Abstract: Techniques are described for delivering one or more first resources of a page using a first security level, and delivering one or more second resources of a page using a second, different security level. A page is generated to include elements identifying resources to be presented in the page, and the elements may include security level identifiers indicating a security level to be employed in communicating the corresponding resource. Each security level may be associated with a set of security measures that ensure the integrity or confidentiality of the resource while it is communicated. The use of multiple security levels to communicate multiple resources may provide appropriate security for each resource, reducing latency and overhead in page generation, communication, and rendering.

Abstract: A computing device can obtain a session key for encrypting data that is communicated between a client device and the computing device. The computing device can receive, from the client device, an encrypted request for data. The encrypted request can be encrypted by the client device using the session key. The data requested can be stored on a second computing device. The computing device can send, to the second computing device, a copy of the session key and the encrypted request for data. The second computing device can decrypt the data using the session key and can also encrypt data responsive to the request using the session key.

Abstract: A computing device may receive a compress data streams which may then be decompressed to generate decompressed data. The computing device may then determine if the decompressed data includes a flag indicating that the decompressed data should be modified. If the decompressed data is to be modified, the computing device may add padding values to the compressed data stream until a boundary block of the compressed data stream is reached. The modified compressed data stream may then be transmitted to an endpoint.

Abstract: A system for transmitting data over a network may include data processed according to a data-redundancy encoding technique such as erasure coding to be transmitted via an unreliable, connectionless transmission protocol, for example user datagram protocol (“UDP”). A transmitting manager may receive a request from an application to transmit data. The transmission manager may select encoding parameters and encode data to be transferred using a data-redundancy encoding technique. The transmission manager may initiate transmission of the encoded data and payload header data may via a network, for example via a network communication stream or protocol stack. A reconstruction manager associated with the receiving node may reconstruct the original data using the received erasure coding data and payload header data. In some embodiments, the receiving node may transmit telemetry data to the erasure coding algorithm.

Abstract: Techniques for improving communications efficiency between pairs of communication nodes running within a computer system are described herein. Potential locations for placing a communication node are evaluated using one or more fitness values wherein the fitness value is based at least in part on one or more system metrics associated with placing a communication node in the potential location. If an improved location is found based on the fitness value, the communication node may be migrated to the new location, thus improving system efficiency.

Abstract: Techniques for improving communications efficiency between pairs of communication nodes running within a computer system are described herein. Potential locations for placing a communication node are evaluated using one or more fitness values wherein the fitness value is based at least in part on one or more system metrics associated with placing a communication node in the potential location. If an improved location is found based on the fitness value, the communication node may be migrated to the new location, thus improving system efficiency.

Abstract: A computing resource service provider may operate a secure proxy fleet within a content delivery network. The secure proxy fleet may protect sensitive data communicated between a client device and a backend service over one or more networks, for example, over the content delivery network to a computing resource service provider environment. The secure proxy fleet may protect sensitive data by encrypting the sensitive data before it is forwarded to a destination.

Abstract: A computing resource service provider may operate a secure proxy fleet responsible for directing network traffic to one or more backend services. The network traffic may be received over a cryptographically protected communications session at a secure proxy device. The secure proxy device may detect sensitive data included in the network traffic and encrypt the sensitive data to protect the sensitive data during transmission to the backend service.

Abstract: A computing resource service provider may operate a secure proxy fleet responsible for directing network traffic from one or more backend services to one or more client devices. The network traffic may be encrypted or otherwise obfuscated to protect sensitive data. The secure proxy device may detect encrypted data and may decrypt the data prior to forwarding the data to the one or more client devices.

Abstract: Techniques are described for delivering one or more first resources of a page using a first security level, and delivering one or more second resources of a page using a second, different security level. A page is generated to include elements identifying resources to be presented in the page, and the elements may include security level identifiers indicating a security level to be employed in communicating the corresponding resource. Each security level may be associated with a set of security measures that ensure the integrity or confidentiality of the resource while it is communicated. The use of multiple security levels to communicate multiple resources may provide appropriate security for each resource, reducing latency and overhead in page generation, communication, and rendering.

Abstract: A first component of a network-accessible service is configured to participate in client-server interactions with other components of the service via a default communication channel. The first component has access to an alternate communication channel available only to a subset of components of the service. Using the alternate communication channel, the first component reaches a local workload agreement with a second component, in accordance with which at least some service requests of the first component or the second component are fulfilled using the alternate communication channel.

Abstract: A computing device can obtain a session key for encrypting data that is communicated between a client device and the computing device. The computing device can receive, from the client device, an encrypted request for data. The encrypted request can be encrypted by the client device using the session key. The data requested can be stored on a second computing device. The computing device can send, to the second computing device, a copy of the session key and the encrypted request for data. The second computing device can decrypt the data using the session key and can also encrypt data responsive to the request using the session key.

Abstract: A computing device can obtain a session key for encrypting data that is communicated between a client device and the computing device. The computing device can receive, from the client device, an encrypted request for data. The encrypted request can be encrypted by the client device using the session key. The data requested can be stored on a second computing device. The computing device can send, to the second computing device, a copy of the session key and the encrypted request for data. The second computing device can decrypt the data using the session key and can also encrypt data responsive to the request using the session key.

Abstract: The disclosure describes embodiments of a distributed caching system that are configured to store handshake data between client devices and servers, enabling handshake transaction to be resumed in case of interruption. Client devices can resume the handshake transaction even if assigned to new servers as the new servers can obtain the handshake data identifiers from the distributed caching system.

Abstract: The disclosure describes embodiments of a distributed caching system that are configured to store session state identifiers in a networked cache, enabling dynamic allocation of requests to servers. Client devices can resume secure sessions even if assigned to new servers as the new servers can obtain the session state identifiers from the distributed caching system. In at least some cases, the client device can be authenticated without the server having to perform a full authentication, thereby reducing the workload of the server and decreasing latency as the server can respond faster.