Abstract: Partitioned artificial intelligence (AI) for networked gaming. An exemplary system splits the AI into a computationally lightweight server-side component and a computationally intensive client-side component to harness the aggregate computational power of numerous gaming clients. Aggregating resources of many, even thousands of client machines enhances game realism in a manner that would be prohibitively expensive on the central server. The system is tolerant of latency between server and clients. Deterministic and stateless client-side components enable rapid handoff, preemptive migration, and replication of the client-side AI to address problems of client failure and game exploitation. The partitioned AI can support tactical gaming navigation, a challenging task to offload because of sensitivity to latency. The tactical navigation AI calculates influence fields partitioned into server-side and client-side components by means of a Taylor-series approximation.

Abstract: Software code of a software system (e.g., a software stack) may be verified as conforming to a specification. A high-level language implementation of the software system may be compiled using a compiler to create an assembly language implementation. A high-level specification corresponding to the software system may be translated to a low-level specification. A verifier may verify that the assembly language implementation functionally conforms to properties described in the low-level specification. In this way, the software system (e.g., a complete software system that includes an operating system, device driver(s), a software library, and one or more applications) may be verified at a low level (e.g., assembly language level).

Abstract: A verified software system may be executable on secure hardware. Prior to being executed, the software system may be verified as conforming to a software specification. First credentials attesting to an identity of the software system may be sent to an external application. Second credentials signed by a provider of the secure hardware may be sent to the external application. The second credentials may attest to an identity of the secure hardware. The external application may securely exchange one or more messages with a software application of the software system. For example, the one or more messages may be decryptable only by the external application and the software application to provide confidentiality for each message. As another example, an attestation may vouch for an identity of a sender of each of the one or more messages to attest to an integrity of each message.

Abstract: The subject disclosure relates to systems and methods that secure anti-virus software through virtualization. Anti-virus systems can be maintained separate from user applications and operating system through virtualization. The user applications and operating system run in a guest virtual machine while anti-virus systems are isolated in a secure virtual machine. The virtual machines are partially interdependent such that the anti-virus systems can monitor user applications and operating systems while the anti-virus systems remain free from possible malicious attack originating from a user environment. Further, the anti-virus system is secured against zero-day attacks so that detection and recovery may occur post zero-day.

Abstract: The claimed subject matter provides a method for operating a sleep management service. The method include identifying a set of guardians based on a local state for each of a plurality of compute nodes. The method also includes sending a wake request to all sleeping compute nodes in the identified set. The method further includes sending a request to become a guardian to all compute nodes in the identified set. Additionally, the method includes stopping a current guardian from being a guardian if the current guardian is less suitable than a threshold number of current guardians.

Abstract: A method, system, and one or more computer-readable storage media for detecting sleeping computing devices are provided herein. The method includes querying, via a computing device, a system neighbor table of the computing device to determine whether a target computing device is reachable and, if the target computing device is unreachable, sending a neighbor discovery packet to the target computing device. The method also includes re-querying the system neighbor table to determine whether the target computing device is reachable and, if the target computing device is unreachable, determining whether the target computing device has been determined to be unreachable at least a specified number of times in a row. The method further includes determining that the target computing device is manageable if the target computing device has been determined to be unreachable at least the specified number of times in a row.

Abstract: Techniques for providing fast, non-write-cycle-limited persistent memory within secure containers, while maintaining the security of the secure containers, are described herein. The secure containers may reside within respective computing devices (e.g., desktop computers, laptop computers, etc.) and may include both volatile storage (e.g., Random Access Memory (RAM), etc.) and non-volatile storage (NVRAM, etc.). In addition, the secure containers may couple to auxiliary power supplies that are located externally thereto and that power the secure containers at least temporarily in the event of a power failure. These auxiliary power supplies may be implemented as short-term power sources, such as capacitors, batteries, or any other suitable power supplies.

Abstract: The subject disclosure relates to a method and apparatus for routing data in a network-based computer game via proxy computers. The method and system includes a set of techniques that utilizes the proxy computers to thwart traffic analysis in high-speed games while continuing to satisfy the games' latency requirements. The method and apparatus facilitates thwarting multiple classes of traffic analysis, including inspection of unencrypted header fields, observation of packet size, correlation of packet timing, and collusion among players. A matchmaking system for matching players in a network-based computer game in a manner that resists traffic analysis is also provided.

Abstract: Techniques for enabling client computing devices to leverage remote server pools for increasing the effectiveness of applications stored on the client computing device are described herein. In some instances, the server pools comprise a “cloud”, “cluster” or “data center” that comprises hundreds or thousands of servers connected together by a network that has an extremely low latency and high bandwidth relative to the network through which the client computing device connects to the server pool. The client computing device may request that the server pool perform a certain task for an application whose canonical state resides on the client. After computation of a result of the task, a server of the server pool then provides the result to the client. By doing so, the techniques dramatically increase the amount of resources working on the request of the client and, hence, dramatically increase the speed and effectiveness of the client-side application.

Abstract: The claimed subject matter provides a method for operating a sleep management service. The method include identifying a set of guardians based on a local state for each of a plurality of compute nodes. The method also includes sending a wake request to all sleeping compute nodes in the identified set. The method further includes sending a request to become a guardian to all compute nodes in the identified set. Additionally, the method includes stopping a current guardian from being a guardian if the current guardian is less suitable than a threshold number of current guardians.

Abstract: The subject disclosure relates to systems and methods that secure anti-virus software through virtualization. Anti-virus systems can be maintained separate from user applications and operating system through virtualization. The user applications and operating system run in a guest virtual machine while anti-virus systems are isolated in a secure virtual machine. The virtual machines are partially interdependent such that the anti-virus systems can monitor user applications and operating systems while the anti-virus systems remain free from possible malicious attack originating from a user environment. Further, the anti-virus system is secured against zero-day attacks so that detection and recovery may occur post zero-day.

