Abstract: A load balancer receives a sequence of requests for computing service and distributes the requests for computing service to a computing node in an ordered list of computing nodes until the computing node reaches its maximum allowable compute capability. Responsive to an indication that the computing node has reached its maximum allowable compute capability, the load balancer distributes subsequent requests for computing service to another computing node in the ordered list. If the computing node is the last computing node in the ordered list, the load balancer distributes a subsequent request for computing service to a computing node other than one of the computing nodes in the ordered list of computing nodes. If the computing node is not the last computing node in the ordered list, the load balancer distributes a subsequent request for computing service to another computing node in the ordered list of computing nodes.

Abstract: Technologies are shown for high granularity metric (HGM)-based control for smart contract execution. In accordance with some aspects, a function call associated with one or more methods of a smart contract on a blockchain is detected by identifying an entrance or exit of the function call in a kernel for smart contract execution on the blockchain. The function call is added to a function call stack, and one or more detected HGMs are identified in the function call stack. A comparison of the detected HGMs in the function call stack against one or more control rules is performed. Execution or completion of the function call is blocked based on the comparison.

Abstract: Technologies are shown for system level function based access control for smart contract execution on a blockchain. Access control rules control function calls at a system level by utilizing function boundary detection instrumentation in a kernel that executes smart contracts. The detection instrumentation generates a call stack that represents a chain of function calls in the kernel for execution of a smart contract. The access control rules are applied to the function call stack to allow or prohibit specific functions or function call chains. Access control rules can also define allowed or prohibited parameter data in the function call chain. If the function call chain or parameters do not meet the requirements defined in the access control rules, then the function call can be blocked from executing or completing execution. The access control rules can produce sophisticated access control policies based on complex function call chains.

Abstract: A load balancer receives a sequence of requests for computing service and distributes the requests for computing service to a computing node in an ordered list of computing nodes until the computing node reaches its maximum allowable compute capability. Responsive to an indication that the computing node has reached its maximum allowable compute capability, the load balancer distributes subsequent requests for computing service to another computing node in the ordered list. If the computing node is the last computing node in the ordered list, the load balancer distributes a subsequent request for computing service to a computing node other than one of the computing nodes in the ordered list of computing nodes. If the computing node is not the last computing node in the ordered list, the load balancer distributes a subsequent request for computing service to another computing node in the ordered list of computing nodes.

Abstract: Technologies are shown for HGM based control for smart contract execution. HGM control rules control function calls at a system level utilizing function boundary detection instrumentation in a kernel that executes smart contracts. The detection instrumentation generates a call stack that represents a chain of function calls in the kernel for a smart contract. The HGM control rules are applied to HGMs collected from the call stack to allow or prohibit specific HGMs observed in functions or function call chains. HGM control rules can use dynamic state data in the function call chain. If the dynamic state data observed in function call chains does not meet the requirements defined in the HGM control rules, then the function call can be blocked from executing or completing execution. The HGM control rules can be generated by executing known sets of acceptable or vulnerable smart contracts and collecting the resulting HGMs.

Abstract: Technologies are shown for function level permissions control for smart contract execution to implement permissions policy on a blockchain. Permissions control rules control function calls at a system level utilizing function boundary detection instrumentation in a kernel that executes smart contracts. The detection instrumentation generates a call stack that represents a chain of function calls in the kernel for a smart contract. The permissions control rules are applied to the call stack to implement permissions control policy. Permissions control rules can use dynamic state data in the function call chain. If the dynamic state data observed in function call chains does not meet the requirements defined in the permissions control rules, then the function call can be blocked from executing or completing execution. The permissions control rules can be generated for a variety of different entities, such as a domain, user or resource.

Abstract: Technologies are shown for function level permissions control for smart contract execution to implement permissions policy on a blockchain. Permissions control rules control function calls at a system level utilizing function boundary detection instrumentation in a kernel that executes smart contracts. The detection instrumentation generates a call stack that represents a chain of function calls in the kernel for a smart contract. The permissions control rules are applied to the call stack to implement permissions control policy. Permissions control rules can use dynamic state data in the function call chain. If the dynamic state data observed in function call chains does not meet the requirements defined in the permissions control rules, then the function call can be blocked from executing or completing execution. The permissions control rules can be generated for a variety of different entities, such as a domain, user or resource.

