing devices, and be provided with varying numbers of virtual machine resources.
In some scenarios, a user can request that a data center provide computing resources to execute a particular task. The task may correspond to a set of computer-executable instructions, which the data center may then execute on behalf of the user. The data center may thus further facilitate increased utilization of data center resources.
Throughout the drawings, reference numbers may be re-used to indicate correspondence between referenced elements. The drawings are provided to illustrate example embodiments described herein and are not intended to limit the scope of the disclosure.
Generally described, aspects of the present disclosure relate to an on-demand code execution system. The on-demand code execution system enables rapid execution of code, which may be supplied by users of the on-demand code execution system. More specifically, aspects of the present disclosure relate to detecting and, in some embodiments, preventing the execution of malicious tasks on an on-demand code execution system while preserving user privacy with regard to the code being executed.
As described in detail herein, an on-demand code execution system—which in some instances is referred to as a “serverless” system—may provide a network-accessible service enabling users to submit or designate computer-executable code to be executed by virtual machine instances on the on-demand code execution system. Each set of code on the on-demand code execution system may define a “task,” and may implement specific functionality corresponding to that task when executed on a virtual machine instance of the on-demand code execution system. Because each task implements a given functionality, tasks may in some instances be also referred to as “functions.” Individual implementations of the task on the on-demand code execution system may be referred to as an “execution” of the task (or a “task execution”). The on-demand code execution system can further enable users to trigger execution of a task based on a variety of potential events, such as detecting new data at a network-based storage system, transmission of an application programming interface (“API”) call to the on-demand code execution system, or transmission of a specially formatted hypertext transport protocol (“HTTP”) packet to the on-demand code execution system. Thus, users may utilize the on-demand code execution system to execute any specified executable code “on-demand,” without requiring configuration or maintenance of the underlying hardware or infrastructure on which the code is executed. Further, the on-demand code execution system may be configured to execute tasks in a rapid manner (e.g., in under 100 milliseconds), thus enabling execution of tasks in “real-time” (e.g., with little or no perceptible delay to an end user).
The on-demand code-execution system may thus allow users to execute code in a serverless environment (e.g., one in which the underlying server is not under user control). The term “serverless environment,” as used herein, is intended to refer to an environment in which responsibility for managing generation, configuration, and state of an underlying execution environment is abstracted away from a user, such that the user need not, for example, create the execution environment, install an operating system within the execution environment, or manage a state of the environment in order to execute desired code in the environment. Similarly, the term “server-based environment” is intended to refer to an environment in which a user is at least partly responsible for managing generation, configuration, or state of an underlying execution environment in addition to executing desired code in the environment. One skilled in the art will thus appreciate that “serverless” and “server-based” may indicate the degree of user control over execution environments in which code is executed, rather than the actual absence or presence of a server.
As described in more detail below, the on-demand code execution system may include a worker manager configured to receive user code (threads, programs, etc., composed in any of a variety of programming languages) and execute the code in a highly scalable, low latency manner, without requiring user configuration of a virtual machine instance. Specifically, the worker manager can, prior to receiving the user code and prior to receiving any information from a user regarding any particular virtual machine instance configuration, create and configure virtual machine instances according to a predetermined set of configurations, each corresponding to any one or more of a variety of run-time environments. Thereafter, the worker manager receives user-initiated requests to execute code, and identifies a pre-configured virtual machine instance to execute the code based on configuration information associated with the request. The worker manager can further allocate the identified virtual machine instance to execute the user's code at least partly by creating and configuring containers inside the allocated virtual machine instance, and provisioning the containers with code of the task as well as a dependency code objects. Various embodiments for implementing a worker manager and executing user code on virtual machine instances is described in more detail in U.S. Pat. No. 9,323,556, entitled “PROGRAMMATIC EVENT DETECTION AND MESSAGE GENERATION FOR REQUESTS TO EXECUTE PROGRAM CODE,” and filed Sep. 30, 2014 (the “'556 Patent”), the entirety of which is hereby incorporated by reference.
As used herein, the term “virtual machine instance” is intended to refer to an execution of software or other executable code that emulates hardware to provide an environment or platform on which software may execute (an “execution environment”). Virtual machine instances are generally executed by hardware devices, which may differ from the physical hardware emulated by the virtual machine instance. For example, a virtual machine may emulate a first type of processor and memory while being executed on a second type of processor and memory. Thus, virtual machines can be utilized to execute software intended for a first execution environment (e.g., a first operating system) on a physical device that is executing a second execution environment (e.g., a second operating system). In some instances, hardware emulated by a virtual machine instance may be the same or similar to hardware of an underlying device. For example, a device with a first type of processor may implement a plurality of virtual machine instances, each emulating an instance of that first type of processor. Thus, virtual machine instances can be used to divide a device into a number of logical sub-devices (each referred to as a “virtual machine instance”). While virtual machine instances can generally provide a level of abstraction away from the hardware of an underlying physical device, this abstraction is not required. For example, assume a device implements a plurality of virtual machine instances, each of which emulate hardware identical to that provided by the device. Under such a scenario, each virtual machine instance may allow a software application to execute code on the underlying hardware without translation, while maintaining a logical separation between software applications running on other virtual machine instances. This process, which is generally referred to as “native execution,” may be utilized to increase the speed or performance of virtual machine instances. Other techniques that allow direct utilization of underlying hardware, such as hardware pass-through techniques, may be used as well.
While a virtual machine instance executing an operating system is described herein as one example of an execution environment, other execution environments are also possible. For example, tasks or other processes may be executed within a software “container,” which provides an isolated runtime environment without itself providing virtualization of hardware. Containers may be implemented within virtual machines to provide additional security, or may be run outside of a virtual machine instance. In general, containers may differ from virtual machines in that they do not provide a distinct operating system kernel, but instead utilize a kernel of an underlying operating system. A virtual machine instance, by contrast, may provide a discrete kernel under control of the virtual machine and separate from a kernel of an underlying OS (e.g., the hypervisor). In some embodiments, the on-demand code execution system as disclosed herein may execute tasks within “microVMs,” which represent virtual machines with reduced or minimized hardware emulation. Such microVMs may have operational characteristics (e.g., overhead resource consumption, startup time, etc.) similar to a container, but still provide kernel-level isolation.
The on-demand code execution system may therefore execute various tasks on behalf of users by executing user-submitted code corresponding to each task. The code submitted by users may generally make efficient use of the on-demand code execution system and may execute without detrimental impact on other users or computing systems. However, users may deliberately or inadvertently request execution of code that is malicious or that makes inefficient use of computing resources. For example, a user may submit code to the on-demand code execution system that relies on a third-party library, and the third-party library may include bitcoin mining software or other software that the user did not intend to execute. The user-submitted code may thus fraudulently consume resources of the on-demand code execution system for the benefit of someone other than the user. As a further example, a user may submit malicious code to the on-demand code execution system that attempts to propagate malware or that provides a command-and-control function for malware. These tasks are collectively referred to herein as “malicious tasks,” although it will be understood that this term may include tasks that are not malicious per se but that the operator of the on-demand code execution system desires to prevent or discourage from executing.
An on-demand code execution system may prevent execution of some malicious tasks using code inspection, which analyzes the user-submitted executable code itself to identify characteristics of malicious code. However, such techniques can be thwarted by obfuscating the malicious code (e.g., changing variable names or function names), encrypting the malicious code, or otherwise changing the appearance of the malicious code without changing its function. Similarly, an on-demand code execution system may attempt to identify some malicious tasks by analyzing the results of executing the user-submitted code to identify behaviors or activities associated with malicious code (e.g., port scanning, attempting to exploit known vulnerabilities, etc.). However, these techniques may be limited in their ability to prevent malicious execution before the fact, or may involve tradeoffs (e.g., quarantining the code in a controlled environment) that are detrimental to efficient and timely execution of user-submitted tasks. Further, subjecting user-submitted code to inspection or output monitoring may have privacy or security implications, and may not be permissible for some applications (e.g., code that must be compliant with HIPAA, Sarbanes-Oxley, or other security or privacy regulations).
To address these problems, an on-demand code execution system may implement a resource signature management system as described herein. A resource signature management system may generate a resource utilization signature for a user-submitted task. Execution of the user-submitted code may utilize varying quantities of the computing resources allocated to the associated virtual machine instance or container, and may utilize these resources at varying rates. For example, execution of a task may utilize a low amount of memory initially, gradually increase as the task continues to execute, and then taper off as the task nears completion. As a further example, a task may read a high volume of data from a storage device, write the data to memory, utilize a processor to analyze or manipulate the data, and then write the analyzed or manipulated data from memory to the storage device. A resource signature management system may thus determine a “fingerprint” or resource utilization signature for the task, and may compare the signature of the user-submitted task to the signatures of tasks that are associated with malicious code. The resource signature management system may then use the results of its analysis to warn users regarding code that could be harmful or undesirable, or to deny requests to execute such code. The resource signature utilization system may thus identify tasks that have similar or identical resource utilization despite differences in the respective code for the tasks. The resource signature management system may analyze resource utilization without impacting privacy or security, for example, by analyzing the quantity of reads and writes to a storage device without accessing the content that was read or written, analyzing memory allocation and de-allocation without accessing the contents of memory, and so forth.
As used herein, the terms “malicious task” or “malicious code” may generally refer to any task (or to the code corresponding to a task) that an operator of the on-demand code execution system desires to prevent from executing or to warn users before executing. Illustratively, malicious tasks may include code such as viruses, worms, Trojans, and the like. Malicious tasks may further include code that violates terms of service (e.g., code that launches denial of service attacks, sends bulk email, probes other servers for vulnerabilities, etc.), code that appears to be malfunctioning (e.g., a software package with a known defect or vulnerability that appears to have been triggered), or other code that may be desirable to prevent from executing on an on-demand code execution system or to alert a user of possible issues with executing. In some embodiments, malicious tasks may include tasks that make inefficient use of the resources of the on-demand code execution system. For example, code that mines blockchain-based currencies may be uneconomical to execute on the on-demand code execution system. Execution of such code may thus indicate that a user has been duped or deceived into requesting the execution of such code, or that the user's credentials have been stolen and are being used to execute such code at the user's expense.
In some embodiments, malicious code may be identified based on resource utilization characteristics (e.g., network utilization that is consistent with port scanning, processor utilization that is consistent with bitcoin mining, etc.), or based on analysis of the results of executing the task, or from pre-defined lists of “known” malware. Resource utilization signatures for tasks that have been identified as malicious tasks may then be generated in a controlled environment, which in various embodiments may be within the on-demand code execution system or an external system.
As will be appreciated by one of skill in the art in light of the present disclosure, the embodiments disclosed herein improve the ability of computing systems, such as on-demand code execution systems, to execute code in an efficient manner. Moreover, the presently disclosed embodiments address technical problems inherent within computing systems; specifically, the problems of detecting and preventing execution of malicious tasks in an on-demand code execution system. These technical problems are addressed by the various technical solutions described herein, including the implementation of a resource utilization signature analysis system within an on-demand code execution system to detect and prevent execution of malicious tasks. For example, the use of resource utilization signatures enables identification of malicious tasks without reference to the code itself and without reference to the output produced by the code, which overcomes various techniques used by malware authors to disguise code or its actions (e.g., encrypting the code, obfuscating the code, disguising malware output as other network traffic, etc.) as described above. Identifying malicious tasks without reference to the code also provides greater security to users submitting code that contains trade secrets or other proprietary information, since the resource utilization signature can be generated without granting access to the code. Thus, the present disclosure represents an improvement on existing data processing systems and computing systems in general.
