专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US10248409B1 Limiting the effects of source code patches on corresponding native-code patches 有权
公开(公告)号：US10248409B1
公开(公告)日：2019-04-02
申请号：US14559869
申请日：2014-12-03
申请人： Amazon Technologies, Inc.
发明人： Martin Thomas Pohlack , Uwe Dannowski , Geoffrey Plouviez
IPC分类号： G06F8/656 , G06F8/65 , G06F8/71 , G06F8/658
摘要： A code patching component may insert a binary patch into a native-code representation of a program during execution. Prior to inserting the binary patch, a patch code analysis tool may receive a source code patch for the program, and determine that applying the source code patch would change the binary for the program outside of the patched area (e.g., due to changes in the number of lines, changes in the file names or path information for source code files from which the program is built, or line directives that embed line numbers or file names in the binary for the patched program). The tool may modify the source code patch to limit its effects to the patch area by adding empty lines, merging of lines of code, or forcing a line number change. The tool may filter line directives to match previously embedded file name information.

2. 发明授权

US10706147B1 Mitigating side-channel attacks via shared cache 有权
公开(公告)号：US10706147B1
公开(公告)日：2020-07-07
申请号：US15600460
申请日：2017-05-19
申请人： Amazon Technologies, Inc.
发明人： Martin Thomas Pohlack , Uwe Dannowski
IPC分类号： G06F21/55 , H04L29/06 , G06F21/72 , G06F21/60
摘要： A computer system and associated methods are disclosed for mitigating side-channel attacks using a shared cache. The computer system includes a host having a main memory and a shared cache. The host executes a virtual machine manager (VMM) that supports a plurality of co-located virtual machines (VMs), which can initiate side-channel attacks using the shared cache. The VMM is configured to maintain respective memory maps for the VMs. The VMM is further configured to determine a subset of current host memory pages for a selected VM that can be used in a side-channel attack, relocate the contents of the current host memory pages to replacement host memory pages in the main memory, and modify the subset of entries to change current host memory pages to the respective replacement host memory pages.

3. 发明授权

US09405708B1 Preventing attacks that rely on same-page merging by virtualization environment guests 有权
标题翻译：防止依赖虚拟化环境客户的同页合并的攻击
公开(公告)号：US09405708B1
公开(公告)日：2016-08-02
申请号：US14614077
申请日：2015-02-04
申请人： Amazon Technologies, Inc.
发明人： Martin Thomas Pohlack
IPC分类号： G06F12/14
CPC分类号： G06F21/54
摘要： In a virtualization environment, a guest process may protect itself from potential timing side-channel attacks by other guest processes on the same host machine by taking steps to avoid same-page merging for memory pages that it accesses. Pages that include critical code (e.g., cryptographic functions) or sensitive data (e.g., cryptography keys) may be designated as important pages to protect from such attacks. A placeholder location of a specified size for storing a non-deterministic value (e.g., a random or pseudorandom number) may be inserted into these pages when instantiated, making them unlikely to match pages accessed by other guests. Therefore, the host machine may be unlikely to identify them as pages for which there is a same-page merging opportunity. The values in the placeholder locations may be updated periodically or in response to certain events (e.g., context switches between guests or the detection of same-page merging).
摘要翻译：在虚拟化环境中，访客进程可以通过采取步骤避免其访问的内存页的同页合并来保护自身免受同一主机上的其他访客进程的潜在定时侧信道攻击。可以将包括关键代码（例如加密功能）或敏感数据（例如加密密钥）的页面指定为重要页面以防止这种攻击。用于存储非确定性值（例如，随机或伪随机数）的指定大小的占位符位置可以在实例化时被插入到这些页面中，使得它们不太可能匹配其他访客访问的页面。因此，主机可能不太可能将其识别为具有相同页面合并机会的页面。占位符位置中的值可以周期性地或响应于某些事件（例如，客人之间的上下文切换或检测到同一页面合并）被更新。

4. 发明申请

US20210042044A1 SYSTEM AND METHOD FOR MANAGING MEMORY COMPRESSION SECURITY 有权
公开(公告)号：US20210042044A1
公开(公告)日：2021-02-11
申请号：US17079358
申请日：2020-10-23
申请人： Amazon Technologies, Inc.
发明人： Martin Thomas Pohlack
IPC分类号： G06F3/06 , G06F21/57
摘要： Systems and processes for managing memory compression security to mitigate security risks related to compressed memory page access are disclosed herein. A system for managing memory compression security includes a system memory and a memory manager. The system memory includes an uncompressed region configured to store a plurality of uncompressed memory pages and a compressed region configured to store a plurality of compressed memory pages. The memory manager identifies a memory page in the uncompressed region of the system memory as a candidate for compression and estimate a decompression time for a compressed version of the identified memory page. The memory manager determines whether the estimated decompression time is less than a constant decompression time. The memory manager, based on a determination that the estimated decompression time is less than the constant decompression time, compresses the memory page and writes the compressed memory page in the compressed region.

5. 发明授权

US10572245B1 Identifying versions of running programs using signatures derived from object files 有权
公开(公告)号：US10572245B1
公开(公告)日：2020-02-25
申请号：US15252038
申请日：2016-08-30
申请人： Amazon Technologies, Inc.
发明人： Bjoern Doebel , Konrad Jan Miller , Martin Thomas Pohlack
IPC分类号： G06F8/656 , G06F8/71
摘要： A particular portion of a program which can be read from on-disk representations of the program as well as from memory images of the program is identified for use as a version discriminator. A first representation of the portion may be obtained from a first memory image of the program, corresponding to a first running instance of the program. The first representation may be compared to a second representation obtained at a development environment. Based on the results of the comparison, a particular version of the program corresponding to the first running instance may be identified. An indication of the particular version may be stored.

