Abstract: A system and method for generating a visualization of cloud based computing system based on a domain-specific language file is provided. In one or more examples, the domain-specific language file is compiled so as to generate a data file. The data file is parsed to generate an intermediate file that converts the computing resources found in the data file into symbolic representations. The intermediate file is then processed so as to produce a position for each symbol within the symbolic representation. Finally, the symbolic representation is rendered using a markup language such as HTML.

Abstract: A method for building, optimizing, and maintaining a computing infrastructure on a cloud computing environment is provided. A user provides a high-level declaration to a cloud environment operating system, specifying the details of the infrastructure that is intended to be built on the cloud. A cloud environment operating system converts the high level declaration to a lower level declaration and then to a series of instructions that can be executed by the cloud to build the desired infrastructure. The cloud environment operating system can also continuously monitor the infrastructure once it is built on the cloud. If the cloud environment operating system notices any discrepancies between the user's original specification and the infrastructure as built on the cloud, the operating system can work to modify the existing infrastructure on the cloud to conform to the infrastructure specified by a user.

Abstract: A system and method for providing and executing a domain-specific programming language for cloud services infrastructure is provided. The system may be used to integrate references to external entities, such as cloud service compute instances, directly into a domain-specific programming language, allowing developers to easily integrate cloud services directly using the domain-specific programming language. Using a domain-specific programming language, references to external entities (not in memory) as variables may be used. Using the domain-specific programming language described herein, lexical scoping may be mapped onto collections of entities that aren't a native part of the language. In order to facilitate these and other benefits, the system may maintain state information of all references and shared variables across program boundaries. The system may make the state information accessible via a state information service that understands the language features of the domain-specific programming language.

Abstract: A system and method for providing and executing a domain-specific programming language for cloud services infrastructure is provided. The system may be used to integrate references to external entities, such as cloud service compute instances, directly into a domain-specific programming language, allowing developers to easily integrate cloud services directly using the domain-specific programming language. The domain-specific programming language may also allow users to declare strategies for a given computing system rather than specific instances of computing infrastructure. The strategies can be resolved by an artificial intelligence engine to determine an optimal computing instance solution to the user declared strategy. The determined solution from the artificial intelligence engine can be used to generate a computing system on a cloud service provider account.

Abstract: A system and method for generating a visualization of cloud-based computing system based on a domain-specific language file is provided. In one or more examples, the domain-specific language file is compiled so as to generate a data file. The data file is parsed to generate an intermediate file that converts the computing resources found in the data file into symbolic representations. The intermediate file is then processed so as to produce a position for each symbol within the symbolic representation. Finally, the symbolic representation is rendered using a markup language such as HTML.

Abstract: Techniques for replacing instances of software defined networks (SDN's) in software defined network systems (SDN systems) are provided. In a SDN system having a first instance of a SDN, a second instance of the SDN is instantiated, and instructions are sent to other components of the SDN system to route traffic to the new SDN instance, and the old SDN instance is retired from service. Instructions for routing traffic to the new SDN instance and for retiring the old SDN instance may be transmitted by a distributed key/value store system leveraging asynchronous communication. A retired SDN instance may be destroyed or repurposed for deceptive or forensic purposes. SDN infrastructure and topology may be cycled according to a schedule, may be algorithmically cycled, and may be proactively cycled without any indication that an SDN instance is compromised. Similar techniques for replacing instances of individual network components in SDN's are also provided.

Abstract: Approaches for combining different information to be transmitted into different slices of a data packet and/or encrypting the slices using different cryptographic schemes for secure transmission of the information are disclosed. In some implementations, first information and second information may be received. A first data slice representing a portion of the first information may be generated based on a first cryptographic scheme. A second data slice representing a portion of the second information may be generated based on a second cryptographic scheme different than the first cryptographic scheme. A first header may be generated such that the first header may specify the first cryptographic scheme for the first data slice and the second cryptographic scheme for the second data slice. A first data packet may be generated such that the first data packet may include the first header, the first data slice, and the second data slice.

