Security protocols for low latency execution of program code

US 9,727,725 B2
Filed: 02/04/2015
Issued: 08/08/2017
Est. Priority Date: 02/04/2015
Status: Active Grant

First Claim

Patent Images

1. A system for providing low-latency computational capacity from a virtual compute fleet, the system comprising:

an electronic data store configured to store at least a program code of a user; and

a virtual compute system comprising a plurality of virtual machine instances usable to execute one or more program codes thereon on a per-request basis, the virtual compute system comprising one or more hardware computing devices configured to execute specific computer-executable instructions, the virtual compute system in communication with the electronic data store and configured to at least;

maintain a first subset of the plurality of virtual machine instances in a warming pool comprising virtual machine instances to be assigned to a user and having one or more software components loaded thereon and a second subset of the plurality of virtual machine instances in an active pool comprising virtual machine instances assigned to one or more users;

receive a request to execute a program code associated with a user on the virtual compute system, the request including information usable to identify the program code and the user associated with the program code, wherein the program code is associated with configuration data indicating at least a first portion of the program code to be executed with a trusted credential and a second portion of the program code to be executed without the trusted credential;

select from the warming pool or the active pool a virtual machine instance to be used to execute the program code;

create a first container in the selected virtual machine instance to execute the first portion of the program code with the trusted credential;

create a second container in the selected virtual machine instance to execute the second portion of the program code without the trusted credential such that both of the first container and the second container are created in the selected virtual machine instance, wherein the second container is configured to communicate with the first container;

cause the first portion of the program code associated with the user to be loaded from the electronic data store onto the first container in the selected virtual machine instance and executed in the first container with the trusted credential; and

cause the second portion of the program code associated with the user to be loaded from the electronic data store onto the second container in the selected virtual machine instance and executed in the second container without the trusted credential.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for providing security mechanisms for secure execution of program code is described. The system may be configured to maintain a plurality of virtual machine instances. The system may be further configured to receive a request to execute a program code and allocate computing resources for executing the program code on one of the virtual machine instances. One mechanism involves executing program code according to a user-specified security policy. Another mechanism involves executing program code that may be configured to communicate or interface with an auxiliary service. Another mechanism involves splitting and executing program code in a plurality of portions, where some portions of the program code are executed in association with a first level of trust and some portions of the program code are executed with different levels of trust.

Citations

23 Claims

1. A system for providing low-latency computational capacity from a virtual compute fleet, the system comprising:
- an electronic data store configured to store at least a program code of a user; and
  
  a virtual compute system comprising a plurality of virtual machine instances usable to execute one or more program codes thereon on a per-request basis, the virtual compute system comprising one or more hardware computing devices configured to execute specific computer-executable instructions, the virtual compute system in communication with the electronic data store and configured to at least;
  
  maintain a first subset of the plurality of virtual machine instances in a warming pool comprising virtual machine instances to be assigned to a user and having one or more software components loaded thereon and a second subset of the plurality of virtual machine instances in an active pool comprising virtual machine instances assigned to one or more users;
  
  receive a request to execute a program code associated with a user on the virtual compute system, the request including information usable to identify the program code and the user associated with the program code, wherein the program code is associated with configuration data indicating at least a first portion of the program code to be executed with a trusted credential and a second portion of the program code to be executed without the trusted credential;
  
  select from the warming pool or the active pool a virtual machine instance to be used to execute the program code;
  
  create a first container in the selected virtual machine instance to execute the first portion of the program code with the trusted credential;
  
  create a second container in the selected virtual machine instance to execute the second portion of the program code without the trusted credential such that both of the first container and the second container are created in the selected virtual machine instance, wherein the second container is configured to communicate with the first container;
  
  cause the first portion of the program code associated with the user to be loaded from the electronic data store onto the first container in the selected virtual machine instance and executed in the first container with the trusted credential; and
  
  cause the second portion of the program code associated with the user to be loaded from the electronic data store onto the second container in the selected virtual machine instance and executed in the second container without the trusted credential.
- View Dependent Claims (2, 3)
- - 2. The system of claim 1, wherein the virtual compute system is further configured to cause the second portion of the program code to be executed in response to a request received from the first container.
  - 3. The system of claim 1, wherein the second container is configured to communicate with the first container by an inter-process communication channel.