Embodiments of the disclosure will now be described with reference to the accompanying figures, wherein like numerals refer to like elements throughout. The terminology used in the description presented herein is not intended to be interpreted in any limited or restrictive manner, simply because it is being utilized in conjunction with a detailed description of certain embodiments. Furthermore, various embodiments may include several novel features, no single one of which is solely responsible for its desirable attributes or which is essential to practicing the embodiments herein described.
The illustrative environment 100 further includes one or more network-based data storage services 108, which are configured to enable the on-demand code execution system 110 to store and retrieve data from one or more persistent or substantially persistent data sources. Illustratively, the network-based data storage services 108 may enable the on-demand code execution system 110 to store information corresponding to a task, such as code or metadata, to store additional code objects representing dependencies of tasks, to retrieve data to be processed during execution of a task, and to store information (e.g., results) regarding that execution. The network-based data storage services 108 may represent, for example, a relational or non-relational database. In another example, the network-based data storage services 108 may represent a network-attached storage (NAS), configured to provide access to data arranged as a file system. In yet another example, the network-based data storage services 108 may represent a block-based storage system providing virtualized block storage devices, or an object-based storage system providing storage at an object level. The network-based data storage services 108 may further enable the on-demand code execution system 110 to query for and retrieve information regarding data stored within the on-demand code execution system 110, such as by querying for a number of relevant objects, files or records; sizes of those objects, files or records; file, object or record names; file, object or record creation times; etc. In some instances, the network-based data storage services 108 may provide additional functionality, such as the ability to separate data into logical groups (e.g., groups associated with individual accounts, etc.). While shown as distinct from the auxiliary services 106, the network-based data storage services 108 may in some instances also represent a type of auxiliary service 106.
The user computing devices 102, auxiliary services 106, and network-based data storage services 108 may communicate with the on-demand code execution system 110 via a network 104, which may include any wired network, wireless network, or combination thereof. For example, the network 104 may be a personal area network, local area network, wide area network, over-the-air broadcast network (e.g., for radio or television), cable network, satellite network, cellular telephone network, or combination thereof. As a further example, the network 104 may be a publicly accessible network of linked networks, possibly operated by various distinct parties, such as the Internet. In some embodiments, the network 104 may be a private or semi-private network, such as a corporate or university intranet. The network 104 may include one or more wireless networks, such as a Global System for Mobile Communications (GSM) network, a Code Division Multiple Access (CDMA) network, a Long Term Evolution (LTE) network, or any other type of wireless network. The network 104 can use protocols and components for communicating via the Internet or any of the other aforementioned types of networks. For example, the protocols used by the network 104 may include Hypertext Transfer Protocol (HTTP), HTTP Secure (HTTPS), Message Queue Telemetry Transport (MQTT), Constrained Application Protocol (CoAP), and the like. Protocols and components for communicating via the Internet or any of the other aforementioned types of communication networks are well known to those skilled in the art and, thus, are not described in more detail herein.
In the example of
In
With reference now to
Further, the on-demand code execution system 110 may be implemented directly in hardware or software executed by hardware devices and may, for instance, include one or more physical or virtual servers implemented on physical computer hardware configured to execute computer executable instructions for performing various features that will be described herein. The one or more servers may be geographically dispersed or geographically co-located, for instance, in one or more data centers. In some instances, the one or more servers may operate as part of a system of rapidly provisioned and released computing resources, often referred to as a “cloud computing environment.”
To enable interaction with the on-demand code execution system 110, the system 110 includes one or more frontends 120, which enable interaction with the on-demand code execution system 110. In an illustrative embodiment, the frontends 120 serve as a “front door” to the other services provided by the on-demand code execution system 110, enabling users (via user computing devices 102) to provide, request execution of, and view results of executing computer executable code. The frontends 120 include a variety of components to enable interaction between the on-demand code execution system 110 and other computing devices. For example, each frontend 120 may include a request interface providing user computing devices 102 with the ability to upload or otherwise communication user-specified code to the on-demand code execution system 110 and to thereafter request execution of that code. In one embodiment, the request interface communicates with external computing devices (e.g., user computing devices 102, auxiliary services 106, etc.) via a graphical user interface (GUI), CLI, or API. The frontends 120 process the requests and makes sure that the requests are properly authorized. For example, the frontends 120 may determine whether the user associated with the request is authorized to access the user code specified in the request.
References to user code as used herein may refer to any program code (e.g., a program, routine, subroutine, thread, etc.) written in a specific program language. In the present disclosure, the terms “code,” “user code,” and “program code,” may be used interchangeably. Such user code may be executed to achieve a specific function, for example, in connection with a particular web application or mobile application developed by the user. As noted above, individual collections of user code (e.g., to achieve a specific function) are referred to herein as “tasks,” while specific executions of that code (including, e.g., compiling code, interpreting code, or otherwise making the code executable) are referred to as “task executions” or simply “executions.” Tasks may be written, by way of non-limiting example, in JavaScript (e.g., node.js), Java, Python, and/or Ruby (and/or another programming language). Tasks may be “triggered” for execution on the on-demand code execution system 110 in a variety of manners. In one embodiment, a user or other computing device may transmit a request to execute a task may, which can generally be referred to as “call” to execute of the task. Such calls may include the user code (or the location thereof) to be executed and one or more arguments to be used for executing the user code. For example, a call may provide the user code of a task along with the request to execute the task. In another example, a call may identify a previously uploaded task by its name or an identifier. In yet another example, code corresponding to a task may be included in a call for the task, as well as being uploaded in a separate location (e.g., storage of data storage services 108 or a storage system internal to the on-demand code execution system 110) prior to the request being received by the on-demand code execution system 110. As noted above, the code for a task may reference additional code objects maintained at the on-demand code execution system 110 by use of identifiers of those code objects, such that the code objects are combined with the code of a task in an execution environment prior to execution of the task. The on-demand code execution system 110 may vary its execution strategy for a task based on where the code of the task is available at the time a call for the task is processed. A request interface of the frontend 120 may receive calls to execute tasks as Hypertext Transfer Protocol Secure (HTTPS) requests from a user. Also, any information (e.g., headers and parameters) included in the HTTPS request may also be processed and utilized when executing a task. As discussed above, any other protocols, including, for example, HTTP, MQTT, and CoAP, may be used to transfer the message containing a task call to the request interface.
A call to execute a task may specify one or more third-party libraries (including native libraries) to be used along with the user code corresponding to the task. In one embodiment, the call may provide to the on-demand code execution system 110 a file containing the user code and any libraries (and/or identifications of storage locations thereof) corresponding to the task requested for execution. In some embodiments, the call includes metadata that indicates the program code of the task to be executed, the language in which the program code is written, the user associated with the call, and/or the computing resources (e.g., memory, etc.) to be reserved for executing the program code. For example, the program code of a task may be provided with the call, previously uploaded by the user, provided by the on-demand code execution system 110 (e.g., standard routines), and/or provided by third parties. Illustratively, code not included within a call or previously uploaded by the user may be referenced within metadata of the task by use of a URI associated with the code. In some embodiments, such resource-level constraints (e.g., how much memory is to be allocated for executing a particular user code) are specified for the particular task, and may not vary over each execution of the task. In such cases, the on-demand code execution system 110 may have access to such resource-level constraints before each individual call is received, and the individual call may not specify such resource-level constraints. In some embodiments, the call may specify other constraints such as permission data that indicates what kind of permissions or authorities that the call invokes to execute the task. Such permission data may be used by the on-demand code execution system 110 to access private resources (e.g., on a private network). In some embodiments, individual code objects may also be associated with permissions or authorizations. For example, a third party may submit a code object and designate the object as readable by only a subset of users. The on-demand code execution system 110 may include functionality to enforce these permissions or authorizations with respect to code objects.
In some embodiments, a call may specify the behavior that should be adopted for handling the call. In such embodiments, the call may include an indicator for enabling one or more execution modes in which to execute the task referenced in the call. For example, the call may include a flag or a header for indicating whether the task should be executed in a debug mode in which the debugging and/or logging output that may be generated in connection with the execution of the task is provided back to the user (e.g., via a console user interface). In such an example, the on-demand code execution system 110 may inspect the call and look for the flag or the header, and if it is present, the on-demand code execution system 110 may modify the behavior (e.g., logging facilities) of the container in which the task is executed, and cause the output data to be provided back to the user. In some embodiments, the behavior/mode indicators are added to the call by the user interface provided to the user by the on-demand code execution system 110. Other features such as source code profiling, remote debugging, etc. may also be enabled or disabled based on the indication provided in a call.
To manage requests for code execution, the frontend 120 can include an execution queue (not shown in
As noted above, tasks may be triggered for execution at the on-demand code execution system 110 based on explicit calls from user computing devices 102 (e.g., as received at the request interface). Alternatively or additionally, tasks may be triggered for execution at the on-demand code execution system 110 based on data retrieved from one or more auxiliary services 106 or network-based data storage services 108. To facilitate interaction with auxiliary services 106, the frontend 120 can include a polling interface (not shown in
In addition to tasks executed based on explicit user calls and data from auxiliary services 106, the on-demand code execution system 110 may in some instances operate to trigger execution of tasks independently. For example, the on-demand code execution system 110 may operate (based on instructions from a user) to trigger execution of a task at each of a number of specified time intervals (e.g., every 10 minutes).
The frontend 120 can further include an output interface (not shown in
In some embodiments, the on-demand code execution system 110 may include multiple frontends 120. In such embodiments, a load balancer (not shown in
To execute tasks, the on-demand code execution system 110 includes one or more worker managers 140 that manage the execution environments used for servicing incoming calls to execute tasks. In the example illustrated in
The containers 158A-D, virtual machine instances 154A-D, and host computing devices 150A-B may further include language runtimes, code libraries, or other supporting functions (not depicted in
Although the virtual machine instances 154A-D are described here as being assigned to a particular task, in some embodiments, an instance 154A-D may be assigned to a group of tasks, such that the instance is tied to the group of tasks and any member of the group can utilize resources on the instance. For example, the tasks in the same group may belong to the same security group (e.g., based on their security credentials) such that executing one task in a container on a particular instance after another task has been executed in another container on the same instance does not pose security risks. Similarly, the worker managers 140 may assign the instances and the containers according to one or more policies that dictate which requests can be executed in which containers and which instances can be assigned to which tasks. An example policy may specify that instances are assigned to collections of tasks created under the same account (e.g., account for accessing the services provided by the on-demand code execution system 110). In some embodiments, the requests associated with the same tasks group may share the same containers.
Once a triggering event to execute a task has been successfully processed by a frontend 120, the frontend 120 passes a request to a worker manager 140 to execute the task. In one embodiment, each frontend 120 may be associated with a corresponding worker manager 140 (e.g., a worker manager 140 co-located or geographically nearby to the frontend 120) and thus the frontend 120 may pass most or all requests to that worker manager 140. In another embodiment, a frontend 120 may include a location selector configured to determine a worker manager 140 to which to pass the execution request. In one embodiment, the location selector may determine the worker manager 140 to receive a call based on hashing the call, and distributing the call to a worker manager 140 selected based on the hashed value (e.g., via a hash ring). Various other mechanisms for distributing calls between worker managers 140 will be apparent to one of skill in the art.
