Abstract: A system and method for providing and executing a domain-specific programming language for cloud services infrastructure is provided. The system may be used to integrate references to external entities, such as cloud service compute instances, directly into a domain-specific programming language, allowing developers to easily integrate cloud services directly using the domain-specific programming language. Using a domain-specific programming language, references to external entities (not in memory) as variables may be used. Using the domain-specific programming language described herein, lexical scoping may be mapped onto collections of entities that aren't a native part of the language. In order to facilitate these and other benefits, the system may maintain state information of all references and shared variables across program boundaries. The system may make the state information accessible via a state information service that understands the language features of the domain-specific programming language.

Abstract: A system and method is provided for generating and using purchase strategies based on the price, performance, and/or other information related to cloud services to optimize the selection of such services. The purchase strategies may comprehensively describe various cloud services in real-time so that customers may purchase cloud services using up-to-date, real-time information. The purchase strategies may, for example, describe pricing, performance, availability, and/or other attributes of various cloud services. A purchase agent may use the purchase strategies, one or more purchase rules, and/or other information to generate a purchase specification that specifies one or more cloud service instances that should be purchased. The purchase agent may leverage unique properties of spot instances to make favorable purchase decisions. For example, the system may determine bid prices that should be made to obtain certain spot instances.

Abstract: Approaches for combining different information to be transmitted into different slices of a data packet and/or encrypting the slices using different cryptographic schemes for secure transmission of the information are disclosed. In some implementations, first information and second information may be received. A first data slice representing a portion of the first information may be generated based on a first cryptographic scheme. A second data slice representing a portion of the second information may be generated based on a second cryptographic scheme different than the first cryptographic scheme. A first header may be generated such that the first header may specify the first cryptographic scheme for the first data slice and the second cryptographic scheme for the second data slice. A first data packet may be generated such that the first data packet may include the first header, the first data slice, and the second data slice.

Abstract: Approaches for combining different information to be transmitted into different slices of a data packet and/or encrypting the slices using different cryptographic schemes for secure transmission of the information are disclosed. In some implementations, first information and second information may be received. A first data slice representing a portion of the first information may be generated based on a first cryptographic scheme. A second data slice representing a portion of the second information may be generated based on a second cryptographic scheme different than the first cryptographic scheme. A first header may be generated such that the first header may specify the first cryptographic scheme for the first data slice and the second cryptographic scheme for the second data slice. A first data packet may be generated such that the first data packet may include the first header, the first data slice, and the second data slice.

Abstract: Approaches for limiting exploitable or potentially exploitable sub-components in software components are disclosed. In certain implementations, a first software component in the component creation environment may be identified. The first software component may include a first sub-component that provides a function that is exploitable or potentially exploitable to compromise the first software component. The first sub-component may be disabled such that the function provided by the first sub-component is not available via the first software component when the first software component is executed. The first software component may be placed in the component repository after the first sub-component is disabled such that the first software component is placed in the component repository without availability of the function provided by the first sub-component. In some implementations, disabling the first sub-component may comprise removing the first sub-component from the first software component.

Abstract: Approaches for replacing software components executing in a runtime environment with corresponding known-good software components are disclosed. In some implementations, at least a first event indicating that at least a first software component executing in the runtime environment should be replaced may be determined. The first event may be determined without respect to whether the first software component has been compromised or potentially compromised. At least a second software component corresponding to the first software component may be obtained from a component repository that is separate from the runtime environment. The first software component may be replaced with the second software component based on the first event such that the second software component is available for use in the runtime environment after the first event and the first software component is no longer available for use in the runtime environment after the first event.

Abstract: Approaches for combining different information to be transmitted into different slices of a data packet and/or encrypting the slices using different cryptographic schemes for secure transmission of the information are disclosed. In some implementations, first information and second information may be received. A first data slice representing a portion of the first information may be generated based on a first cryptographic scheme. A second data slice representing a portion of the second information may be generated based on a second cryptographic scheme different than the first cryptographic scheme. A first header may be generated such that the first header may specify the first cryptographic scheme for the first data slice and the second cryptographic scheme for the second data slice. A first data packet may be generated such that the first data packet may include the first header, the first data slice, and the second data slice.

Abstract: Approaches for limiting exploitable or potentially exploitable sub-components in software components are disclosed. In certain implementations, a first software component in the component creation environment may be identified. The first software component may include a first sub-component that provides a function that is exploitable or potentially exploitable to compromise the first software component. The first sub-component may be disabled such that the function provided by the first sub-component is not available via the first software component when the first software component is executed. The first software component may be placed in the component repository after the first sub-component is disabled such that the first software component is placed in the component repository without availability of the function provided by the first sub-component. In some implementations, disabling the first sub-component may comprise removing the first sub-component from the first software component.

Abstract: Approaches for limiting exploitable or potentially exploitable sub-components in software components are disclosed. In certain implementations, a first software component in the component creation environment may be identified. The first software component may include a first sub-component that provides a function that is exploitable or potentially exploitable to compromise the first software component. The first sub-component may be disabled such that the function provided by the first sub-component is not available via the first software component when the first software component is executed. The first software component may be placed in the component repository after the first sub-component is disabled such that the first software component is placed in the component repository without availability of the function provided by the first sub-component. In some implementations, disabling the first sub-component may comprise removing the first sub-component from the first software component.

Abstract: Approaches for combining different information to be transmitted into different slices of a data packet and/or encrypting the slices using different cryptographic schemes for secure transmission of the information are disclosed. In some implementations, first information and second information may be received. A first data slice representing a portion of the first information may be generated based on a first cryptographic scheme. A second data slice representing a portion of the second information may be generated based on a second cryptographic scheme different than the first cryptographic scheme. A first header may be generated such that the first header may specify the first cryptographic scheme for the first data slice and the second cryptographic scheme for the second data slice. A first data packet may be generated such that the first data packet may include the first header, the first data slice, and the second data slice.