4. A computer-implemented method comprising:
- as implemented by one or more computing devices configured with specific executable instructions,receiving a request to execute a program code on a virtual compute system configured to execute program codes on a per-request basis, the request including information usable to identify the program code, wherein the virtual compute system comprising a plurality of virtual machine instances usable to execute one or more program codes thereon;
  
  determining, based on the received request, a first portion of the program code to be executed at a first level of trust and a second portion of the program code to be executed at a second level of trust different from the first level of trust;
  
  selecting, from the plurality of virtual machine instances maintained on the virtual compute system, a virtual machine instance to be used to execute the program code;
  
  creating a first container in the selected virtual machine instance to execute the first portion of the program code at the first level of trust;
  
  creating a second container in the selected virtual machine instance to execute the second portion of the program code in response to a request from the first container at the second level of trust such that both of the first container and the second container are created in the selected virtual machine instance;
  
  configuring the first container to communicate with the second container to execute the second portion of the program code at the second level of trust;
  
  causing the first portion of the program code to be loaded and executed in the first container in the selected virtual machine instance at the first level of trust; and
  
  causing the second portion of the program code to be loaded and executed in the second container in the selected virtual machine instance in response to the request from the first container at the second level of trust.
- View Dependent Claims (5, 6, 7, 8)
- - 5. The computer-implemented method of claim 4, wherein the first container is configured to communicate with the second container using an inter-process communication channel.
  - 6. The computer-implemented method of claim 5, wherein the inter-process communication channel is one of a socket pair, a pipe, a named pipe, a shared memory on the virtual machine instance, or a message queue.
  - 7. The computer-implemented method of claim 4, wherein the first level of trust utilizes a trusted credential provided with the request to execute the program code on the virtual compute system.
  - 8. The computer-implemented method of claim 7, wherein the trusted credential is a login credential of a user associated with the program code, wherein the login credential is usable to access an auxiliary service on behalf of the user.

9. Non-transitory physical computer storage storing computer executable instructions that, when executed by one or more computing devices, configure the one or more computing devices to:
- receive a request to execute a program code on a virtual compute system configured to execute program codes on a per-request basis, the request including information usable to identify the program code, wherein the virtual compute system comprising a plurality of virtual machine instances usable to execute one or more program codes thereon;
  
  determine, based on the received request, a first portion of the program code to be executed with a trusted credential, wherein the first portion of the program code is configured to invoke a second portion of the program code to be executed without the trusted credential;
  
  select, from the plurality of virtual machine instances maintained on the virtual compute system, a virtual machine instance to be used to execute the program code;
  
  create a first container in the selected virtual machine instance to execute the first portion of the program code with the trusted credential;
  
  create a second container in the selected virtual machine instance to execute the second portion of the program code in response to a request from the first container without the trusted credential such that both of the first container and the second container are created in the selected virtual machine instance;
  
  configure the first container to communicate with the second container to execute the second portion of the program code without the trusted credential;
  
  cause the first portion of the program code to be loaded and executed in the first container in the selected virtual machine instance with the trusted credential; and
  
  cause the second portion of the program code to be loaded and executed in the second container in the selected virtual machine instance in response to the request from the first container without the trusted credential.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The non-transitory physical computer storage of claim 9, wherein the first container is configured to communicate with the second container using an inter-process communication channel.
  - 11. The non-transitory physical computer storage of claim 10, wherein the inter-process communication channel is one of a socket pair, a pipe, a named pipe, a shared memory on the virtual machine instance, or a message queue.
  - 12. The non-transitory physical computer storage of claim 9, wherein the trusted credential is provided with the request to execute the program code on the virtual compute system.
  - 13. The non-transitory physical computer storage of claim 12, wherein the trusted credential is a login credential of a user associated with the program code, and wherein the login credential is usable to access an auxiliary service on behalf of the user.