As shown in
In the illustrated embodiment, the host computing devices 150A and 150B include a resource signature generator 162A and 162B respectively. Illustratively, the resource signature generators 162A and 162B may monitor the utilization of computing resources and generate resource utilization signatures for tasks that are executed on the respective host computing devices 150A and 150B by monitoring utilization of computing resources by the virtual machine instance 154A-D (or, in some embodiments, the container 158A-D) that executes the task on the respective host computing device 150A or 150B. As described in more detail below, monitored computing resources may include physical or virtual resources, and the resource signature generators 162A and 162B may collect resource utilization metrics such as processor utilization (which may include central processing unit or “CPU” utilization, graphics processing unit or “GPU” utilization, tensor processing unit or “TPU” utilization, other processing unit utilization, and various combinations thereof), memory utilization, memory throughput (e.g., the volume of reads and writes to memory during a specified time interval), network throughput, data store utilization, data store throughput, and other such measurements. The resource signature generators 162A and 162B may further generate resource utilization signatures based on the collected resource utilization metrics, as described in more detail below.
The on-demand code execution system 110 may further include a resource signature management system 170. The resource signature management system 170 may include a resource signature analyzer 172, which as described in more detail below may analyze resource utilization signatures of user-submitted tasks and determine whether a signature corresponds to a malicious task signature. The resource signature management system 170 may further include a resource signature data store 174, which may store resource utilization signatures of previously executed tasks and/or resource utilization signatures of tasks that have been identified as or associated with malicious tasks. The resource signature data store 174 may illustratively be any non-transitory computer readable storage medium.
While depicted in
While some functionalities are generally described herein with reference to an individual component of the on-demand code execution system 110, other components or a combination of components may additionally or alternatively implement such functionalities. For example, a worker manager 140 may operate to provide functionality associated with collecting or analyzing resource utilization signatures from host computing devices 150A-B as described herein.
The resource signature management system 170 includes a processor 202, input/output device interfaces 204, a network interface 206, and the resource signature data store 174, all of which may communicate with one another by way of a communication bus 210. The network interface 206 may provide connectivity to one or more networks or computing systems. The processor 202 may thus receive information and instructions from other computing systems or services via the network 104. The processor 202 may also communicate to and from a memory 220 and further provide output information for an optional display (not shown) via the input/output device interfaces 204. The input/output device interfaces 204 may also accept input from an optional input device (not shown). The resource signature data store 176 may generally be any non-transitory computer-readable data store, including but not limited to hard drives, solid state devices, magnetic media, flash memory, and the like. In some embodiments, the resource signature data store 176 may be implemented as a database, web service, or cloud computing service, and may be external to the resource signature management system 170 (e.g., the data storage services 108 depicted in
The memory 220 may contain computer program instructions (grouped as modules in some embodiments) that the processor 202 executes in order to implement one or more aspects of the present disclosure. The memory 220 generally includes random access memory (RAM), read only memory (ROM) and/or other persistent, auxiliary or non-transitory computer readable media. The memory 220 may store an operating system 222 that provides computer program instructions for use by the processor 202 in the general administration and operation of the resource signature management system 170. The memory 220 may further include computer program instructions and other information for implementing aspects of the present disclosure. For example, in one embodiment, the memory 220 includes a user interface module 224 that generates interfaces (and/or instructions therefor) for interacting with the frontends 120, worker managers 140, or other computing devices, e.g., via an API, CLI, and/or Web interface. In addition, the memory 220 may include and/or communicate with one or more data repositories (not shown), for example, to access user program codes and/or libraries.
In the illustrated embodiment, the memory 220 further includes the resource signature analyzer 172, which (as described in more detail below with reference to
In some embodiments, the resource signature management system 170 may further include components other than those illustrated in
At (3), the virtual machine instance 154 provides resource utilization metrics to the resource signature generator 162. In various embodiments, the virtual machine instance 154 may provide resource utilization metrics before, during, or after the interaction at (2). In further embodiments, the virtual machine instance 154 may provide resource utilization metrics periodically (e.g., once every 100 milliseconds), in response to resource utilization (e.g., a change in processor utilization that exceeds a threshold), in conjunction with an event on the virtual machine instance 154 (e.g., starting, ending, pausing, or resuming execution of the user-submitted scode), by request of the resource signature generator 162, or in accordance with other criteria. Resource utilization metrics may include, for example, the total amount of memory allocated, the quantity of data written or read from memory within a specified time interval, a percentage of processor utilization, an amount of network bandwidth consumed, and the like. In various embodiments, resource utilization may be measured with regard to real or virtual resources.
At (4), the resource signature generator 162 may process the collected resource utilization metrics to generate a resource utilization signature for the user-submitted task. In various embodiments, the resource signature generator 162 may generate a locality sensitive hash value, one or more vectors, numerical score, or other representation of the resource utilization that occurred during execution of the task. For example, the resource signature generator 162 may generate a processor utilization vector such as [31%, 15%, 14%, 53%, 38%, 42%, 71%, 27%, 19%, 21%], which may indicate that processor utilization averaged 31% during a first time interval in which the task was executing, 15% during a second time interval, and so forth. In some embodiments, resource utilization metrics may be scaled or converted to a measure (e.g., floating point operations per second) that enables comparison between computing resources that vary in terms of capabilities, such as faster or slower processors. The resource signature generator 162 may generate similar vectors for utilization of other computing resources, such as an amount or percentage of memory utilized or a number of input/output operations for a data store, and may thus generate a multidimensional vector representing utilization of multiple computing resources or different measures of utilization of a computing resource. As a further example, the resource signature generator 162 may generate a locality sensitive hash value that represents a utilization pattern, such that other user-submitted tasks with similar utilization patterns will have similar has values. For example, the resource signature generator 162 may generate a value in accordance with a hash function ƒ that maps a point or points in a multidimensional coordinate space to a scalar value in a manner that preserves the relative distance between the input coordinates and output scalar values. In some embodiments, hash values may be generated within a range of possible values (e.g., 1 to 1,000), and hash values at distant ends of the scale may indicate a utilization pattern and its opposite. For example, a task with a hash value of 250 may have relatively high processor utilization and relatively low memory utilization, while a task with a hash value of 750 may have the opposite pattern.
At (5), the resource signature generator 162 may provide the generated resource signature to the resource signature analyzer 172. At (6), the resource signature analyzer 172 may request historical signatures from the resource signature data store 174. In some embodiments, the resource signature analyzer 172 may instead query a search engine for a historical signature that is similar to or matches the resource utilization signature generated at (4). In other embodiments, the resource signature analyzer 172 may request a collection of “known” malicious task signatures from the resource signature data store 174. At (7), the resource signature data store 174 provides the requested historical signatures to the resource signature analyzer 172.
At (8), the resource signature analyzer 172 may analyze the generated resource utilization signature and the historical signatures to determine whether the generated resource utilization signature corresponds to a malicious task signature. In some embodiments, the resource signature analyzer 172 may determine whether the generated resource utilization signature matches a malicious task signature. In other embodiments, the resource signature analyzer 172 may determine whether the generated resource utilization signature is within a predetermined range of a malicious task signature. For example, the resource signature analyzer 172 may compare a task with a resource utilization hash value of 732 to a list of known malicious task signatures, and determine that the hash value corresponds to or is within a specified value of a malicious task signature. In some embodiments, the resource signature analyzer 172 may use techniques known in the art, such as multivariate dynamic time warping, string edit distance, the Needleman-Wunsch algorithm, or similar approaches to compare resource utilization signatures. For example, the resource utilization signature generated at (4) may be generated in a computing environment with a processor that is faster or slower than the processor that was in use when the historical signatures were generated. The resource signature analyzer 172 may therefore use dynamic time warping to enable comparison of processor utilization between the signatures. In other embodiments, the resource signature analyzer 172 may use a k-nearest neighbor algorithm, a variety of which are known in the art, or similar techniques to compare locality sensitive hash scores. It will be understood that the present disclosure is not limited to a particular technique for comparing resource utilization signatures, and may use various techniques or combinations of techniques as needed to enable comparison.
In some embodiments, a machine learning algorithm may be selected and trained using the historical signatures (or subsets thereof) as training data in order to produce one or more trained models, and the resource signature analyzer 172 may select one or more trained models based on a confidence level in the results produced by individual trained models of the set. For example, the resource signature analyzer 172 may use a recurrent neural network or other machine learning model to determine a probability that a particular model correctly identifies malicious signatures based on the outcomes of applying the model to training data, and then may apply this model to the generated resource utilization signature to obtain a probability that the generated signature corresponds to a malicious signature. In further embodiments, different models may be trained to recognize different malicious resource utilization signatures, and the resource signature analyzer 172 may apply multiple models to determine whether the generated resource utilization signature corresponds to a malicious task signature. A variety of probabilistic classifier machine learning algorithms are known in the art and may be utilized to predict a classification (e.g., malicious or non-malicious) of a resource usage signature, based on training data that designates individual historical signatures as malicious or non-malicious.
In some embodiments, the resource signature analyzer 172 may determine that a portion of the resource utilization signature corresponds to a malware signature. For example, a malicious actor may insert code into a library or function that causes a user-submitted task to perform bitcoin mining in addition to the task that the user submitted to be executed. The resource signature analyzer 172 may thus determine a difference between the resource utilization signature for the current task and the resource utilization signature for a task previously executed on behalf of the same user, and may determine that this difference corresponds to a malicious task.
If a malicious task signature is detected, then at (9) the resource signature analyzer 172 notifies the user device 102 that the user-submitted task appears to correspond to malware based on its resource utilization. In some embodiments, the resource signature analyzer 172 may halt execution of the user-submitted code, add the user-submitted code to a blacklist, cause future executions of the user-submitted code to be throttled or assigned lower priorities, or otherwise limit execution of the user-submitted code. In other embodiments, the resource signature analyzer 172 may cause the user interface module 224 to generate a user interface that prompts the user as to whether they wish to proceed with execution. In further embodiments, the user may indicate that execution should proceed, and the resource signature analyzer 172 may whitelist the user-submitted code and/or its resource utilization signature.
In some embodiments, the resource signature analyzer 172 may notify a user account, administrator account, or another responsible party instead of, or in addition to, notifying the user device 102. Illustratively, the resource signature analyzer 172 may notify a responsible party that what appears to be malware has been submitted for execution to address the possibility that the user device 102 has been compromised by a malicious user, who is intentionally requesting execution of malware from an account they do not own. The resource signature analyzer 172 may therefore send a notification to, e.g., a contact email address associated with the user account, an administrator email address, or another party who can determine whether the user device 102 and/or an associated user account has been compromised.
In some embodiments, the interactions at (3)-(8) may be carried out repeatedly during the interaction at (2), and the resource signature analyzer 172 may detect and halt execution of a malicious task at a relatively early stage of execution. For example, the resource signature analyzer 172 may develop a confidence level that the resource utilization signature for an in-progress execution of a task corresponds to a malicious task signature, and may alert the user when the confidence level exceeds a threshold. As a further example, the resource signature analyzer 172 may halt execution of the task when the confidence level exceeds a threshold.
It will be understood that
At decision block 404, a determination is made as to whether the user-submitted task has previously been executed by the on-demand code execution system. For example, a checksum may be obtained for the code associated with the user-submitted task, and the determination may be as to whether a resource utilization signature corresponding to the checksum was previously generated. If the determination is that the task has not previously been executed, then at block 406 resource utilization may be monitored during execution of the task. As described above, monitoring of utilization may include, for example periodic, threshold-based, or event-based collection of resource utilization metrics, such as processor utilization, data store utilization, network bandwidth consumption, memory throughput, and the like. For example, metrics may be periodically collected that measure the quantity of data transmitted in the most recent time period, the quantity of data received in the time period, the quantity of data read or written to memory, the amount of memory allocated, processor utilization, and the like. In various embodiments, metrics may be obtained in absolute terms (e.g., a number of reads/writes per time interval or a quantity of data written during the time interval) or relative terms (e.g., a percentage of available bandwidth consumed, a percentage of time the processor is idle, etc.), and may be scaled, converted, or normalized as necessary.