Abstract: Technologies are shown for selecting a provider to service a client service request using a consensus protocol and creating a block on a blockchain to service the client service request. In accordance with some aspects, a first miner receives parameters of each proposal transaction from a plurality of proposal transactions for servicing a client service request. The parameters of at least one proposal transaction from the plurality of proposal transactions is received from a second miner. The first miner uses a selection algorithm to select a first proposal transaction from the plurality of proposal transactions based on the parameters of each proposal transaction. The first miner appends a block to a blockchain based on the first proposal transaction.

Abstract: Deploying a point of presence (PoP) changes traffic flow to a cloud service provider. To determine if the PoP improves the performance of a cloud service to a client, actual network latencies between the client and the cloud service are measured. In more complex scenarios, multiple PoPs are used. The client sends multiple requests for the same content to the cloud provider. The requests are sent via different routes. The cloud provider serves the requests and collates the latency information. Based on the latency information, a route for a future request is selected, resources are allocated, or a user interface is presented. The process of determining the latency for content delivered by different routes may be repeated for content of different sizes. A future request is routed along the network path that provides the lowest latency for the data being requested.

Abstract: Technologies are shown for selecting a provider to service a client service request using a predictive metrics based consensus protocol to select a provider and create a service request transaction block to service the client service request. A client service request is received and forwarded to a set of providers. Proposed transactions are received from the providers and scored based on a predictive metric. A proposal transaction is selected based on the scoring and the selected transaction is written as a block on a service transaction blockchain. The provider for the selected transaction detects the block on the blockchain and performs the requested service. The client detects the block on the blockchain and transfers payment to the provider. Selection can be based on predictive metrics in the providers or macro metrics determined in miner nodes in combination with provider reputation, currency, load sharing, fairness, provisioning, and static and dynamic criteria.

Abstract: Deploying a point of presence (PoP) changes traffic flow to a cloud service provider. To determine if the PoP improves the performance of a cloud service to a client, actual network latencies between the client and the cloud service are measured. In more complex scenarios, multiple PoPs are used. The client sends multiple requests for the same content to the cloud provider. The requests are sent via different routes. The cloud provider serves the requests and collates the latency information. Based on the latency information, a route for a future request is selected, resources are allocated, or a user interface is presented. The process of determining the latency for content delivered by different routes may be repeated for content of different sizes. A future request is routed along the network path that provides the lowest latency for the data being requested.

Abstract: Systems and methods of cloud deployment optimization are disclosed. In some example embodiments, a method comprises running original instances of an application concurrently on original servers to implement an online service, receiving, by the original instances of the application original requests for one or more functions of the online service, receiving a command to deploy a number of additional instances of the application, transmitting synthetic requests for the function(s) of the online service to one of the original servers according to a predetermined optimization criteria, deploying the number of additional instances of the application on additional servers using a copy of the original instance of the application, and running the deployed additional instances of the application on their corresponding additional servers concurrently with the original instances of the application being run on their corresponding original servers.

Abstract: Technologies are shown for HGM based control for smart contract execution. HGM control rules control function calls at a system level utilizing function boundary detection instrumentation in a kernel that executes smart contracts. The detection instrumentation generates a call stack that represents a chain of function calls in the kernel for a smart contract. The HGM control rules are applied to HGMs collected from the call stack to allow or prohibit specific HGMs observed in functions or function call chains. HGM control rules can use dynamic state data in the function call chain. If the dynamic state data observed in function call chains does not meet the requirements defined in the HGM control rules, then the function call can be blocked from executing or completing execution. The HGM control rules can be generated by executing known sets of acceptable or vulnerable smart contracts and collecting the resulting HGMs.

