Security protocols for low latency execution of program code
First Claim
1. A system, comprising:
- one or more processors; and
one or more memories, the one or more memories having stored thereon instructions, which, when executed by the one or more processors, configure the one or more processors to;
receive a request to execute a program code, the request including data usable to modify a policy according to which the program code is to be executed;
identify a container created on one of a plurality of virtual machine instances implemented on one or more physical computing devices, wherein the container is usable to execute the program code;
determine that the identified container satisfies one or more criteria defined by the data included in the request, wherein the container is on a first virtual machine instance of the plurality of virtual machine instances; and
cause the program code to be executed in the container on the first virtual machine instance according to the policy modified based on the data included in the request.
0 Assignments
0 Petitions
Accused Products
Abstract
A system for providing security mechanisms for secure execution of program code is described. The system may be configured to maintain a plurality of virtual machine instances. The system may be further configured to receive a request to execute a program code and allocate computing resources for executing the program code on one of the virtual machine instances. One mechanism involves executing program code according to a user-specified security policy. Another mechanism involves executing program code that may be configured to communicate or interface with an auxiliary service. Another mechanism involves splitting and executing program code in a plurality of portions, where some portions of the program code are executed in association with a first level of trust and some portions of the program code are executed with different levels of trust.
491 Citations
20 Claims
-
1. A system, comprising:
-
one or more processors; and one or more memories, the one or more memories having stored thereon instructions, which, when executed by the one or more processors, configure the one or more processors to; receive a request to execute a program code, the request including data usable to modify a policy according to which the program code is to be executed; identify a container created on one of a plurality of virtual machine instances implemented on one or more physical computing devices, wherein the container is usable to execute the program code; determine that the identified container satisfies one or more criteria defined by the data included in the request, wherein the container is on a first virtual machine instance of the plurality of virtual machine instances; and cause the program code to be executed in the container on the first virtual machine instance according to the policy modified based on the data included in the request. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-implemented method comprising:
as implemented by one or more computing devices configured with specific executable instructions, receiving a request to execute a program code, the request including data usable to modify a policy according to which the program code is to be executed; identifying a container created on one of a plurality of virtual machine instances implemented on one or more physical computing devices, wherein the container is usable to execute the program code; determining that the identified container satisfies one or more criteria defined by the data included in the request, wherein the container is on a first virtual machine instance of the plurality of virtual machine instances; and executing the program code in the container on the first virtual machine instance according to the policy modified based on the data included in the request. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
16. Non-transitory physical computer storage storing instructions that, when executed by one or more computing devices having one or more processors, configure the one or more computing devices to:
-
receive a request to execute a program code, the request including data usable to modify a policy according to which the program code is to be executed; identify a container created on one of a plurality of virtual machine instances implemented on one or more physical computing devices, wherein the container is usable to execute the program code; determine that the identified container satisfies one or more criteria defined by the data included in the request, wherein the container is on a first virtual machine instance of the plurality of virtual machine instances; and cause the program code to be executed in the container on the first virtual machine instance according to the policy modified based on the data included in the request. - View Dependent Claims (17, 18, 19, 20)
-
Specification