At block 408, a resource utilization signature corresponding to the task may be generated based on the collected resource utilization metrics. As described above, the resource utilization signature may be a locality sensitive hash value, vector(s), numerical value, or other representation of the computing resource utilization during execution of the task. For example, the resource utilization signature may be generated using a locality sensitive hash function that takes processor utilization and data store reads/writes per second as input, and provides a scalar value between 1 and 100 as output. The output of the hash function may be such that values at or near 25 represent high processor utilization and low data store utilization, values near 50 represent high processor utilization and high data store utilization, values near 75 represent low processor utilization and high data store utilization, and values near 100 (or 1) represent low processor utilization and low data store utilization. The resource utilization signature may thus group tasks with similar resource utilization together, and may indicate that tasks with “opposite” resource utilization are at maximum distances from each other on a scale that “wraps around” at the high and low values. At block 410, in some embodiments, the generated resource utilization signature may be stored in a data store for later retrieval (e.g., during subsequent invocations of the routine 400). Illustratively, the generated resource utilization signature may be associated with a unique identifier for the task, such as an ID number, that allows the routine 400 to recognize subsequent requests to execute the same task.
At block 412, the generated resource utilization signature may be analyzed and compared to the signatures of previously executed tasks. As described above, the resource utilization signature may be generated using a locality sensitive hashing function, which preserves the distance between similar input values while reducing the input to a lower number of dimensions. The lower-dimension hash values (e.g., scalar values) may then be compared directly and analyzed as to whether they are within a threshold distance of each other. In some embodiments, the resource utilization signature associated with the user-submitted task may be compared to signatures that were generated based on the resource utilization of a malicious task in a controlled environment rather than signatures that were generated by previous executions of the routine 400. It will thus be understood that, in some embodiments, the routine 400 may detect subsequent requests to execute a malicious task after an initial request to execute a particular malicious task has been carried out and a resource utilization signature has been partially or fully generated.
In some embodiments, the resource utilization signature generated at block 408 may correspond to partial execution of the task, and may be compared at block 412 to historical signatures that correspond to partial execution of historical tasks. Such comparisons may facilitate earlier recognition (e.g., during the execution of the task) that the current task corresponds to a previously executed task. In some embodiments, partial resource utilization signatures may further be associated with confidence levels. For example, a historical signature for the first tenth of a previously executed task may be associated with a 20% probability of being the same task, a historical signature for the first third of the previously executed task may be associated with a 70% probability of being the same task, and so forth. In further embodiments, historical resource utilization signatures may correspond to portions of a task, such that resource utilization during the middle third of a task can be compared to the middle third of a historical task. Illustratively, a first signature may be generated based on resource utilization during the first tenth of a task's execution, which may be used to identify a subset of historical tasks that may correspond to the currently executing task. A second signature may then be generated based on resource utilization during the second tenth of the task's execution, and the second signature may be used to filter the subset or to revise confidence levels for potentially corresponding tasks in the subset. Further signatures may be similarly generated and used to identify the historical task that is most likely to correspond.
At decision block 414, a determination may be made as to whether the generated resource utilization signature corresponds to an existing signature. In various embodiments, as discussed above, the determination may be as to whether the generated resource utilization signature matches an existing signature, is within a defined range of an existing signature, or otherwise corresponds to an existing signature or satisfies a criterion with regard to an existing signature. For example, a signature that comprises a vector representing utilization of various resources may correspond to an existing signature if a threshold number of elements of the vector correspond to each other. As a further example, a signature that comprises a matrix representing utilization of various resources over time may correspond to an existing signature if a threshold number of matrix rows correspond. If the determination is that the generated resource utilization signature corresponds to an existing signature, then the routine 400 branches to decision block 418, where a determination may be made as to whether the existing signature is a malware signature. If so, then at block 420 the user may be notified that the resource utilization signature of the submitted task corresponds to a malware signature. If the determination at decision block 418 is that the generated resource utilization signature does not correspond to a malware signature, or if the determination at decision block 414 is that the generated signature does not correspond to an existing signature, then the routine 400 ends. In some embodiments, as described above, all or part of the routine 400 may be carried out repeatedly during execution of the user-submitted task, and a confidence level may be determined as to whether the resource utilization signature of an in-progress task corresponds to a malicious task. The determination at decision block 418 may thus be a determination as to whether the confidence level satisfies a threshold. In other embodiments, as described above, confidence levels may be determined as to whether the generated signature corresponds to each of a set of malicious tasks, and the determination at decision block 418 may be as to whether any of the confidence levels exceed a threshold.
If the determination at decision block 404 is that the user-submitted task has previously been executed by the on-demand code execution system, then the routine 400 branches to block 416, where a resource utilization signature for the task may be obtained. Illustratively, the resource utilization signature from a previous execution of the task may be obtained to prevent the routine 400 from redundantly collecting the signature of a task that has already been fingerprinted. The routine 400 then continues at decision block 418, where a determination may be made as to whether the resource utilization signature of the requested task corresponds to a malicious task signature, as described above. In some embodiments, the outcome of a previous determination at decision block 418 may be associated with the user-submitted task and stored as a whitelist or blacklist, and subsequent executions of the routine 400 may instead obtain the whitelist or blacklist and determine whether the user-submitted task is on it.
It will be understood that
It is to be understood that not necessarily all objects or advantages may be achieved in accordance with any particular embodiment described herein. Thus, for example, those skilled in the art will recognize that certain embodiments may be configured to operate in a manner that achieves or optimizes one advantage or group of advantages as taught herein without necessarily achieving other objects or advantages as may be taught or suggested herein.
All of the processes described herein may be embodied in, and fully automated via, software code modules, including one or more specific computer-executable instructions, that are executed by a computing system. The computing system may include one or more computers or processors. The code modules may be stored in any type of non-transitory computer-readable medium or other computer storage device. Some or all the methods may be embodied in specialized computer hardware.
Many other variations than those described herein will be apparent from this disclosure. For example, depending on the embodiment, certain acts, events, or functions of any of the algorithms described herein can be performed in a different sequence, can be added, merged, or left out altogether (e.g., not all described acts or events are necessary for the practice of the algorithms). Moreover, in certain embodiments, acts or events can be performed concurrently, e.g., through multi-threaded processing, interrupt processing, or multiple processors or processor cores or on other parallel architectures, rather than sequentially. In addition, different tasks or processes can be performed by different machines and/or computing systems that can function together.
The various illustrative logical blocks and modules described in connection with the embodiments disclosed herein can be implemented or performed by a machine, such as a processing unit or processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. A processor can be a microprocessor, but in the alternative, the processor can be a controller, microcontroller, or state machine, combinations of the same, or the like. A processor can include electrical circuitry configured to process computer-executable instructions. In another embodiment, a processor includes an FPGA or other programmable device that performs logic operations without processing computer-executable instructions. A processor can also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration. Although described herein primarily with respect to digital technology, a processor may also include primarily analog components. A computing environment can include any type of computer system, including, but not limited to, a computer system based on a microprocessor, a mainframe computer, a digital signal processor, a portable computing device, a device controller, or a computational engine within an appliance, to name a few.
Conditional language such as, among others, “can,” “could,” “might,” or “may,” unless specifically stated otherwise, are otherwise understood within the context as used in general to convey that certain embodiments include, while other embodiments do not include, certain features, elements and/or steps. Thus, such conditional language is not generally intended to imply that features, elements and/or steps are in any way required for one or more embodiments or that one or more embodiments necessarily include logic for deciding, with or without user input or prompting, whether these features, elements and/or steps are included or are to be performed in any particular embodiment.
Disjunctive language such as the phrase “at least one of X, Y, or Z,” unless specifically stated otherwise, is otherwise understood with the context as used in general to present that an item, term, etc., may be either X, Y, or Z, or any combination thereof (e.g., X, Y, and/or Z). Thus, such disjunctive language is not generally intended to, and should not, imply that certain embodiments require at least one of X, at least one of Y, or at least one of Z to each be present.
Any process descriptions, elements or blocks in the flow diagrams described herein and/or depicted in the attached figures should be understood as potentially representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or elements in the process. Alternate implementations are included within the scope of the embodiments described herein in which elements or functions may be deleted, executed out of order from that shown, or discussed, including substantially concurrently or in reverse order, depending on the functionality involved as would be understood by those skilled in the art.
Unless otherwise explicitly stated, articles such as “a” or “an” should generally be interpreted to include one or more described items. Accordingly, phrases such as “a device configured to” are intended to include one or more recited devices. Such one or more recited devices can also be collectively configured to carry out the stated recitations. For example, “a processor configured to carry out recitations A, B, and C” can include a first processor configured to carry out recitation A working in conjunction with a second processor configured to carry out recitations B and C.