6. 发明授权

US09106257B1 Checksumming encapsulated network packets 有权
标题翻译：校验和封装的网络数据包
公开(公告)号：US09106257B1
公开(公告)日：2015-08-11
申请号：US13927913
申请日：2013-06-26
申请人： Amazon Technologies, Inc.
发明人： Martin Thomas Pohlack , Eric Jason Brandwine , Matthew Shawn Wilson
IPC分类号： G06F11/10 , H03M13/00 , H03M13/09
CPC分类号： H03M13/09 , H03M13/353 , H04L1/0061
摘要： Methods and apparatus for checksumming network packets encapsulated according to an encapsulation protocol are described in which a single checksum is performed at the encapsulation layer, with checksum generation performed at the source encapsulation layer and checksum validation performed at the destination encapsulation layer. The packet source and packet destination may be informed by the encapsulation layer that a checksum operation is not necessary for the network packets. By performing checksumming at the encapsulation layer, the method may reduce overhead as checksum computation is initiated once rather than twice as in conventional encapsulation techniques. In addition, checksum algorithms may be used that provide stronger error detection or correction than is provided by standard network protocol checksumming, different checksum algorithms may be selected for different paths according to one or more criteria, and checksum operations may be offloaded to hardware.
摘要翻译：描述了根据封装协议封装的网络分组的校验和的方法和装置，其中在封装层执行单个校验和，在源封装层执行校验和生成，并在目的封装层执行校验和验证。分组源和分组目的地可以由封装层通知网络分组不需要校验和操作。通过在封装层执行校验和，该方法可以减少开销，因为校验和计算开始一次，而不是传统封装技术中的两次。此外，可以使用校验和算法，其提供比由标准网络协议校验和提供的更强的错误检测或校正，可以根据一个或多个标准针对不同的路径选择不同的校验和算法，并且校验和操作可以被卸载到硬件。

7. 发明授权

US11200047B2 Identifying versions of running programs using signatures derived from object files 有权
公开(公告)号：US11200047B2
公开(公告)日：2021-12-14
申请号：US16797827
申请日：2020-02-21
申请人： Amazon Technologies, Inc.
发明人： Bjoern Doebel , Konrad Jan Miller , Martin Thomas Pohlack
IPC分类号： G06F8/656 , G06F8/71
摘要： A particular portion of a program which can be read from on-disk representations of the program as well as from memory images of the program is identified for use as a version discriminator. A first representation of the portion may be obtained from a first memory image of the program, corresponding to a first running instance of the program. The first representation may be compared to a second representation obtained at a development environment. Based on the results of the comparison, a particular version of the program corresponding to the first running instance may be identified. An indication of the particular version may be stored.

8. 发明授权

US11017417B1 Using incentives to manage computing resources 有权
公开(公告)号：US11017417B1
公开(公告)日：2021-05-25
申请号：US14314990
申请日：2014-06-25
申请人： Amazon Technologies, Inc.
发明人： Martin Thomas Pohlack
IPC分类号： G06Q40/00 , G06Q30/02 , G06N5/02
摘要： Systems and methods are described for managing computing resources by a provider network. A selection of a pricing plan for use of a computing resource is received. The pricing plan can include inclusion of a premium for continued use of the computing resource during a maintenance window, or a cost benefit for interrupting use of the computing resource during the maintenance window. Maintenance is performed on the computing device in accordance with the maintenance window and based on the selected pricing plan.

9. 发明授权

US10698668B1 Custom code transformations during compilation process 有权
公开(公告)号：US10698668B1
公开(公告)日：2020-06-30
申请号：US15992074
申请日：2018-05-29
申请人： Amazon Technologies, Inc.
发明人： Martin Thomas Pohlack , Pawel Piotr Wieczorkiewicz
IPC分类号： G06F9/44 , G06F9/46 , G06F11/34 , G06F17/50 , G06F8/41 , G06F21/57 , G06F8/30 , G06F8/71 , G06F11/36 , G06F9/455 , G06F8/65
摘要： Computer systems and associated methods are disclosed for performing custom code transformations using a compiler that does not support the custom transformations. In embodiments, a wrapper program intercepts a command to the compiler. The wrapper program generates intermediate code using the compiler in accordance with the command. The wrapper program then performs the code transformations on the intermediate code using a code transformer, for example, by performing a search and replace operation to replace particular code sequences in the intermediate code. The wrapper program then generates the binary code from the transformed intermediate code in accordance with the command. In this manner, software may be compiled with the custom code transformations without extensive changes to the source code or the compiler. In one application, the technique may be used to build a hot patch that applies a security update to a software using the software's original compiler.

10. 发明授权

US11531531B1 Non-disruptive introduction of live update functionality into long-running applications 有权
公开(公告)号：US11531531B1
公开(公告)日：2022-12-20
申请号：US15916099
申请日：2018-03-08
申请人： Amazon Technologies, Inc.
发明人： Bjoern Doebel , Martin Thomas Pohlack
IPC分类号： G06F8/60 , G06F8/656 , G06F8/65 , G06F8/71 , G06F9/48
摘要： An execution of an instance of a program that does not include checkpoint-based live update functionality is paused. A set of objects containing state information of the program is identified from a portion of memory used by the instance, and stored in a checkpoint of the program. The execution of the instance is resumed using at least the checkpoint and code that has been dynamically introduced into the instance.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式