Abstract: Aspects of the present disclosure relate to adaptive and user-defined security against side-channel attacks in a virtual network. Traffic in the virtual network can be monitored at the hypervisor level and network security levels, such as padding and inclusion of dummy packets in the traffic stream, may be adaptively switched based on the monitored traffic information. In addition, user-defined security policies can be input to a management console. Thus, the security levels can be adaptive to real-time traffic bandwidth usage in the network and also flexibly specified by the user/administrator, which may be more efficient.

Abstract: Certain embodiments described herein are generally directed to handling a hypervisor restart event in a distributed network system. Embodiments include receiving, by a central controller, a session identifier from a first hypervisor. Embodiments further include comparing, by the central controller, the session identifier to a stored session identifier associated with the first hypervisor. Embodiments further include determining, by the central controller based on the session identifier not matching the stored session identifier associated with the first hypervisor, that the first hypervisor has restarted. Embodiments further include updating, by the central controller, the stored session identifier associated with the first hypervisor to match the session identifier. Embodiments further include identifying, by the central controller, a second hypervisor that is associated with the first hypervisor.

Abstract: A preparation method for polypeptide nano-bubbles, comprising the following steps: constructing a recombinant plasmid, which includes a Flag tag, an adipose tissue-targeting polypeptide and the coding gene of nano-bubble marker membrane protein CD63; and transfecting the recombinant plasmid into cells which secrete nano-bubbles through lipidosome for culturing, collecting a cell culture solution, and extracting the polypeptide nano-bubbles by ultracentrifugation. The present invention further discloses the polypeptide nano-bubbles and application thereof in the preparation of drugs for treating obesity. The polypeptide nano-bubbles bring great convenience for targeted therapy of anti-obesity drugs. The polypeptide nano-bubbles have good biocompatibility and are capable of carrying different kinds of bioactive substances.

Abstract: A first host receives a packet from a first compute node for a second compute node of a second host. The payload is larger than a maximum transmission unit size. The first packet is encapsulated with an outer header. The first host analyzes a length of at least a portion of the outer header in determining a size of an encrypted segment of the payload. Then, the first host forms a plurality of packets where each packet in the packets includes an encrypted segment of the payload, a respective encryption header, and a respective authentication value. The payload of the first packet is segmented to form a plurality of encrypted segments based on the size. The first host sends the packets to the second host and receives an indication that a packet was not received. A second packet including the encrypted segment is sent to the second compute node.

Abstract: Computer system and method for characterizing throughput performance of a datacenter utilize bandwidth information of physical network interfaces in the datacenter and results of benchmark testing on throughput on a single processor core to compute a plurality of throughput constraints that define a throughput capacity region for the datacenter to improve throughput performance of the datacenter.

Abstract: Exemplary methods, apparatuses, and systems include a central controller receiving a request to generate a new encryption key for a security group to replace a current encryption key for the security group. The security group includes a plurality of hosts that each encrypt and decrypt communications using the current encryption key. In response to receiving the request, the central controller determines that a threshold period following generation of the current encryption key has not expired. In response to determining that the threshold period has not expired, the central controller delays execution of the request until the expiration of the threshold period. In response to the expiration of the threshold period, the central controller executes the request by generating the new encryption key, storing a time of creation of the new encryption key, and transmitting the new encryption key to the plurality of hosts.

Abstract: Aspects of the present disclosure relate to adaptive and user-defined security against side-channel attacks in a virtual network. Traffic in the virtual network can be monitored at the hypervisor level and network security levels, such as padding and inclusion of dummy packets in the traffic stream, may be adaptively switched based on the monitored traffic information. In addition, user-defined security policies can be input to a management console. Thus, the security levels can be adaptive to real-time traffic bandwidth usage in the network and also flexibly specified by the user/administrator, which may be more efficient.

