Abstract: A method for building, optimizing, and maintaining a computing infrastructure on a cloud computing environment is provided. A user provides a high-level declaration to a cloud environment operating system, specifying the details of the infrastructure that is intended to be built on the cloud. A cloud environment operating system converts the high level declaration to a lower level declaration and then to a series of instructions that can be executed by the cloud to build the desired infrastructure. The cloud environment operating system can also continuously monitor the infrastructure once it is built on the cloud. If the cloud environment operating system notices any discrepancies between the user's original specification and the infrastructure as built on the cloud, the operating system can work to modify the existing infrastructure on the cloud to conform to the infrastructure specified by a user.

Abstract: Approaches for combining different information to be transmitted into different slices of a data packet and/or encrypting the slices using different cryptographic schemes for secure transmission of the information are disclosed. In some implementations, first information and second information may be received. A first data slice representing a portion of the first information may be generated based on a first cryptographic scheme. A second data slice representing a portion of the second information may be generated based on a second cryptographic scheme different than the first cryptographic scheme. A first header may be generated such that the first header may specify the first cryptographic scheme for the first data slice and the second cryptographic scheme for the second data slice. A first data packet may be generated such that the first data packet may include the first header, the first data slice, and the second data slice.

Abstract: A method for building, optimizing, and maintaining a computing infrastructure on a cloud computing environment is provided. A user provides a high-level declaration to a cloud environment operating system, specifying the details of the infrastructure that is intended to be built on the cloud. A cloud environment operating system converts the high level declaration to a lower level declaration and then to a series of instructions that can be executed by the cloud to build the desired infrastructure. The cloud environment operating system can also continuously monitor the infrastructure once it is built on the cloud. If the cloud environment operating system notices any discrepancies between the user's original specification and the infrastructure as built on the cloud, the operating system can work to modify the existing infrastructure on the cloud to conform to the infrastructure specified by a user.

Abstract: A system and method is provided for generating and using purchase strategies based on the price, performance, and/or other information related to cloud services to optimize the selection of such services. The purchase strategies may comprehensively describe various cloud services in real-time so that customers may purchase cloud services using up-to-date, real-time information. The purchase strategies may, for example, describe pricing, performance, availability, and/or other attributes of various cloud services. A purchase agent may use the purchase strategies, one or more purchase rules, and/or other information to generate a purchase specification that specifies one or more cloud service instances that should be purchased. The purchase agent may leverage unique properties of spot instances to make favorable purchase decisions. For example, the system may determine bid prices that should be made to obtain certain spot instances.

Abstract: Approaches for limiting exploitable or potentially exploitable sub-components in software components are disclosed. In certain implementations, a first software component in the component creation environment may be identified. The first software component may include a first sub-component that provides a function that is exploitable or potentially exploitable to compromise the first software component. The first sub-component may be disabled such that the function provided by the first sub-component is not available via the first software component when the first software component is executed. The first software component may be placed in the component repository after the first sub-component is disabled such that the first software component is placed in the component repository without availability of the function provided by the first sub-component. In some implementations, disabling the first sub-component may comprise removing the first sub-component from the first software component.

Abstract: Approaches for replacing software components executing in a runtime environment with corresponding known-good software components are disclosed. In some implementations, at least a first event indicating that at least a first software component executing in the runtime environment should be replaced may be determined. The first event may be determined without respect to whether the first software component has been compromised or potentially compromised. At least a second software component corresponding to the first software component may be obtained from a component repository that is separate from the runtime environment. The first software component may be replaced with the second software component based on the first event such that the second software component is available for use in the runtime environment after the first event and the first software component is no longer available for use in the runtime environment after the first event.