Abstract: A method for building, optimizing, and maintaining a computing infrastructure on a cloud computing environment is provided. A user provides a high-level declaration to a cloud environment operating system, specifying the details of the infrastructure that is intended to be built on the cloud. A cloud environment operating system converts the high level declaration to a lower level declaration and then to a series of instructions that can be executed by the cloud to build the desired infrastructure. The cloud environment operating system can also continuously monitor the infrastructure once it is built on the cloud. If the cloud environment operating system notices any discrepancies between the user's original specification and the infrastructure as built on the cloud, the operating system can work to modify the existing infrastructure on the cloud to conform to the infrastructure specified by a user.

Abstract: A system and method is provided for generating and using purchase strategies based on the price, performance, and/or other information related to cloud services to optimize the selection of such services. The purchase strategies may comprehensively describe various cloud services in real-time so that customers may purchase cloud services using up-to-date, real-time information. The purchase strategies may, for example, describe pricing, performance, availability, and/or other attributes of various cloud services. A purchase agent may use the purchase strategies, one or more purchase rules, and/or other information to generate a purchase specification that specifies one or more cloud service instances that should be purchased. The purchase agent may leverage unique properties of spot instances to make favorable purchase decisions. For example, the system may determine bid prices that should be made to obtain certain spot instances.

Abstract: Approaches for limiting exploitable or potentially exploitable sub-components in software components are disclosed. In certain implementations, a first software component in the component creation environment may be identified. The first software component may include a first sub-component that provides a function that is exploitable or potentially exploitable to compromise the first software component. The first sub-component may be disabled such that the function provided by the first sub-component is not available via the first software component when the first software component is executed. The first software component may be placed in the component repository after the first sub-component is disabled such that the first software component is placed in the component repository without availability of the function provided by the first sub-component. In some implementations, disabling the first sub-component may comprise removing the first sub-component from the first software component.

Abstract: Approaches for replacing software components executing in a runtime environment with corresponding known-good software components are disclosed. In some implementations, at least a first event indicating that at least a first software component executing in the runtime environment should be replaced may be determined. The first event may be determined without respect to whether the first software component has been compromised or potentially compromised. At least a second software component corresponding to the first software component may be obtained from a component repository that is separate from the runtime environment. The first software component may be replaced with the second software component based on the first event such that the second software component is available for use in the runtime environment after the first event and the first software component is no longer available for use in the runtime environment after the first event.

Abstract: A system and method for providing and executing a domain-specific programming language for cloud services infrastructure is provided. The system may be used to integrate references to external entities, such as cloud service compute instances, directly into a domain-specific programming language, allowing developers to easily integrate cloud services directly using the domain-specific programming language. Using a domain-specific programming language, references to external entities (not in memory) as variables may be used. Using the domain-specific programming language described herein, lexical scoping may be mapped onto collections of entities that aren't a native part of the language. In order to facilitate these and other benefits, the system may maintain state information of all references and shared variables across program boundaries. The system may make the state information accessible via a state information service that understands the language features of the domain-specific programming language.

Abstract: A system and method is provided for generating and using purchase strategies based on the price, performance, and/or other information related to cloud services to optimize the selection of such services. The purchase strategies may comprehensively describe various cloud services in real-time so that customers may purchase cloud services using up-to-date, real-time information. The purchase strategies may, for example, describe pricing, performance, availability, and/or other attributes of various cloud services. A purchase agent may use the purchase strategies, one or more purchase rules, and/or other information to generate a purchase specification that specifies one or more cloud service instances that should be purchased. The purchase agent may leverage unique properties of spot instances to make favorable purchase decisions. For example, the system may determine bid prices that should be made to obtain certain spot instances.