| Number | Name | Date | Kind |
|---|---|---|---|
| 4949254 | Shorter | Aug 1990 | A |
| 5283888 | Dao et al. | Feb 1994 | A |
| 5970488 | Crowe et al. | Oct 1999 | A |
| 6385636 | Suzuki | May 2002 | B1 |
| 6463509 | Teoman et al. | Oct 2002 | B1 |
| 6501736 | Smolik et al. | Dec 2002 | B1 |
| 6523035 | Fleming et al. | Feb 2003 | B1 |
| 6708276 | Yarsa et al. | Mar 2004 | B1 |
| 7036121 | Casabona et al. | Apr 2006 | B1 |
| 7590806 | Harris et al. | Sep 2009 | B2 |
| 7665090 | Tormasov et al. | Feb 2010 | B1 |
| 7707579 | Rodriguez | Apr 2010 | B2 |
| 7730464 | Trowbridge | Jun 2010 | B2 |
| 7774191 | Berkowitz et al. | Aug 2010 | B2 |
| 7823186 | Pouliot | Oct 2010 | B2 |
| 7886021 | Scheifler et al. | Feb 2011 | B2 |
| 8010990 | Ferguson et al. | Aug 2011 | B2 |
| 8024564 | Bassani et al. | Sep 2011 | B2 |
| 8046765 | Cherkasova et al. | Oct 2011 | B2 |
| 8051180 | Mazzaferri et al. | Nov 2011 | B2 |
| 8051266 | DeVal et al. | Nov 2011 | B2 |
| 8065676 | Sahai et al. | Nov 2011 | B1 |
| 8065682 | Baryshnikov et al. | Nov 2011 | B2 |
| 8095931 | Chen et al. | Jan 2012 | B1 |
| 8127284 | Meijer et al. | Feb 2012 | B2 |
| 8146073 | Sinha | Mar 2012 | B2 |
| 8166304 | Murase et al. | Apr 2012 | B2 |
| 8171473 | Lavin | May 2012 | B2 |
| 8209695 | Pruyne et al. | Jun 2012 | B1 |
| 8219987 | Vlaovic et al. | Jul 2012 | B1 |
| 8321554 | Dickinson | Nov 2012 | B2 |
| 8321558 | Sirota et al. | Nov 2012 | B1 |
| 8336079 | Budko et al. | Dec 2012 | B2 |
| 8352608 | Keagy et al. | Jan 2013 | B1 |
| 8387075 | McCann et al. | Feb 2013 | B1 |
| 8429282 | Ahuja | Apr 2013 | B1 |
| 8448165 | Conover | May 2013 | B1 |
| 8490088 | Tang | Jul 2013 | B2 |
| 8555281 | Van Dijk et al. | Oct 2013 | B1 |
| 8566835 | Wang et al. | Oct 2013 | B2 |
| 8613070 | Borzycki et al. | Dec 2013 | B1 |
| 8631130 | Jackson | Jan 2014 | B2 |
| 8677359 | Gavage et al. | Mar 2014 | B1 |
| 8694996 | Cawlfield et al. | Apr 2014 | B2 |
| 8700768 | Benari | Apr 2014 | B2 |
| 8719415 | Sirota et al. | May 2014 | B1 |
| 8725702 | Raman et al. | May 2014 | B1 |
| 8756696 | Miller | Jun 2014 | B1 |
| 8769519 | Leitman et al. | Jul 2014 | B2 |
| 8799236 | Azari et al. | Aug 2014 | B1 |
| 8799879 | Wright et al. | Aug 2014 | B2 |
| 8806468 | Meijer et al. | Aug 2014 | B2 |
| 8819679 | Agarwal et al. | Aug 2014 | B2 |
| 8825863 | Hansson et al. | Sep 2014 | B2 |
| 8825964 | Sopka et al. | Sep 2014 | B1 |
| 8839035 | Dimitrovich et al. | Sep 2014 | B1 |
| 8850432 | Mcgrath et al. | Sep 2014 | B2 |
| 8874952 | Tameshige et al. | Oct 2014 | B2 |
| 8904008 | Calder et al. | Dec 2014 | B2 |
| 8997093 | Dimitrov | Mar 2015 | B2 |
| 9027087 | Ishaya et al. | May 2015 | B2 |
| 9038068 | Engle et al. | May 2015 | B2 |
| 9052935 | Rajaa | Jun 2015 | B1 |
| 9086897 | Oh et al. | Jul 2015 | B2 |
| 9092837 | Bala et al. | Jul 2015 | B2 |
| 9098528 | Wang | Aug 2015 | B2 |
| 9110732 | Forschmiedt et al. | Aug 2015 | B1 |
| 9110770 | Raju et al. | Aug 2015 | B1 |
| 9111037 | Nalis et al. | Aug 2015 | B1 |
| 9112813 | Jackson | Aug 2015 | B2 |
| 9141410 | Leafe et al. | Sep 2015 | B2 |
| 9146764 | Wagner | Sep 2015 | B1 |
| 9152406 | De et al. | Oct 2015 | B2 |
| 9164754 | Pohlack | Oct 2015 | B1 |
| 9183019 | Kruglick | Nov 2015 | B2 |
| 9208007 | Harper et al. | Dec 2015 | B2 |
| 9218190 | Anand et al. | Dec 2015 | B2 |
| 9223561 | Orveillon et al. | Dec 2015 | B2 |
| 9223966 | Satish et al. | Dec 2015 | B1 |
| 9250893 | Blahaerath et al. | Feb 2016 | B2 |
| 9268586 | Voccio et al. | Feb 2016 | B2 |
| 9298633 | Zhao et al. | Mar 2016 | B1 |
| 9317689 | Aissi | Apr 2016 | B2 |
| 9323556 | Wagner | Apr 2016 | B2 |
| 9361145 | Wilson et al. | Jun 2016 | B1 |
| 9413626 | Reque et al. | Aug 2016 | B2 |
| 9436555 | Dornemann et al. | Sep 2016 | B2 |
| 9461996 | Hayton et al. | Oct 2016 | B2 |
| 9471775 | Wagner et al. | Oct 2016 | B1 |
| 9483335 | Wagner et al. | Nov 2016 | B1 |
| 9489227 | Oh et al. | Nov 2016 | B2 |
| 9497136 | Ramarao et al. | Nov 2016 | B1 |
| 9501345 | Lietz et al. | Nov 2016 | B1 |
| 9514037 | Dow et al. | Dec 2016 | B1 |
| 9537788 | Reque et al. | Jan 2017 | B2 |
| 9575798 | Terayama et al. | Feb 2017 | B2 |
| 9588790 | Wagner et al. | Mar 2017 | B1 |
| 9594590 | Hsu | Mar 2017 | B2 |
| 9596350 | Dymshyts et al. | Mar 2017 | B1 |
| 9600312 | Wagner et al. | Mar 2017 | B2 |
| 9628332 | Bruno, Jr. et al. | Apr 2017 | B2 |
| 9635132 | Lin et al. | Apr 2017 | B1 |
| 9652306 | Wagner et al. | May 2017 | B1 |
| 9652617 | Evans et al. | May 2017 | B1 |
| 9654508 | Barton et al. | May 2017 | B2 |
| 9661011 | Van Horenbeeck et al. | May 2017 | B1 |
| 9678773 | Wagner et al. | Jun 2017 | B1 |
| 9678778 | Youseff | Jun 2017 | B1 |
| 9703681 | Taylor et al. | Jul 2017 | B2 |
| 9715402 | Wagner et al. | Jul 2017 | B2 |
| 9727725 | Wagner et al. | Aug 2017 | B2 |
| 9733967 | Wagner et al. | Aug 2017 | B2 |
| 9760387 | Wagner et al. | Sep 2017 | B2 |
| 9767271 | Ghose | Sep 2017 | B2 |
| 9785476 | Wagner et al. | Oct 2017 | B2 |
| 9787779 | Frank et al. | Oct 2017 | B2 |
| 9811363 | Wagner | Nov 2017 | B1 |
| 9811434 | Wagner | Nov 2017 | B1 |
| 9830175 | Wagner | Nov 2017 | B1 |
| 9830193 | Wagner et al. | Nov 2017 | B1 |
| 9830449 | Wagner | Nov 2017 | B1 |
| 9864636 | Patel et al. | Jan 2018 | B1 |
| 9910713 | Wisniewski et al. | Mar 2018 | B2 |
| 9921864 | Singaravelu et al. | Mar 2018 | B2 |
| 9928108 | Wagner et al. | Mar 2018 | B1 |
| 9929916 | Subramanian et al. | Mar 2018 | B1 |
| 9930103 | Thompson | Mar 2018 | B2 |
| 9930133 | Susarla et al. | Mar 2018 | B2 |
| 9952896 | Wagner et al. | Apr 2018 | B2 |
| 9977691 | Marriner et al. | May 2018 | B2 |
| 9979817 | Huang et al. | May 2018 | B2 |
| 10002026 | Wagner | Jun 2018 | B1 |
| 10013267 | Wagner et al. | Jul 2018 | B1 |
| 10042660 | Wagner et al. | Aug 2018 | B2 |
| 10048974 | Wagner et al. | Aug 2018 | B1 |
| 10061613 | Brooker et al. | Aug 2018 | B1 |
| 10067801 | Wagner | Sep 2018 | B1 |
| 10102040 | Marriner et al. | Oct 2018 | B2 |
| 10108443 | Wagner et al. | Oct 2018 | B2 |
| 10139876 | Lu et al. | Nov 2018 | B2 |
| 10140137 | Wagner | Nov 2018 | B2 |
| 10162672 | Wagner et al. | Dec 2018 | B2 |
| 10162688 | Wagner | Dec 2018 | B2 |
| 10203990 | Wagner et al. | Feb 2019 | B2 |
| 10248467 | Wisniewski et al. | Apr 2019 | B2 |
| 10277708 | Wagner et al. | Apr 2019 | B2 |
| 10303492 | Wagner et al. | May 2019 | B1 |
| 10353678 | Wagner | Jul 2019 | B1 |
| 10353746 | Reque et al. | Jul 2019 | B2 |
| 10365985 | Wagner | Jul 2019 | B2 |
| 10387177 | Wagner et al. | Aug 2019 | B2 |
| 10402231 | Marriner et al. | Sep 2019 | B2 |
| 10437629 | Wagner et al. | Oct 2019 | B2 |
| 10445140 | Sagar et al. | Oct 2019 | B1 |
| 10528390 | Brooker et al. | Jan 2020 | B2 |
| 10552193 | Wagner et al. | Feb 2020 | B2 |
| 10564946 | Wagner et al. | Feb 2020 | B1 |
| 10572375 | Wagner | Feb 2020 | B1 |
| 10592269 | Wagner et al. | Mar 2020 | B2 |
| 10623476 | Thompson | Apr 2020 | B2 |
| 10649749 | Brooker et al. | May 2020 | B1 |
| 10691498 | Wagner | Jun 2020 | B2 |
| 20010044817 | Asano et al. | Nov 2001 | A1 |
| 20020120685 | Srivastava et al. | Aug 2002 | A1 |
| 20020172273 | Baker et al. | Nov 2002 | A1 |
| 20030071842 | King et al. | Apr 2003 | A1 |
| 20030084434 | Ren | May 2003 | A1 |
| 20030191795 | Bernardin et al. | Oct 2003 | A1 |
| 20030229794 | James, II et al. | Dec 2003 | A1 |
| 20040003087 | Chambliss et al. | Jan 2004 | A1 |
| 20040044721 | Song et al. | Mar 2004 | A1 |
| 20040049768 | Matsuyama et al. | Mar 2004 | A1 |
| 20040098154 | McCarthy | May 2004 | A1 |
| 20040158551 | Santosuosso | Aug 2004 | A1 |
| 20040205493 | Simpson et al. | Oct 2004 | A1 |
| 20040249947 | Novaes et al. | Dec 2004 | A1 |
| 20040268358 | Darling et al. | Dec 2004 | A1 |
| 20050027611 | Wharton | Feb 2005 | A1 |
| 20050044301 | Vasilevsky et al. | Feb 2005 | A1 |
| 20050120160 | Plouffe et al. | Jun 2005 | A1 |
| 20050132167 | Longobardi | Jun 2005 | A1 |
| 20050132368 | Sexton et al. | Jun 2005 | A1 |
| 20050149535 | Frey et al. | Jul 2005 | A1 |
| 20050193113 | Kokusho et al. | Sep 2005 | A1 |
| 20050193283 | Reinhardt et al. | Sep 2005 | A1 |
| 20050237948 | Wan et al. | Oct 2005 | A1 |
| 20050257051 | Richard | Nov 2005 | A1 |
| 20060080678 | Bailey et al. | Apr 2006 | A1 |
| 20060123066 | Jacobs et al. | Jun 2006 | A1 |
| 20060129684 | Datta | Jun 2006 | A1 |
| 20060184669 | Vaidyanathan et al. | Aug 2006 | A1 |
| 20060200668 | Hybre et al. | Sep 2006 | A1 |
| 20060212332 | Jackson | Sep 2006 | A1 |
| 20060242647 | Kimbrel et al. | Oct 2006 | A1 |
| 20060248195 | Toumura et al. | Nov 2006 | A1 |
| 20070033085 | Johnson | Feb 2007 | A1 |
| 20070094396 | Takano et al. | Apr 2007 | A1 |
| 20070130341 | Ma | Jun 2007 | A1 |
| 20070174419 | O'Connell et al. | Jul 2007 | A1 |