Abstract: A system and method is provided for generating and using purchase strategies based on the price, performance, and/or other information related to cloud services to optimize the selection of such services. The purchase strategies may comprehensively describe various cloud services in real-time so that customers may purchase cloud services using up-to-date, real-time information. The purchase strategies may, for example, describe pricing, performance, availability, and/or other attributes of various cloud services. A purchase agent may use the purchase strategies, one or more purchase rules, and/or other information to generate a purchase specification that specifies one or more cloud service instances that should be purchased. The purchase agent may leverage unique properties of spot instances to make favorable purchase decisions. For example, the system may determine bid prices that should be made to obtain certain spot instances.

Abstract: Approaches for combining different information to be transmitted into different slices of a data packet and/or encrypting the slices using different cryptographic schemes for secure transmission of the information are disclosed. In some implementations, first information and second information may be received. A first data slice representing a portion of the first information may be generated based on a first cryptographic scheme. A second data slice representing a portion of the second information may be generated based on a second cryptographic scheme different than the first cryptographic scheme. A first header may be generated such that the first header may specify the first cryptographic scheme for the first data slice and the second cryptographic scheme for the second data slice. A first data packet may be generated such that the first data packet may include the first header, the first data slice, and the second data slice.

Abstract: Approaches for limiting exploitable or potentially exploitable sub-components in software components are disclosed. In certain implementations, a first software component in the component creation environment may be identified. The first software component may include a first sub-component that provides a function that is exploitable or potentially exploitable to compromise the first software component. The first sub-component may be disabled such that the function provided by the first sub-component is not available via the first software component when the first software component is executed. The first software component may be placed in the component repository after the first sub-component is disabled such that the first software component is placed in the component repository without availability of the function provided by the first sub-component. In some implementations, disabling the first sub-component may comprise removing the first sub-component from the first software component.

Abstract: Approaches for replacing software components executing in a runtime environment with corresponding known-good software components are disclosed. In some implementations, at least a first event indicating that at least a first software component executing in the runtime environment should be replaced may be determined. The first event may be determined without respect to whether the first software component has been compromised or potentially compromised. At least a second software component corresponding to the first software component may be obtained from a component repository that is separate from the runtime environment. The first software component may be replaced with the second software component based on the first event such that the second software component is available for use in the runtime environment after the first event and the first software component is no longer available for use in the runtime environment after the first event.

Abstract: Approaches for combining different information to be transmitted into different slices of a data packet and/or encrypting the slices using different cryptographic schemes for secure transmission of the information are disclosed. In some implementations, first information and second information may be received. A first data slice representing a portion of the first information may be generated based on a first cryptographic scheme. A second data slice representing a portion of the second information may be generated based on a second cryptographic scheme different than the first cryptographic scheme. A first header may be generated such that the first header may specify the first cryptographic scheme for the first data slice and the second cryptographic scheme for the second data slice. A first data packet may be generated such that the first data packet may include the first header, the first data slice, and the second data slice.

Abstract: Approaches for replacing software components executing in a runtime environment with corresponding known-good software components are disclosed. In some implementations, at least a first event indicating that at least a first software component executing in the runtime environment should be replaced may be determined. The first event may be determined without respect to whether the first software component has been compromised or potentially compromised. At least a second software component corresponding to the first software component may be obtained from a component repository that is separate from the runtime environment. The first software component may be replaced with the second software component based on the first event such that the second software component is available for use in the runtime environment after the first event and the first software component is no longer available for use in the runtime environment after the first event.

Abstract: Approaches for limiting exploitable or potentially exploitable sub-components in software components are disclosed. In certain implementations, a first software component in the component creation environment may be identified. The first software component may include a first sub-component that provides a function that is exploitable or potentially exploitable to compromise the first software component. The first sub-component may be disabled such that the function provided by the first sub-component is not available via the first software component when the first software component is executed. The first software component may be placed in the component repository after the first sub-component is disabled such that the first software component is placed in the component repository without availability of the function provided by the first sub-component. In some implementations, disabling the first sub-component may comprise removing the first sub-component from the first software component.