Abstract: Approaches for combining different information to be transmitted into different slices of a data packet and/or encrypting the slices using different cryptographic schemes for secure transmission of the information are disclosed. In some implementations, first information and second information may be received. A first data slice representing a portion of the first information may be generated based on a first cryptographic scheme. A second data slice representing a portion of the second information may be generated based on a second cryptographic scheme different than the first cryptographic scheme. A first header may be generated such that the first header may specify the first cryptographic scheme for the first data slice and the second cryptographic scheme for the second data slice. A first data packet may be generated such that the first data packet may include the first header, the first data slice, and the second data slice.

Abstract: Approaches for replacing software components executing in a runtime environment with corresponding known-good software components are disclosed. In some implementations, at least a first event indicating that at least a first software component executing in the runtime environment should be replaced may be determined. The first event may be determined without respect to whether the first software component has been compromised or potentially compromised. At least a second software component corresponding to the first software component may be obtained from a component repository that is separate from the runtime environment. The first software component may be replaced with the second software component based on the first event such that the second software component is available for use in the runtime environment after the first event and the first software component is no longer available for use in the runtime environment after the first event.

Abstract: Approaches for limiting exploitable or potentially exploitable sub-components in software components are disclosed. In certain implementations, a first software component in the component creation environment may be identified. The first software component may include a first sub-component that provides a function that is exploitable or potentially exploitable to compromise the first software component. The first sub-component may be disabled such that the function provided by the first sub-component is not available via the first software component when the first software component is executed. The first software component may be placed in the component repository after the first sub-component is disabled such that the first software component is placed in the component repository without availability of the function provided by the first sub-component. In some implementations, disabling the first sub-component may comprise removing the first sub-component from the first software component.

Abstract: Approaches for combining different information to be transmitted into different slices of a data packet and/or encrypting the slices using different cryptographic schemes for secure transmission of the information are disclosed. In some implementations, first information and second information may be received. A first data slice representing a portion of the first information may be generated based on a first cryptographic scheme. A second data slice representing a portion of the second information may be generated based on a second cryptographic scheme different than the first cryptographic scheme. A first header may be generated such that the first header may specify the first cryptographic scheme for the first data slice and the second cryptographic scheme for the second data slice. A first data packet may be generated such that the first data packet may include the first header, the first data slice, and the second data slice.

Abstract: Approaches for limiting exploitable or potentially exploitable sub-components in software components are disclosed. In certain implementations, a first software component in the component creation environment may be identified. The first software component may include a first sub-component that provides a function that is exploitable or potentially exploitable to compromise the first software component. The first sub-component may be disabled such that the function provided by the first sub-component is not available via the first software component when the first software component is executed. The first software component may be placed in the component repository after the first sub-component is disabled such that the first software component is placed in the component repository without availability of the function provided by the first sub-component. In some implementations, disabling the first sub-component may comprise removing the first sub-component from the first software component.

Abstract: Approaches for combining different information to be transmitted into different slices of a data packet and/or encrypting the slices using different cryptographic schemes for secure transmission of the information are disclosed. In some implementations, first information and second information may be received. A first data slice representing a portion of the first information may be generated based on a first cryptographic scheme. A second data slice representing a portion of the second information may be generated based on a second cryptographic scheme different than the first cryptographic scheme. A first header may be generated such that the first header may specify the first cryptographic scheme for the first data slice and the second cryptographic scheme for the second data slice. A first data packet may be generated such that the first data packet may include the first header, the first data slice, and the second data slice.

Abstract: Approaches for limiting exploitable or potentially exploitable sub-components in software components are disclosed. In certain implementations, a first software component in the component creation environment may be identified. The first software component may include a first sub-component that provides a function that is exploitable or potentially exploitable to compromise the first software component. The first sub-component may be disabled such that the function provided by the first sub-component is not available via the first software component when the first software component is executed. The first software component may be placed in the component repository after the first sub-component is disabled such that the first software component is placed in the component repository without availability of the function provided by the first sub-component. In some implementations, disabling the first sub-component may comprise removing the first sub-component from the first software component.