Abstract: Aspects define a union mixed secure virtual machine image to include an encrypted code virtualization machine for code machine instructions of a first retrieved package; and an unsecure virtualization hypervisor that includes a non-encrypted code virtualization machine for code machine instructions of a second retrieved package and a non-encrypted data storage device.

Abstract: Identifying malicious code execution of executing subject code of a software enclave of a processing system follows a process that includes monitoring performance characteristics of the processing system attributed to execution of the subject code of the software enclave. The monitoring produces performance data, which is stored to a relational database. The process applies a classification model to the stored performance data to obtain an output, and, based on the output of the classification model, identifies anomalous behavior in the execution of the subject code and determines a confidence level that the anomalous behavior exhibits malicious activity. Based on the confidence level exceeding a threshold, the process determines that the executing subject code is malicious and initiates halting of the execution of the subject code.

Abstract: Booting a virtual machine instance using remote direct memory access is provided. In response to beginning to receive pages of a predetermined set of pages corresponding to a requested image of a virtual machine from an image provider server, a boot process of an instance of the virtual machine is commenced while the received pages are written directly into a random-access memory (RAM) disk. The received pages are read from the RAM disk during the boot process of the instance of the virtual machine until transfer of the predetermined set of pages corresponding to the requested image is complete. The predetermined set of pages corresponding to the requested image are written to a local hard disk drive from the memory releasing memory usage. In response to completing the boot process, a RAM image is switched to a local hard disk drive image.

Abstract: Systems and methods for improved process caching through iterative feedback are disclosed. In embodiments, a computer implemented method comprises retrieving updated metadata of a process to be executed, wherein the updated metadata includes information regarding cache misses from a prior execution of the process; automatically modifying a setting of a data stream control register based on the updated metadata; automatically setting a hint at a data cache block touch module; performing an initial execution of the process after the steps of retrieving the updated metadata, automatically modifying the setting of the data stream control register, and automatically setting the hint at the data cache block touch module; and modifying the updated metadata of the process after the execution of the process based on cache miss statistical data gathered during the execution of the process, to produce newly updated metadata.

Abstract: Managing seamless server halt and restart is provided. A suspend event corresponding to a non-non-volatile dual-inline memory module (non-NVDIMM) server that comprises a set of virtual machines is received. In response to receiving the suspend event corresponding to the non-NVDIMM server, running virtual machine processes are stopped on the non-NVDIMM server. Virtual machine state information corresponding to stopped non-NVDIMM server virtual machine processes is saved on a set of non-volatile dual-inline memory modules (NVDIMMs) located in a non-volatile dual-inline memory module (NVDIMM) server.

Abstract: A method, a computer program product, and a computer system for a security fix of a container in a VM (virtual machine) environment. A computer detects a container in a container environment, determines whether the container has a security issue performs live migration of the container to a created VM, fixes the security issue of the container in the created VM, and determines whether the security issue is fixed. In response to determining that the security issue is fixed, the computer performs live migration of the created VM to the container environment.

Abstract: Disclosed embodiments provide techniques for inter-enclave communication through shared memory. Enclaves (containers) operate in a protected memory space that inhibits the use of shared memory. Disclosed embodiments enable enclaves to use shared memory, eliminating the communication bottlenecks associated with networking. A memory cryptography coprocessor implemented in hardware generates shared memory key data for a shared memory region that is to be used by two or more enclaves. The shared memory key data is sent to the enclaves that require a shared memory interface. The enclaves access the shared memory securely utilizing the shared memory key data. The memory cryptography coprocessor facilitates shared memory key generation and exchange. The memory cryptography coprocessor data is not directly accessible by the processes executing on the main processor.

Abstract: A first set of data may be received indicating that an object of interest has been identified. A second set of data may be received indicating a first location of where the object of interest was identified. The first location may correspond to a geographical area. In response to the receiving of the first set of data and the second set of data, the first location may be associated with a first transceiver base station. In response to the associating, a first list of one or more mobile devices may be obtained that are within an active range of the first transceiver base station.

Abstract: Embodiments of the present invention disclose a method, computer program product, and system for managing memory bandwidth usage in software containers. Software container properties are received from a software container engine. In response to detecting the execution of one or more software containers by the software container engine, a monitoring layer is generated. At periodic time intervals, the generated monitoring layer monitors a memory bandwidth use value associated with each of the executed software containers. For each periodic time interval, an average memory use value is calculated, associated with each executed software container. In response to the calculated average memory use value being above a threshold associated with a monitored software container of the executed containers, the monitored software container is suspended for a suspend time duration. The suspended monitored software container is reactivated based on the suspend time duration expiring.

Abstract: A first set of data may be received indicating that an object of interest has been identified. A second set of data may be received indicating a first location of where the object of interest was identified. The first location may correspond to a geographical area. In response to the receiving of the first set of data and the second set of data, the first location may be associated with a first transceiver base station. In response to the associating, a first list of one or more mobile devices may be obtained that are within an active range of the first transceiver base station.