14. A system, comprising:
- a virtual compute system comprising a plurality of virtual machine instances usable to execute one or more program codes thereon on a per-request basis, the virtual compute system comprising one or more hardware computing devices configured to execute specific computer-executable instructions and configured to at least;
  
  receive a request to execute a program code on the virtual compute system, the request including information usable to identify the program code;
  
  determine, based on the received request, a first portion of the program code to be executed at a first level of trust and a second portion of the program code to be executed at a second level of trust different from the first level of trust;
  
  select, from the plurality of virtual machine instances maintained on the virtual compute system, a virtual machine instance to be used to execute the program code;
  
  create a first container in the selected virtual machine instance to execute the first portion of the program code at the first level of trust;
  
  create a second container in the selected virtual machine instance to execute the second portion of the program code in response to a request from the first container at the second level of trust such that both of the first container and the second container are created in the selected virtual machine instance;
  
  configure the first container to communicate with the second container to execute the second portion of the program code at the second level of trust;
  
  cause the first portion of the program code to be loaded and executed in the first container in the selected virtual machine instance at the first level of trust; and
  
  cause the second portion of the program code to be loaded and executed in the second container in the selected virtual machine instance in response to the request from the first container at the second level of trust.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 15. The system of claim 14, wherein the virtual compute system is further configured to cause the first portion of the program code to be executed in response to a request from the second container.
  - 16. The system of claim 14, wherein the first container is configured to communicate with the second container using an inter-process communication channel.
  - 17. The system of claim 16, wherein the inter-process communication channel is one of a socket pair, a pipe, a named pipe, or a message queue.
  - 18. The system of claim 14, wherein the second container is configured to only respond to requests from the first container to execute the second portion of the program code.
  - 19. The system of claim 14, wherein the first level of trust grants access to a resource and the second level of trust denies access to the resource.
  - 20. The system of claim 14, wherein the first level of trust utilizes a trusted credential provided with the request to execute the program code on the virtual compute system.
  - 21. The system of claim 20, wherein the trusted credential is a login credential of a user associated with the program code, and wherein the login credential is usable to access an auxiliary service on behalf of the user.
  - 22. The system of claim 14, wherein the first level of trust comprises a first set of security parameters, and wherein the second level of trust comprises a second set of security parameters that is a subset of the first set of security parameters.
  - 23. The system of claim 14, wherein the virtual compute system is further configured to:
    - maintain a first subset of the plurality of virtual machine instances in a warming pool comprising virtual machine instances to be assigned to a user and a second subset of the plurality of virtual machine instances in an active pool comprising preconfigured virtual machine instances assigned to one or more respective users;
      
      determine whether the active pool contains a configured container that has the program code loaded thereon, and, if so determined, select the virtual machine instance that contains the configured container to be used to execute the program code associated with a first user;
      
      in response to determining that the active pool does not contain the configured container that has the program code loaded thereon, determine whether the active pool contains any virtual machine instance that has the program code stored thereon and, if so determined, select the virtual machine instance that has the program code stored thereon to be used to execute the program code associated with the first user;
      
      in response to determining that the active pool does not contain any virtual machine instance that has the program code stored thereon, determine whether the active pool contains any virtual machine instance that is assigned to the first user and has available capacity to process the request, and, if so determined, select from the active pool the virtual machine instance that is assigned to the first user to be used to execute the program code associated with the first user; and
      
      in response to determining that the active pool does not contain any virtual machine instance that is assigned to the first user and has available capacity to process the request, acquire the virtual machine instance from the warming pool to be used to execute the program code associated with the first user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Nair, Ajay, Thomas, Dylan Chandler, Wagner, Timothy Allen
Primary Examiner(s)
KIM, DONG U

Application Number

US14/613,723
Publication Number

US 20160224785A1
Time in Patent Office

916 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 2009/45562   Creating, deleting, cloning...

G06F 21/44   Program or device authentic...

G06F 21/53   by executing in a restricte...

G06F 21/552   involving long-term monitor...

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/45558   Hypervisor-specific managem...

Security protocols for low latency execution of program code

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Security protocols for low latency execution of program code

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links