Abstract: Partitioned artificial intelligence (AI) for networked gaming. An exemplary system splits the AI into a computationally lightweight server-side component and a computationally intensive client-side component to harness the aggregate computational power of numerous gaming clients. Aggregating resources of many, even thousands of client machines enhances game realism in a manner that would be prohibitively expensive on the central server. The system is tolerant of latency between server and clients. Deterministic and stateless client-side components enable rapid handoff, preemptive migration, and replication of the client-side AI to address problems of client failure and game exploitation. The partitioned AI can support tactical gaming navigation, a challenging task to offload because of sensitivity to latency. The tactical navigation AI calculates influence fields partitioned into server-side and client-side components by means of a Taylor-series approximation.

Abstract: Techniques for employing a decentralized sleep management service are described herein. In some instances, each computing device of a group of computing devices periodically shares information about itself with each other computing device of the group. With this information, each computing device within the group that is awake and capable of managing other devices selects a subset of devices to probe. The devices then probe this subset to determine whether the probed devices are asleep. In response to identifying a sleeping device, the probing device takes over management of the sleeping device. Managing the sleeping device involves informing other devices of the group that the sleeping device is being managed, in addition to monitoring requests for services on the sleeping device. In response to receiving a valid request for a service hosted by the sleeping device, the managing device awakens the sleeping device and ceases managing the now-woken device.

Abstract: Systems and methods that improve predictions of network latency in network coordinate systems (NCS) based on combining Internet topology information therewith. Topology information can be incorporated into the NCS by system/methodologies represented by geographic bootstrapping; autonomous system (AS) correction; history prioritization; symmetric updates or a combination thereof. Such can improve latency estimation between nodes when using a virtual coordinate system based on latency measurements between nodes.

Abstract: Techniques for providing fast, non-write-cycle-limited persistent memory within secure containers, while maintaining the security of the secure containers, are described herein. The secure containers may reside within respective computing devices (e.g., desktop computers, laptop computers, etc.) and may include both volatile storage (e.g., Random Access Memory (RAM), etc.) and non-volatile storage (NVRAM, etc.). In addition, the secure containers may couple to auxiliary power supplies that are located externally thereto and that power the secure containers at least temporarily in the event of a power failure. These auxiliary power supplies may be implemented as short-term power sources, such as capacitors, batteries, or any other suitable power supplies.

Abstract: Partitioned artificial intelligence (AI) for networked gaming. An exemplary system splits the AI into a computationally lightweight server-side component and a computationally intensive client-side component to harness the aggregate computational power of numerous gaming clients. Aggregating resources of many, even thousands of client machines enhances game realism in a manner that would be prohibitively expensive on the central server. The system is tolerant of latency between server and clients. Deterministic and stateless client-side components enable rapid handoff, preemptive migration, and replication of the client-side AI to address problems of client failure and game exploitation. The partitioned AI can support tactical gaming navigation, a challenging task to offload because of sensitivity to latency. The tactical navigation AI calculates influence fields partitioned into server-side and client-side components by means of a Taylor-series approximation.

Abstract: A speculative web browser engine may enable providing transmission of content between a server and a client prior to a user-initiated request for the content hidden in imperative code (event handlers), which may reduce user-perceived latency when the user initiates the imperative code. In some aspects, a speculative browser state may be created from an actual browser state and used to run the event handlers. The event handlers may be modified to direct actions of the event handler to update the speculative browser state. Speculative content may be transmitted between the server and the client in response to an execution of the modified code. The speculative content may be stored in a cache and made readily available for use when the user initiates the event handler and finds that the desired content has already been fetched.

Abstract: A replicated state machine with N replica servers may be configured to tolerate a count of F faults. A first operation (of a first ordering type) executes when a first quorum of correctly functioning replicas is available. A second operation (also of the first operation type) executes when a second quorum of correctly functioning replicas is available. A third operation (of a second ordering type) executes when a third quorum of correctly functioning replicas are available. The operations are executed by the replicated state machine such that: (1) the replicated state machine does not guarantee operational ordering between the first operation and the second operation; (2) the replicated state machine guarantees ordering between the first operation and the third operation; and (3) the replicated state machine guarantees ordering between the second operation and the third operation.

Abstract: A replicated state machine with N replica servers may be configured to tolerate a count of F faults. A first operation (of a first ordering type) executes when a first quorum of correctly functioning replicas is available. A second operation (also of the first operation type) executes when a second quorum of correctly functioning replicas is available. A third operation (of a second ordering type) executes when a third quorum of correctly functioning replicas are available. The operations are executed by the replicated state machine such that: (1) the replicated state machine does not guarantee operational ordering between the first operation and the second operation; (2) the replicated state machine guarantees ordering between the first operation and the third operation; and (3) the replicated state machine guarantees ordering between the second operation and the third operation.

Abstract: Techniques are described to mitigate ad stalking and other user concerns resulting from user-targeted advertising. A user may be informed of advertising information by a process in which an advertising server receives a request for an ad. The request may have been generated in response to a user request for a landing web page. An ad may be selected based on user information available to the advertising server, where the user information is associated with the user and describes behavior and/or attributes and/or preferences associated with the user. Text about how the ad was selected may be incorporated into the ad. Such text may describe the user information used to select the ad. The selection-disclosing text may be incorporated in the ad in a form that is displayable to the user by a browser. The ad may then be transmitted for display in the landing web page.