| 20070192082 | Gaos et al. | Aug 2007 | A1 |
| 20070199000 | Shekhel et al. | Aug 2007 | A1 |
| 20070220009 | Morris et al. | Sep 2007 | A1 |
| 20070240160 | Paterson-Jones | Oct 2007 | A1 |
| 20070255604 | Seelig | Nov 2007 | A1 |
| 20080028409 | Cherkasova et al. | Jan 2008 | A1 |
| 20080052401 | Bugenhagen et al. | Feb 2008 | A1 |
| 20080052725 | Stoodley et al. | Feb 2008 | A1 |
| 20080082977 | Araujo et al. | Apr 2008 | A1 |
| 20080104247 | Venkatakrishnan et al. | May 2008 | A1 |
| 20080104608 | Hyser et al. | May 2008 | A1 |
| 20080115143 | Shimizu et al. | May 2008 | A1 |
| 20080126110 | Haeberle et al. | May 2008 | A1 |
| 20080126486 | Heist | May 2008 | A1 |
| 20080127125 | Anckaert et al. | May 2008 | A1 |
| 20080147893 | Marripudi et al. | Jun 2008 | A1 |
| 20080189468 | Schmidt et al. | Aug 2008 | A1 |
| 20080195369 | Duyanovich et al. | Aug 2008 | A1 |
| 20080201568 | Quinn et al. | Aug 2008 | A1 |
| 20080201711 | Amir Husain | Aug 2008 | A1 |
| 20080209423 | Hirai | Aug 2008 | A1 |
| 20090006897 | Sarsfield | Jan 2009 | A1 |
| 20090013153 | Hilton | Jan 2009 | A1 |
| 20090025009 | Brunswig et al. | Jan 2009 | A1 |
| 20090005581 | Kondur | Feb 2009 | A1 |
| 20090055829 | Gibson | Feb 2009 | A1 |
| 20090070355 | Cadarette et al. | Mar 2009 | A1 |
| 20090077569 | Appleton et al. | Mar 2009 | A1 |
| 20090125902 | Ghosh et al. | May 2009 | A1 |
| 20090158275 | Wang et al. | Jun 2009 | A1 |
| 20090177860 | Zhu et al. | Jul 2009 | A1 |
| 20090183162 | Kindel et al. | Jul 2009 | A1 |
| 20090193410 | Arthursson et al. | Jul 2009 | A1 |
| 20090198769 | Keller et al. | Aug 2009 | A1 |
| 20090204960 | Ben-yehuda et al. | Aug 2009 | A1 |
| 20090204964 | Foley et al. | Aug 2009 | A1 |
| 20090222922 | Sidiroglou et al. | Sep 2009 | A1 |
| 20090271472 | Scheifler et al. | Oct 2009 | A1 |
| 20090288084 | Astete et al. | Nov 2009 | A1 |
| 20090300599 | Piotrowski | Dec 2009 | A1 |
| 20100023940 | Iwamatsu et al. | Jan 2010 | A1 |
| 20100031274 | Sim-Tang | Feb 2010 | A1 |
| 20100031325 | Maigne et al. | Feb 2010 | A1 |
| 20100036925 | Haffner | Feb 2010 | A1 |
| 20100058342 | Machida | Mar 2010 | A1 |
| 20100058351 | Yahagi | Mar 2010 | A1 |
| 20100064299 | Kacin et al. | Mar 2010 | A1 |
| 20100070678 | Zhang et al. | Mar 2010 | A1 |
| 20100070725 | Prahlad et al. | Mar 2010 | A1 |
| 20100094816 | Groves, Jr. et al. | Apr 2010 | A1 |
| 20100106926 | Kandasamy et al. | Apr 2010 | A1 |
| 20100114825 | Siddegowda | May 2010 | A1 |
| 20100115098 | De Baer et al. | May 2010 | A1 |
| 20100122343 | Ghosh | May 2010 | A1 |
| 20100131936 | Cheriton | May 2010 | A1 |
| 20100131959 | Spiers et al. | May 2010 | A1 |
| 20100186011 | Magenheimer | Jul 2010 | A1 |
| 20100198972 | Umbehocker | Aug 2010 | A1 |
| 20100199285 | Medovich | Aug 2010 | A1 |
| 20100257116 | Mehta et al. | Oct 2010 | A1 |
| 20100269109 | Cartales | Oct 2010 | A1 |
| 20100312871 | Desantis et al. | Dec 2010 | A1 |
| 20100325727 | Neystadt et al. | Dec 2010 | A1 |
| 20110010722 | Matsuyama | Jan 2011 | A1 |
| 20110029970 | Arasaratnam | Feb 2011 | A1 |
| 20110029984 | Norman et al. | Feb 2011 | A1 |
| 20110040812 | Phillips | Feb 2011 | A1 |
| 20110055378 | Ferris et al. | Mar 2011 | A1 |
| 20110055396 | DeHaan | Mar 2011 | A1 |
| 20110055683 | Jiang | Mar 2011 | A1 |
| 20110078679 | Bozek et al. | Mar 2011 | A1 |
| 20110099204 | Thaler | Apr 2011 | A1 |
| 20110099551 | Fahrig et al. | Apr 2011 | A1 |
| 20110131572 | Elyashev et al. | Jun 2011 | A1 |
| 20110134761 | Smith | Jun 2011 | A1 |
| 20110141124 | Halls et al. | Jun 2011 | A1 |
| 20110153727 | Li | Jun 2011 | A1 |
| 20110153838 | Belkine et al. | Jun 2011 | A1 |
| 20110154353 | Theroux et al. | Jun 2011 | A1 |
| 20110179162 | Mayo et al. | Jul 2011 | A1 |
| 20110184993 | Chawla et al. | Jul 2011 | A1 |
| 20110225277 | Freimuth et al. | Sep 2011 | A1 |
| 20110231680 | Padmanabhan et al. | Sep 2011 | A1 |
| 20110247005 | Benedetti et al. | Oct 2011 | A1 |
| 20110265164 | Lucovsky | Oct 2011 | A1 |
| 20110271276 | Ashok et al. | Nov 2011 | A1 |
| 20110276945 | Chasman et al. | Nov 2011 | A1 |
| 20110314465 | Smith et al. | Dec 2011 | A1 |
| 20110321033 | Kelkar et al. | Dec 2011 | A1 |
| 20110321051 | Rastogi | Dec 2011 | A1 |
| 20120011496 | Shimamura | Jan 2012 | A1 |
| 20120011511 | Horvitz et al. | Jan 2012 | A1 |
| 20120016721 | Weinman | Jan 2012 | A1 |
| 20120041970 | Ghosh et al. | Feb 2012 | A1 |
| 20120054744 | Singh et al. | Mar 2012 | A1 |
| 20120072762 | Atchison et al. | Mar 2012 | A1 |
| 20120072914 | Ota | Mar 2012 | A1 |
| 20120079004 | Herman | Mar 2012 | A1 |
| 20120096271 | Ramarathinam et al. | Apr 2012 | A1 |
| 20120096468 | Chakravorty et al. | Apr 2012 | A1 |
| 20120102307 | Wong | Apr 2012 | A1 |
| 20120102333 | Wong | Apr 2012 | A1 |
| 20120102481 | Mani et al. | Apr 2012 | A1 |
| 20120102493 | Allen et al. | Apr 2012 | A1 |
| 20120110155 | Adlung et al. | May 2012 | A1 |
| 20120110164 | Frey et al. | May 2012 | A1 |
| 20120110570 | Jacobson et al. | May 2012 | A1 |
| 20120110588 | Bieswanger et al. | May 2012 | A1 |
| 20120131379 | Tameshige et al. | May 2012 | A1 |
| 20120144290 | Goldman et al. | Jun 2012 | A1 |
| 20120166624 | Suit et al. | Jun 2012 | A1 |
| 20120192184 | Burckart et al. | Jul 2012 | A1 |
| 20120197795 | Campbell et al. | Aug 2012 | A1 |
| 20120197958 | Nightingale et al. | Aug 2012 | A1 |
| 20120198442 | Kashyap et al. | Aug 2012 | A1 |
| 20120222038 | Katragadda et al. | Aug 2012 | A1 |
| 20120233464 | Miller et al. | Sep 2012 | A1 |
| 20120331113 | Jain et al. | Dec 2012 | A1 |
| 20130014101 | Ballani et al. | Jan 2013 | A1 |
| 20130042234 | DeLuca et al. | Feb 2013 | A1 |
| 20130054804 | Jana et al. | Feb 2013 | A1 |
| 20130054927 | Raj et al. | Feb 2013 | A1 |
| 20130055262 | Lubsey et al. | Feb 2013 | A1 |
| 20130061208 | Tsao et al. | Mar 2013 | A1 |
| 20130061220 | Gnanasambandam et al. | Mar 2013 | A1 |
| 20130067494 | Srour et al. | Mar 2013 | A1 |
| 20130080641 | Lui et al. | Mar 2013 | A1 |
| 20130097601 | Podvratnik et al. | Apr 2013 | A1 |
| 20130111032 | Alapati et al. | May 2013 | A1 |
| 20130111469 | B et al. | May 2013 | A1 |
| 20130124807 | Nielsen et al. | May 2013 | A1 |
| 20130132942 | Wang | May 2013 | A1 |
| 20130139152 | Chang et al. | May 2013 | A1 |
| 20130139166 | Zhang et al. | May 2013 | A1 |
| 20130151648 | Luna | Jun 2013 | A1 |
| 20130152047 | Moorthi et al. | Jun 2013 | A1 |
| 20130152200 | Alme | Jun 2013 | A1 |
| 20130179574 | Calder et al. | Jul 2013 | A1 |
| 20130179881 | Calder et al. | Jul 2013 | A1 |
| 20130179894 | Calder et al. | Jul 2013 | A1 |
| 20130179895 | Calder et al. | Jul 2013 | A1 |
| 20130185719 | Kar et al. | Jul 2013 | A1 |
| 20130185729 | Vasic et al. | Jul 2013 | A1 |
| 20130191924 | Tedesco | Jul 2013 | A1 |
| 20130022771 | Barak et al. | Aug 2013 | A1 |
| 20130198319 | Shen et al. | Aug 2013 | A1 |
| 20130198743 | Kruglick | Aug 2013 | A1 |
| 20130198748 | Sharp et al. | Aug 2013 | A1 |
| 20130198763 | Kunze et al. | Aug 2013 | A1 |
| 20130205092 | Roy et al. | Aug 2013 | A1 |
| 20130219390 | Lee et al. | Aug 2013 | A1 |
| 20130227097 | Yasuda et al. | Aug 2013 | A1 |
| 20130227534 | Ike et al. | Aug 2013 | A1 |
| 20130227563 | McGrath | Aug 2013 | A1 |
| 20130227641 | White et al. | Aug 2013 | A1 |
| 20130232480 | Winterfeldt et al. | Sep 2013 | A1 |
| 20130239125 | Iorio | Sep 2013 | A1 |
| 20130262556 | Xu et al. | Oct 2013 | A1 |
| 20130263117 | Konik et al. | Oct 2013 | A1 |
| 20130275376 | Hudlow et al. | Oct 2013 | A1 |
| 20130275958 | Ivanov et al. | Oct 2013 | A1 |
| 20130275969 | Dimitrov | Oct 2013 | A1 |
| 20130275975 | Masuda et al. | Oct 2013 | A1 |
| 20130283176 | Hoole et al. | Oct 2013 | A1 |
| 20130290538 | Gmach et al. | Oct 2013 | A1 |
| 20130291087 | Kailash et al. | Oct 2013 | A1 |
| 20130297964 | Hegdal et al. | Nov 2013 | A1 |
| 20130311650 | Brandwine et al. | Nov 2013 | A1 |
| 20130326506 | McGrath et al. | Dec 2013 | A1 |
| 20130339950 | Ramarathinam et al. | Dec 2013 | A1 |
| 20130346470 | Obstfeld et al. | Dec 2013 | A1 |
| 20130346946 | Pinnix | Dec 2013 | A1 |
| 20130346964 | Nobuoka et al. | Dec 2013 | A1 |
| 20130346987 | Raney et al. | Dec 2013 | A1 |
| 20130346994 | Chen et al. | Dec 2013 | A1 |
| 20130347095 | Barjatiya et al. | Dec 2013 | A1 |
| 20140007097 | Chin et al. | Jan 2014 | A1 |
| 20140019523 | Heymann et al. | Jan 2014 | A1 |
| 20140019735 | Menon et al. | Jan 2014 | A1 |
| 20140019965 | Neuse et al. | Jan 2014 | A1 |
| 20140019966 | Neuse et al. | Jan 2014 | A1 |
| 20140040343 | Nickolov et al. | Feb 2014 | A1 |
| 20140040857 | Trinchini et al. | Feb 2014 | A1 |
| 20140040880 | Brownlow et al. | Feb 2014 | A1 |
| 20140059209 | Alnoor | Feb 2014 | A1 |