Abstract: Approaches for limiting exploitable or potentially exploitable sub-components in software components are disclosed. In certain implementations, a first software component in the component creation environment may be identified. The first software component may include a first sub-component that provides a function that is exploitable or potentially exploitable to compromise the first software component. The first sub-component may be disabled such that the function provided by the first sub-component is not available via the first software component when the first software component is executed. The first software component may be placed in the component repository after the first sub-component is disabled such that the first software component is placed in the component repository without availability of the function provided by the first sub-component. In some implementations, disabling the first sub-component may comprise removing the first sub-component from the first software component.

Abstract: Approaches for combining different information to be transmitted into different slices of a data packet and/or encrypting the slices using different cryptographic schemes for secure transmission of the information are disclosed. In some implementations, first information and second information may be received. A first data slice representing a portion of the first information may be generated based on a first cryptographic scheme. A second data slice representing a portion of the second information may be generated based on a second cryptographic scheme different than the first cryptographic scheme. A first header may be generated such that the first header may specify the first cryptographic scheme for the first data slice and the second cryptographic scheme for the second data slice. A first data packet may be generated such that the first data packet may include the first header, the first data slice, and the second data slice.

Abstract: Approaches for limiting exploitable or potentially exploitable sub-components in software components are disclosed. In certain implementations, a first software component in the component creation environment may be identified. The first software component may include a first sub-component that provides a function that is exploitable or potentially exploitable to compromise the first software component. The first sub-component may be disabled such that the function provided by the first sub-component is not available via the first software component when the first software component is executed. The first software component may be placed in the component repository after the first sub-component is disabled such that the first software component is placed in the component repository without availability of the function provided by the first sub-component. In some implementations, disabling the first sub-component may comprise removing the first sub-component from the first software component.

Abstract: Approaches for combining different information to be transmitted into different slices of a data packet and/or encrypting the slices using different cryptographic schemes for secure transmission of the information are disclosed. In some implementations, first information and second information may be received. A first data slice representing a portion of the first information may be generated based on a first cryptographic scheme. A second data slice representing a portion of the second information may be generated based on a second cryptographic scheme different than the first cryptographic scheme. A first header may be generated such that the first header may specify the first cryptographic scheme for the first data slice and the second cryptographic scheme for the second data slice. A first data packet may be generated such that the first data packet may include the first header, the first data slice, and the second data slice.

Abstract: Approaches for limiting exploitable or potentially exploitable sub-components in software components are disclosed. In certain implementations, a first software component in the component creation environment may be identified. The first software component may include a first sub-component that provides a function that is exploitable or potentially exploitable to compromise the first software component. The first sub-component may be disabled such that the function provided by the first sub-component is not available via the first software component when the first software component is executed. The first software component may be placed in the component repository after the first sub-component is disabled such that the first software component is placed in the component repository without availability of the function provided by the first sub-component. In some implementations, disabling the first sub-component may comprise removing the first sub-component from the first software component.

Abstract: Approaches for combining different information to be transmitted into different slices of a data packet and/or encrypting the slices using different cryptographic schemes for secure transmission of the information are disclosed. In some implementations, first information and second information may be received. A first data slice representing a portion of the first information may be generated based on a first cryptographic scheme. A second data slice representing a portion of the second information may be generated based on a second cryptographic scheme different than the first cryptographic scheme. A first header may be generated such that the first header may specify the first cryptographic scheme for the first data slice and the second cryptographic scheme for the second data slice. A first data packet may be generated such that the first data packet may include the first header, the first data slice, and the second data slice.

Abstract: Approaches for replacing software components executing in a runtime environment with corresponding known-good software components are disclosed. In some implementations, at least a first event indicating that at least a first software component executing in the runtime environment should be replaced may be determined. The first event may be determined without respect to whether the first software component has been compromised or potentially compromised. At least a second software component corresponding to the first software component may be obtained from a component repository that is separate from the runtime environment. The first software component may be replaced with the second software component based on the first event such that the second software component is available for use in the runtime environment after the first event and the first software component is no longer available for use in the runtime environment after the first event.