Abstract: Embodiments of the present invention disclose a method, computer program product, and system for managing memory bandwidth usage in software containers. Software container properties are received from a software container engine. In response to detecting the execution of one or more software containers by the software container engine, a monitoring layer is generated. At periodic time intervals, the generated monitoring layer monitors a memory bandwidth use value associated with each of the executed software containers. For each periodic time interval, an average memory use value is calculated, associated with each executed software container. In response to the calculated average memory use value being above a threshold associated with a monitored software container of the executed containers, the monitored software container is suspended for a suspend time duration. The suspended monitored software container is reactivated based on the suspend time duration expiring.

Abstract: In an approach for moving workloads between central processing units (CPUs) to accommodate balance, a processor profiles a first processor and a second processor of a plurality of processors, using a cycle per instruction metric. A processor assigns a first group of instructions to the first processor and a second group of instructions to the second processor. A processor sums an instruction count for the first group of instructions and an instruction count for the second group of instructions. A processor determines that a balance condition, defined by a predetermined threshold, does not exist across the first processor and the second processor. A processor identifies the second processor has a lower cycle per instruction metric than the first processor. A processor moves a workload, running on the first processor, with a maximum number of instructions of an unbalanced group to the second processor to balance workloads.

Abstract: Managing an entryway for a building includes a computer system accessing identity data providing unique biometric identifications and associated names for respective people. Roles are stored and associated with people. Rules are stored and configured to define roles or people and define conditions and actions. A certain rule includes presence of a person at an entryway and a person in at a different location than the entryway as a condition. A named person is identified by the computer system comparing identity data to biometric data received for a person at the entryway. The computer system performs a defined action for the certain rule responsive to determining that the certain rule defines a role associated with the identified, named person at the entryway and responsive to detecting by a sensor in the building that a person is present in the building at a different location than the entryway.

Abstract: Embodiments of the present invention disclose a method, computer program product, and system for managing memory bandwidth usage in software containers. Software container properties are received from a software container engine. In response to detecting the execution of one or more software containers by the software container engine, a monitoring layer is generated. At periodic time intervals, the generated monitoring layer monitors a memory bandwidth use value associated with each of the executed software containers. For each periodic time interval, an average memory use value is calculated, associated with each executed software container. In response to the calculated average memory use value being above a threshold associated with a monitored software container of the executed containers, the monitored software container is suspended for a suspend time duration. The suspended monitored software container is reactivated based on the suspend time duration expiring.

Abstract: Aspects provide for a virtual machine structure wherein processors are configured to create an encrypted code virtualization machine for code machine instructions of a retrieved package that has a security field value that indicates secure code, wherein the code machine instructions of the first retrieved package are allocated to encrypted code memory regions of a computer memory resource. Configured processors further create a non-encrypted code virtualization machine in non-encrypted code memory regions of a computer memory resource comprising code machine instructions of another retrieved package that has a security field value that does not indicate secure code; and define a union mixed secure virtual machine image to include (as a function of) the encrypted code virtualization machine and the non-encrypted code virtualization machine.

Abstract: The method includes identifying, by one or more computer processors, a first container with first software stack and a valid multipath configuration, wherein the first software stack is a first path of the valid multipath configuration. The method further includes creating, by one or more computer processors, a second container, wherein the second container has the same rules as the first container. The method further includes creating, by one or more computer processes, a second software stack in the second container, wherein the software stack is a redundant software stack of the first software stack. The method further includes creating, by one or more computer processors, a second path from the first container to the second software stack, wherein the second path bypasses the first software stack.

Abstract: A first set of data may be received indicating that an object of interest has been identified. A second set of data may be received indicating a first location of where the object of interest was identified. The first location may correspond to a geographical area. In response to the receiving of the first set of data and the second set of data, the first location may be associated with a first transceiver base station. In response to the associating, a first list of one or more mobile devices may be obtained that are within an active range of the first transceiver base station.

Abstract: A first set of data may be received indicating that an object of interest has been identified. A second set of data may be received indicating a first location of where the object of interest was identified. The first location may correspond to a geographical area. In response to the receiving of the first set of data and the second set of data, the first location may be associated with a first transceiver base station. In response to the associating, a first list of one or more mobile devices may be obtained that are within an active range of the first transceiver base station.

Abstract: The method includes identifying, by one or more computer processors, a first container with first software stack and a valid multipath configuration, wherein the first software stack is a first path of the valid multipath configuration. The method further includes creating, by one or more computer processors, a second container, wherein the second container has the same rules as the first container. The method further includes creating, by one or more computer processes, a second software stack in the second container, wherein the software stack is a redundant software stack of the first software stack. The method further includes creating, by one or more computer processors, a second path from the first container to the second software stack, wherein the second path bypasses the first software stack.

Abstract: As disclosed herein, a method, executed by a computer, includes comparing a current power consumption profile for a computing task with an historical power consumption profile, receiving a request for a computing resource, granting the request if the historical power consumption profile does not suggest a pending peak in the current power consumption profile or the historical power consumption profile indicates persistent consumption at a higher power level, and denying the request for the computing resource if the historical power consumption profile suggests a pending peak in the current power consumption profile and the historical power consumption profile indicates temporary consumption at the higher power level. Denying the request may include initiating an allocation timeout and subsequently ending the allocation timeout in response to a drop in a power consumption below a selected level. A computer system and computer program product corresponding to the method are also disclosed herein.