| 20140059226 | Messerli et al. | Feb 2014 | A1 |
| 20140059552 | Cunningham et al. | Feb 2014 | A1 |
| 20140068568 | Wisnovsky | Mar 2014 | A1 |
| 20140068611 | McGrath et al. | Mar 2014 | A1 |
| 20140081984 | Sitsky et al. | Mar 2014 | A1 |
| 20140082165 | Marr et al. | Mar 2014 | A1 |
| 20140082201 | Shankari et al. | Mar 2014 | A1 |
| 20140101649 | Kamble et al. | Apr 2014 | A1 |
| 20140108722 | Lipchuk et al. | Apr 2014 | A1 |
| 20140109087 | Jujare et al. | Apr 2014 | A1 |
| 20140109088 | Dournov et al. | Apr 2014 | A1 |
| 20140129667 | Ozawa | May 2014 | A1 |
| 20140130040 | Lemanski | May 2014 | A1 |
| 20140137110 | Engle et al. | May 2014 | A1 |
| 20140173614 | Konik et al. | Jun 2014 | A1 |
| 20140173616 | Bird et al. | Jun 2014 | A1 |
| 20140180862 | Certain et al. | Jun 2014 | A1 |
| 20140189677 | Curzi et al. | Jul 2014 | A1 |
| 20140201735 | Kannan et al. | Jul 2014 | A1 |
| 20140207912 | Thibeault | Jul 2014 | A1 |
| 20140215073 | Dow et al. | Jul 2014 | A1 |
| 20140229221 | Shih et al. | Aug 2014 | A1 |
| 20140245297 | Hackett | Aug 2014 | A1 |
| 20140279581 | Devereaux | Sep 2014 | A1 |
| 20140280325 | Krishnamurthy et al. | Sep 2014 | A1 |
| 20140282559 | Verduzco et al. | Sep 2014 | A1 |
| 20140282615 | Cavage et al. | Sep 2014 | A1 |
| 20140282629 | Gupta et al. | Sep 2014 | A1 |
| 20140283045 | Brandwine et al. | Sep 2014 | A1 |
| 20140289286 | Gusak | Sep 2014 | A1 |
| 20140298295 | Overbeck | Oct 2014 | A1 |
| 20140304698 | Chigurapati et al. | Oct 2014 | A1 |
| 20140304815 | Maeda | Oct 2014 | A1 |
| 20140317617 | O'Donnell | Oct 2014 | A1 |
| 20140344457 | Bruno, Jr. et al. | Nov 2014 | A1 |
| 20140344736 | Ryman et al. | Nov 2014 | A1 |
| 20140380085 | Rash et al. | Dec 2014 | A1 |
| 20150033241 | Jackson et al. | Jan 2015 | A1 |
| 20150039891 | Ignatchenko et al. | Feb 2015 | A1 |
| 20150040229 | Chan et al. | Feb 2015 | A1 |
| 20150046926 | Kenchammana-Hosekote et al. | Feb 2015 | A1 |
| 20150052258 | Johnson et al. | Feb 2015 | A1 |
| 20150058914 | Yadav | Feb 2015 | A1 |
| 20150067830 | Johansson et al. | Mar 2015 | A1 |
| 20150074659 | Madsen et al. | Mar 2015 | A1 |
| 20150081885 | Thomas et al. | Mar 2015 | A1 |
| 20150106805 | Melander et al. | Apr 2015 | A1 |
| 20150120928 | Gummaraju et al. | Apr 2015 | A1 |
| 20150134626 | Theimer et al. | May 2015 | A1 |
| 20150135287 | Medeiros et al. | May 2015 | A1 |
| 20150142952 | Bragstad et al. | May 2015 | A1 |
| 20150143381 | Chin et al. | May 2015 | A1 |
| 20150178110 | Li et al. | Jun 2015 | A1 |
| 20150186129 | Apte et al. | Jul 2015 | A1 |
| 20150188775 | Van Der Walt et al. | Jul 2015 | A1 |
| 20150199218 | Wilson et al. | Jul 2015 | A1 |
| 20150205596 | Hiltegen et al. | Jul 2015 | A1 |
| 20150227598 | Hahn et al. | Aug 2015 | A1 |
| 20150235144 | Gusev et al. | Aug 2015 | A1 |
| 20150242225 | Muller et al. | Aug 2015 | A1 |
| 20150254248 | Burns et al. | Sep 2015 | A1 |
| 20150256621 | Noda et al. | Sep 2015 | A1 |
| 20150261578 | Greden et al. | Sep 2015 | A1 |
| 20150289220 | Kim et al. | Oct 2015 | A1 |
| 20150309923 | Iwata et al. | Oct 2015 | A1 |
| 20150319160 | Ferguson et al. | Nov 2015 | A1 |
| 20150324229 | Valine | Nov 2015 | A1 |
| 20150332048 | Mooring et al. | Nov 2015 | A1 |
| 20150332195 | Jue | Nov 2015 | A1 |
| 20150350701 | Lemus et al. | Dec 2015 | A1 |
| 20150356294 | Tan et al. | Dec 2015 | A1 |
| 20150363181 | Alberti et al. | Dec 2015 | A1 |
| 20150370560 | Tan et al. | Dec 2015 | A1 |
| 20150371244 | Neuse et al. | Dec 2015 | A1 |
| 20150378762 | Saladi et al. | Dec 2015 | A1 |
| 20150378764 | Sivasubramanian et al. | Dec 2015 | A1 |
| 20150378765 | Singh et al. | Dec 2015 | A1 |
| 20150379167 | Griffith et al. | Dec 2015 | A1 |
| 20160011901 | Hurwitz et al. | Jan 2016 | A1 |
| 20160012099 | Tuatini et al. | Jan 2016 | A1 |
| 20160019536 | Ortiz et al. | Jan 2016 | A1 |
| 20160026486 | Abdallah | Jan 2016 | A1 |
| 20160048606 | Rubinstein et al. | Feb 2016 | A1 |
| 20160072727 | Leafe et al. | Mar 2016 | A1 |
| 20160077901 | Roth et al. | Mar 2016 | A1 |
| 20160098285 | Davis et al. | Apr 2016 | A1 |
| 20160100036 | Lo et al. | Apr 2016 | A1 |
| 20160117254 | Susarla et al. | Apr 2016 | A1 |
| 20160124665 | Jain et al. | May 2016 | A1 |
| 20160140180 | Park et al. | May 2016 | A1 |
| 20160191420 | Nagarajan et al. | Jun 2016 | A1 |
| 20160212007 | Alatorre et al. | Jul 2016 | A1 |
| 20160285906 | Fine et al. | Sep 2016 | A1 |
| 20160292016 | Bussard et al. | Oct 2016 | A1 |
| 20160294614 | Searle et al. | Oct 2016 | A1 |
| 20160306613 | Busi et al. | Oct 2016 | A1 |
| 20160350099 | Suparna et al. | Dec 2016 | A1 |
| 20160357536 | Firlik et al. | Dec 2016 | A1 |
| 20160364265 | Cao et al. | Dec 2016 | A1 |
| 20160371127 | Antony et al. | Dec 2016 | A1 |
| 20160371156 | Merriman | Dec 2016 | A1 |
| 20160378449 | Khazanchi et al. | Dec 2016 | A1 |
| 20160378554 | Gummaraju et al. | Dec 2016 | A1 |
| 20170041309 | Ekambaram et al. | Feb 2017 | A1 |
| 20170060615 | Thakkar et al. | Mar 2017 | A1 |
| 20170060621 | Whipple et al. | Mar 2017 | A1 |
| 20170068574 | Cherkasova et al. | Mar 2017 | A1 |
| 20170075749 | Ambichl et al. | Mar 2017 | A1 |
| 20170083381 | Cong et al. | Mar 2017 | A1 |
| 20170085447 | Chen et al. | Mar 2017 | A1 |
| 20170085591 | Ganda et al. | Mar 2017 | A1 |
| 20170093684 | Jayaraman et al. | Mar 2017 | A1 |
| 20170093920 | Ducatel et al. | Mar 2017 | A1 |
| 20170230499 | Mumick et al. | Aug 2017 | A1 |
| 20170272462 | Kraemer et al. | Sep 2017 | A1 |
| 20170286143 | Wagner et al. | Oct 2017 | A1 |
| 20170371724 | Wagner et al. | Dec 2017 | A1 |
| 20180046453 | Nair et al. | Feb 2018 | A1 |
| 20180046482 | Karve et al. | Feb 2018 | A1 |
| 20180060221 | Yim et al. | Mar 2018 | A1 |
| 20180067841 | Mahimkar | Mar 2018 | A1 |
| 20180068115 | Golovkin | Mar 2018 | A1 |
| 20180121245 | Wagner et al. | May 2018 | A1 |
| 20180143865 | Wagner et al. | May 2018 | A1 |
| 20180239636 | Arora et al. | Aug 2018 | A1 |
| 20180253333 | Gupta | Sep 2018 | A1 |
| 20180275987 | Vandeputte | Sep 2018 | A1 |
| 20190072529 | Andrawes et al. | Mar 2019 | A1 |
| 20190108058 | Wagner et al. | Apr 2019 | A1 |
| 20190155629 | Wagner et al. | May 2019 | A1 |
| 20190171470 | Wagner | Jun 2019 | A1 |
| 20190196884 | Wagner | Jun 2019 | A1 |
| 20190227849 | Wisniewski et al. | Jul 2019 | A1 |
| 20190384647 | Reque et al. | Dec 2019 | A1 |
| 20190391834 | Mullen et al. | Dec 2019 | A1 |
| 20190391841 | Mullen et al. | Dec 2019 | A1 |
| 20200057680 | Marriner et al. | Feb 2020 | A1 |
| 20200104198 | Hussels et al. | Apr 2020 | A1 |
| 20200104378 | Wagner et al. | Apr 2020 | A1 |
| 20200192707 | Brooker et al. | Jun 2020 | A1 |
| Number | Date | Country |
|---|---|---|
| 2663052 | Nov 2013 | EP |
| 2002287974 | Oct 2002 | JP |
| 2006-107599 | Apr 2006 | JP |
| 2007-538323 | Dec 2007 | JP |
| 2010-026562 | Feb 2010 | JP |
| 2011-233146 | Nov 2011 | JP |
| 2011257847 | Dec 2011 | JP |
| 2013-156996 | Aug 2013 | JP |
| 2014-525624 | Sep 2014 | JP |
| 2017-534107 | Nov 2017 | JP |
| 2017-534967 | Nov 2017 | JP |
| 2018-503896 | Feb 2018 | JP |
| 2018-512087 | May 2018 | JP |
| 2018-536213 | Dec 2018 | JP |
| WO 2008114454 | Sep 2008 | WO |
| WO 2009137567 | Nov 2009 | WO |
| WO 2012039834 | Mar 2012 | WO |
| WO 2012050772 | Apr 2012 | WO |
| WO 2013106257 | Jul 2013 | WO |
| WO 2015078394 | Jun 2015 | WO |
| WO 2015108539 | Jul 2015 | WO |
| WO 2016053950 | Apr 2016 | WO |
| WO 2016053968 | Apr 2016 | WO |
| WO 2016053973 | Apr 2016 | WO |
| WO 2016090292 | Jun 2016 | WO |
| WO 2016126731 | Aug 2016 | WO |
| WO 2016164633 | Oct 2016 | WO |
| WO 2016164638 | Oct 2016 | WO |
| WO 2017059248 | Apr 2017 | WO |
| WO 2017112526 | Jun 2017 | WO |
| WO 2017172440 | Oct 2017 | WO |
| WO 2020005764 | Jan 2020 | WO |
| WO 2020069104 | Apr 2020 | WO |
| Entry |
|---|
| Anonymous: “Docker run reference”, Dec. 7, 2015, XP055350246, Retrieved from the Internet: URL:https://web.archive.org/web/20151207111702/https:/docs.docker.com/engine/reference/run/ [retrieved on Feb. 28, 2017]. |
| Adapter Pattern, Wikipedia, https://en.wikipedia.org/w/index.php?title=Adapter_pattern&oldid=654971255, [retrieved May 26, 2016], 6 pages. |
| Amazon, “AWS Lambda: Developer Guide”, Retrieved from the Internet, Jun. 26, 2016, URL : http://docs.aws.amazon.com/lambda/ latest/dg/lambda-dg.pdf, 346 pages. |
| Amazon, “AWS Lambda: Developer Guide”, Retrieved from the Internet, 2019, URL : http://docs.aws.amazon.com/lambda/ latest/dg/lambda-dg.pdf, 521 pages. |
| Balazinska et al., Moirae: History-Enhanced Monitoring, Published: 2007, 12 pages. |
| Ben-Yehuda et al., “Deconstructing Amazon EC2 Spot Instance Pricing”, ACM Transactions on Economics and Computation 1.3, 2013, 15 pages. |