Abstract: Certain embodiments described herein are generally directed to allocating security parameter index (“SPI”) values to a plurality of endpoints in a network. The SPI values may be derived using an SPI derivation formula and a plurality of parameters. In some embodiments, the SPI values may be derived by an endpoint and in other embodiments by a server. Using the SPI derivation formula and the plurality of parameters enables endpoints and servers to instantaneously derive SPI values without the need for servers to store them.

Abstract: An example method of key management for encryption of traffic in a network having a network nodes includes negotiating, between a first network node and a centralized key management server, to obtain a master key shared among the network nodes; receiving, at the first network node, a first identifier for the first network node and a second identifier for a second network node; generating, at the first network node, a first session key by supplying the master key, the first identifier, and the second identifier as parametric input to a function; establishing, using a network stack of the first network node, a first point-to-point tunnel through the network to the second network node without a key exchange protocol; and sending first traffic from the first network node to the second network node through the first point-to-point tunnel, the first traffic including a portion encrypted by the first session key.

Abstract: For an encryption management module of a host that executes one or more data compute nodes (DCNs), some embodiments of the invention provide a method of providing key management and encryption services. The method initially receives an encryption key ticket at an encryption management module to be used to retrieve an encryption key identified by the ticket from a key manager. When the encryption key has been retrieved, the method uses the encryption key to encrypt a message sent by a data compute node executing on the host requiring encryption according to an encryption rule. The encryption key ticket, in some embodiments, is generated for an encryption management module to implement the principle of least privilege. The ticket acts as a security token in retrieving encryption keys from a key manager. Ticket distribution and encryption rule distribution are independent of each other in some embodiments.

Abstract: An axial flow impeller includes a hub, at least three base blades, and a cover blade detachably mounted to each base blade. When the impeller is applied in a medium environment having a high density and viscosity, the impeller will meet the requirement only by virtue of the base blade with the cover blade being removed. When the impeller is applied in a medium environment having low density and viscosity, the cover blade can be mounted in the front and/or rear of the base blade in order to improve the efficiency of the impeller. In this case, the consumption of electrical power can be reduced significantly while producing an equivalent propulsive force, thereby being advantageous for energy conservation. Therefore, the impeller can be adaptable to different medium environments and efficiency requirements, and thus can have good adaptability, need minimal investment cost and can be convenient to use.

Abstract: The present invention discloses an electronic device, a cloud storage system, a method thereof and a tangible embodied computer readable medium. The cloud storage system comprises at least one server and an electronic device. The at least one server provides a plurality of cloud storage spaces for accessing data. The electronic device comprises a storage management interface and is connected to each of the servers via Internet in order to access the cloud storage space. Wherein, the cloud storage spaces are integrated as a virtual storage space by the electronic device for a user to access data therefrom. The user can concurrently access the cloud storage spaces through the storage management interface of the electronic device, or access one of the cloud storage spaces by multi-thread or multi-process so as to raise the access speed.

Abstract: An axial flow impeller includes a hub, at least three base blades, and a cover blade detachably mounted to each base blade. When the impeller is applied in a medium environment having a high density and viscosity, the impeller will meet the requirement only by virtue of the base blade with the cover blade being removed. When the impeller is applied in a medium environment having low density and viscosity, the cover blade can be mounted in the front and/or rear of the base blade in order to improve the efficiency of the impeller. In this case, the consumption of electrical power can be reduced significantly while producing an equivalent propulsive force, thereby being advantageous for energy conservation. Therefore, the impeller can be adaptable to different medium environments and efficiency requirements, and thus can have good adaptability, need minimal investment cost and can be convenient to use.

Abstract: A method and system for providing functionality similar to that found in a DVR but mostly or completely contained within a television set is disclosed. A memory stores packets representing a portion of one or more programs in the broadcast stream and allows a viewer to replay that portion of the program using some of the functions available on a DVR, such as pause, rewind, and fast forward. The packet stream is divided into groups of equal length and fixed time duration, for example one second, and stored in sequential order in the memory. This allows for the storage and retrieval of content without the need for an index file, without adding a timestamp to the program data packets, and without separating the audio portion from the video portion of the program and then having to synchronize and recombine them.