Abstract: Technologies are shown for HGM based control for smart contract execution. HGM control rules control function calls at a system level utilizing function boundary detection instrumentation in a kernel that executes smart contracts. The detection instrumentation generates a call stack that represents a chain of function calls in the kernel for a smart contract. The HGM control rules are applied to HGMs collected from the call stack to allow or prohibit specific HGMs observed in functions or function call chains. HGM control rules can use dynamic state data in the function call chain. If the dynamic state data observed in function call chains does not meet the requirements defined in the HGM control rules, then the function call can be blocked from executing or completing execution. The HGM control rules can be generated by executing known sets of acceptable or vulnerable smart contracts and collecting the resulting HGMs.

Abstract: Technologies are shown for system level function based access control for smart contract execution on a blockchain. Access control rules control function calls at a system level by utilizing function boundary detection instrumentation in a kernel that executes smart contracts. The detection instrumentation generates a call stack that represents a chain of function calls in the kernel for execution of a smart contract. The access control rules are applied to the function call stack to allow or prohibit specific functions or function call chains. Access control rules can also define allowed or prohibited parameter data in the function call chain. If the function call chain or parameters do not meet the requirements defined in the access control rules, then the function call can be blocked from executing or completing execution. The access control rules can produce sophisticated access control policies based on complex function call chains.

Abstract: Technologies are shown for function level permissions control for smart contract execution to implement permissions policy on a blockchain. Permissions control rules control function calls at a system level utilizing function boundary detection instrumentation in a kernel that executes smart contracts. The detection instrumentation generates a call stack that represents a chain of function calls in the kernel for a smart contract. The permissions control rules are applied to the call stack to implement permissions control policy. Permissions control rules can use dynamic state data in the function call chain. If the dynamic state data observed in function call chains does not meet the requirements defined in the permissions control rules, then the function call can be blocked from executing or completing execution. The permissions control rules can be generated for a variety of different entities, such as a domain, user or resource.

Abstract: Technologies are shown for system level function based access control for smart contract execution on a blockchain. Access control rules control function calls at a system level by utilizing function boundary detection instrumentation in a kernel that executes smart contracts. The detection instrumentation generates a call stack that represents a chain of function calls in the kernel for execution of a smart contract. The access control rules are applied to the function call stack to allow or prohibit specific functions or function call chains. Access control rules can also define allowed or prohibited parameter data in the function call chain. If the function call chain or parameters do not meet the requirements defined in the access control rules, then the function call can be blocked from executing or completing execution. The access control rules can produce sophisticated access control policies based on complex function call chains.

Abstract: Technologies are shown for function level permissions control for smart contract execution to implement permissions policy on a blockchain. Permissions control rules control function calls at a system level utilizing function boundary detection instrumentation in a kernel that executes smart contracts. The detection instrumentation generates a call stack that represents a chain of function calls in the kernel for a smart contract. The permissions control rules are applied to the call stack to implement permissions control policy. Permissions control rules can use dynamic state data in the function call chain. If the dynamic state data observed in function call chains does not meet the requirements defined in the permissions control rules, then the function call can be blocked from executing or completing execution. The permissions control rules can be generated for a variety of different entities, such as a domain, user or resource.

Abstract: A load balancer receives a sequence of requests for computing service and distributes the requests for computing service to a computing node in an ordered list of computing nodes until the computing node reaches its maximum allowable compute capability. Responsive to an indication that the computing node has reached its maximum allowable compute capability, the load balancer distributes subsequent requests for computing service to another computing node in the ordered list. If the computing node is the last computing node in the ordered list, the load balancer distributes a subsequent request for computing service to a computing node other than one of the computing nodes in the ordered list of computing nodes. If the computing node is not the last computing node in the ordered list, the load balancer distributes a subsequent request for computing service to another computing node in the ordered list of computing nodes.

Abstract: A load balancer receives a sequence of requests for computing service and distributes the requests for computing service to a computing node in an ordered list of computing nodes until the computing node reaches its maximum allowable compute capability. Responsive to an indication that the computing node has reached its maximum allowable compute capability, the load balancer distributes subsequent requests for computing service to another computing node in the ordered list. If the computing node is the last computing node in the ordered list, the load balancer distributes a subsequent request for computing service to a computing node other than one of the computing nodes in the ordered list of computing nodes. If the computing node is not the last computing node in the ordered list, the load balancer distributes a subsequent request for computing service to another computing node in the ordered list of computing nodes.