| Bhadani et al., Performance evaluation of web servers using central load balancing policy over virtual machines on cloud, Jan. 2010, 4 pages. |
| CodeChef ADMIN discussion web page, retrieved from https://discuss.codechef.com/t/what-are-the-memory-limit-and-stack-size-on-codechef/14159, 2019. |
| CodeChef IDE web page, Code, Compile & Run, retrieved from https://www.codechef.com/ide, 2019. |
| Czajkowski, G., and L. Daynes, Multitasking Without Compromise: A Virtual Machine Evolution 47(4a):60-73, ACM SIGPLAN Notices—Supplemental Issue, Apr. 2012. |
| Das et al., Adaptive Stream Processing using Dynamic Batch Sizing, 2014, 13 pages. |
| Deis, Container, 2014, 1 page. |
| Dombrowski, M., et al., Dynamic Monitor Allocation in the Java Virtual Machine, JTRES '13, Oct. 9-11, 2013, pp. 30-37. |
| Dynamic HTML, Wikipedia page from date Mar. 27, 2015, retrieved using the WayBackMachine, from https://web.archive.org/web/20150327215418/https://en.wikipedia.org/wiki/Dynamic_HTML, 2015, 6 pages. |
| Espadas, J., et al., A Tenant-Based Resource Allocation Model for Scaling Software-as-a-Service Applications Over Cloud Computing Infrastructures, Future Generation Computer Systems, vol. 29, pp. 273-286, 2013. |
| Han et al., Lightweight Resource Scaling for Cloud Applications, 2012, 8 pages. |
| Hoffman, Auto scaling your website with Amazon Web Services (AWS)—Part 2, Cardinalpath, Sep. 2015, 15 pages. |
| http://discuss.codechef.com discussion web page from date Nov. 11, 2012, retrieved using the WayBackMachine, from https://web.archive.org/web/20121111040051/http://discuss.codechef.com/questions/2881 /why-are-simple-java-programs-using-up-so-much-space, 2012. |
| https://www.codechef.com code error help page from Jan. 2014, retrieved from https://www.codechef.com/JAN14/status/ERROR,va123, 2014. |
| http://www.codechef.com/ide web page from date Apr. 5, 2015, retrieved using the WayBackMachine, from https://web.archive.org/web/20150405045518/http://www.codechef.com/ide, 2015. |
| Kamga et al., Extended scheduler for efficient frequency scaling in virtualized systems, Jul. 2012, 8 pages. |
| Kato, et al. “Web Service Conversion Architecture of the Web Application and Evaluation”; Research Report from Information Processing Society, Apr. 3, 2006 with Machine Translation. |
| Kazempour et al., AASH: an asymmetry-aware scheduler for hypervisors, Jul. 2010, 12 pages. |
| Kraft et al., 10 performance prediction in consolidated virtualized environments, Mar. 2011, 12 pages. |
| Krsul et al., “VMPlants: Providing and Managing Virtual Machine Execution Environments for Grid Computing”, Supercomputing, 2004. Proceedings of the ACM/IEEESC 2004 Conference Pittsburgh, PA, XP010780332, Nov. 6-12, 2004, 12 pages. |
| Meng et al., Efficient resource provisioning in compute clouds via VM multiplexing, Jun. 2010, 10 pages. |
| Merkel, “Docker: Lightweight Linux Containers for Consistent Development and Deployment”, Linux Journal, vol. 2014 Issue 239, Mar. 2014, XP055171140, 16 pages. |
| Monteil, Coupling profile and historical methods to predict execution time of parallel applications. Parallel and Cloud Computing, 2013, <hal-01228236, pp. 81-89. |
| Nakajima, J., et al., Optimizing Virtual Machines Using Hybrid Virtualization, SAC '11, Mar. 21-25, 2011, TaiChung, Taiwan, pp. 573-578. |
| Qian, H., and D. Medhi, et al., Estimating Optimal Cost of Allocating Virtualized Resources With Dynamic Demand, ITC 2011, Sep. 2011, pp. 320-321. |
| Sakamoto, et al. “Platform for Web Services using Proxy Server”; Research Report from Information Processing Society, Mar. 22, 2002, vol. 2002, No. 31. |
| Shim (computing), Wikipedia, https://en.wikipedia.org/w/index.php?title+Shim_(computing)&oldid+654971528, [retrieved on May 26, 2016], 2 pages. |
| Stack Overflow, Creating a database connection pool, 2009, 4 pages. |
| Tan et al., Provisioning for large scale cloud computing services, Jun. 2012, 2 pages. |
| Tange, “GNU Parallel: The Command-Line Power Tool”, vol. 36, No. 1, Jan. 1, 1942, pp. 42-47. |
| Vaghani, S.B., Virtual Machine File System, ACM SIGOPS Operating Systems Review 44(4):57-70, Dec. 2010. |
| Vaquero, L., et al., Dynamically Scaling Applications in the cloud, ACM SIGCOMM Computer Communication Review 41 (1 ):45-52, Jan. 2011. |
| Wang et al., “Improving utilization through dynamic VM resource allocation in hybrid cloud environment”, Parallel and Distributed V Systems (ICPADS), IEEE, 2014. Retrieved on Feb. 14, 2019, Retrieved from the internet: URL<https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7097814, 8 pages. |
| Wikipedia “API” pages from date Apr. 7, 2015, retrieved using the WayBackMachine from https://web.archive.org/web/20150407191158/https://en .wikipedia.org/wiki/Application_programming_interface. |
| Wikipedia List_of_HTTP status_codes web page, retrieved from https://en.wikipedia.org/wiki/List_of_HTTP status_codes, 2019. |
| Wikipedia Recursion web page from date Mar. 26, 2015, retrieved using the WayBackMachine, from https://web.archive.org/web/20150326230100/https://en .wikipedia.org/wiki/Recursion_(computer_science), 2015. |
| Wikipedia subroutine web page, retrieved from https://en.wikipedia.org/wiki/Subroutine, 2019. |
| Wu et al., HC-Midware: A Middleware to Enable High Performance Communication System Simulation in Heterogeneous Cloud, Association for Computing Machinery, Oct. 20-22, 2017, 10 pages. |
| Yamasaki et al. “Model-based resource selection for efficient virtual cluster deployment”, Virtualization Technology in Distributed Computing, ACM, Nov. 2007, pp. 1-7. |
| Yue et al., AC 2012-4107: Using Amazon EC2 in Computer and Network Security Lab Exercises: Design, Results, and Analysis, 2012, American Society for Engineering Education 2012. |
| Zheng, C., and D. Thain, Integrating Containers into Workflows: A Case Study Using Makeflow, Work Queue, and Docker, VTDC '15, Jun. 15, 2015, Portland, Oregon, pp. 31-38. |
| International Search Report and Written Opinion in PCT/US2015/052810 dated Dec. 17, 2015. |
| International Preliminary Report on Patentability in PCT/US2015/052810 dated Apr. 4, 2017. |
| Extended Search Report in European Application No. 15846932.0 dated May 3, 2018. |
| International Search Report and Written Opinion in PCT/US2015/052838 dated Dec. 18, 2015. |
| International Preliminary Report on Patentability in PCT/US2015/052838 dated Apr. 4, 2017. |
| Extended Search Report in European Application No. 15847202.7 dated Sep. 9, 2018. |
| Extended Search Report in European Application No. 19199402.9 dated Mar. 6, 2020. |
| International Search Report and Written Opinion in PCT/US2015/052833 dated Jan. 13, 2016. |
| International Preliminary Report on Patentability in PCT/US2015/052833 dated Apr. 4, 2017. |
| Extended Search Report in European Application No. 15846542.7 dated Aug. 27, 2018. |
| International Search Report and Written Opinion in PCT/US2015/064071 dated Mar. 16, 2016. |
| International Preliminary Report on Patentability in PCT/US2015/064071 dated Jun. 6, 2017. |
| International Search Report and Written Opinion in PCT/US2016/016211 dated Apr. 13, 2016. |
| International Preliminary Report on Patentability in PCT/US2016/016211 dated Aug. 17, 2017. |
| International Search Report and Written Opinion in PCT/US2016/026514 dated Jun. 8, 2016. |
| International Preliminary Report on Patentability in PCT/US2016/026514 dated Oct. 10, 2017. |
| International Search Report and Written Opinion in PCT/US2016/026520 dated Jul. 5, 2016. |
| International Preliminary Report on Patentability in PCT/US2016/026520 dated Oct. 10, 2017. |
| International Search Report and Written Opinion in PCT/US2016/054774 dated Dec. 16, 2016. |
| International Preliminary Report on Patentability in PCT/US2016/054774 dated Apr. 3, 2018. |
| International Search Report and Written Opinion in PCT/US2016/066997 dated Mar. 20, 2017. |
| International Preliminary Report on Patentability in PCT/US2016/066997 dated Jun. 26, 2018. |
| International Search Report and Written Opinion in PCT/US/2017/023564 dated Jun. 6, 2017. |
| International Preliminary Report on Patentability in PCT/US/2017/023564 dated Oct. 2, 2018. |
| International Search Report and Written Opinion in PCT/US2017/040054 dated Sep. 21, 2017. |
| International Preliminary Report on Patentability in PCT/US2017/040054 dated Jan. 1, 2019. |
| International Search Report and Written Opinion in PCT/US2017/039514 dated Oct. 10, 2017. |
| International Preliminary Report on Patentability in PCT/US2017/039514 dated Jan. 1, 2019. |
| Extended European Search Report in application No. 17776325.7 dated Oct. 23, 2019. |
| Office Action in European Application No. 17743108.7 dated Jan. 14, 2020. |
