Patents by Inventor Mikko Ylinen
Mikko Ylinen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11741234Abstract: Technologies for fast launch of trusted containers include a computing device having a trusted platform module (TPM). The computing device measures a container runtime with the TPM and executes the container runtime in response to the measurement. The computing device establishes a trust relationship between the TPM and a virtual platform credential, provisions the virtual platform credential to a virtual TPM, and executes a guest environment in response to provisioning the virtual platform credential. The computing device measures a containerized application with the virtual TPM and executes the containerized application in response to the measurement. The computing device may perform a trusted computing operation in the guest environment with the virtual TPM. The virtual TPM and the containerized application may be protected with multi-key total memory encryption (MKTME) support of the computing device. State of the virtual TPM may be encrypted and persisted. Other embodiments are described and claimed.Type: GrantFiled: May 17, 2021Date of Patent: August 29, 2023Assignee: Intel CorporationInventors: Ned Smith, Samuel Ortiz, Manohar Castelino, Mikko Ylinen
-
Publication number: 20230266957Abstract: Operations are described for executing application images in a trusted execution environment (TEE). These operations can include retrieving a user application image and generating a bundle for the application image by mounting an overlay onto the application image. The overlay can include library functionality for operating in the TEE. The operations can further include providing the bundle for execution in the TEE.Type: ApplicationFiled: April 25, 2023Publication date: August 24, 2023Inventors: Jie Ren, Mikko Ylinen, Liang Yang, Liang Fang, Malini Bhandaru, Ziye Yang, Hairong Chen
-
Publication number: 20220124009Abstract: Various systems and methods for implementing intent-based orchestration in heterogenous compute platforms are described herein. An orchestration system is configured to: receive, at the orchestration system, a workload request for a workload, the workload request including an intent-based service level objective (SLO); generate rules for resource allocation based on the workload request; generate a deployment plan using the rules for resource allocation and the intent-based SLO; deploy the workload using the deployment plan; monitor performance of the workload using real-time telemetry; and modify the rules for resource allocation and the deployment plan based on the real-time telemetry.Type: ApplicationFiled: December 23, 2021Publication date: April 21, 2022Inventors: Thijs Metsch, Susanne M. Balle, Patrick Koeberl, Bin Li, Mark Yarvis, Adrian Hoban, Kshitij Arun Doshi, Francesc Guim Bernat, Cesar Martinez-Spessot, Mats Gustav Agerstam, Dario Nicolas Oliver, Marcos E. Carranza, John J. Browne, Mikko Ylinen, David Cremins
-
Publication number: 20220121455Abstract: Various systems and methods for implementing intent-based cluster administration are described herein. An orchestrator system includes: a processor; and memory to store instructions, which when executed by the processor, cause the orchestrator system to: receive, at the orchestrator system, an administrative intent-based service level objective (SLO) for an infrastructure configuration of an infrastructure; map the administrative intent-based SLO to a set of imperative policies; deploy the set of imperative policies to the infrastructure; monitor performance of the infrastructure; detect non-compliance with the set of imperative policies; and modify the administrative intent-based SLO to generate a revised set of imperative policies that cause the performance of the infrastructure to be compliant with the revised set of imperative policies.Type: ApplicationFiled: December 23, 2021Publication date: April 21, 2022Inventors: Adrian Hoban, Thijs Metsch, Francesc Guim Bernat, John J. Browne, Kshitij Arun Doshi, Mark Yarvis, Bin Li, Susanne M. Balle, Benjamin Walker, David Cremins, Mats Gustav Agerstam, Marcos E. Carranza, MIkko Ylinen, Dario Nicolas Oliver, John Mangan
-
Publication number: 20220100566Abstract: An apparatus to facilitate metrics-based scheduling for hardware accelerator resources in a service mesh environment is disclosed. The apparatus includes processors to collect metrics corresponding to communication links between microservices of a service managed by a service mesh; determine, based on analysis of the metrics, that a workload of the service can be accelerated by offload to a hardware accelerator device; generate a rebalancing request to cause the workload to be assigned to the hardware accelerator device for execution of the service; cause the workload to be annotated to indicate execution by the hardware accelerator device; and deploy, based on the annotation, the workload to the hardware accelerator device for execution in accordance with a restart policy corresponding to the service.Type: ApplicationFiled: December 10, 2021Publication date: March 31, 2022Applicant: Intel CorporationInventors: Mikko Ylinen, Ismo Puustinen
-
Publication number: 20220083383Abstract: Resource access control modules that are part of an operating system kernel and data structures visible in both user space and kernel space provide for user space-based configuration of computing system resource limits, accounting of resource usage, and enforcement of resource usage limits. Computing system resource limits can be set on an application, customer, or other basis, and usage limits can be placed on various system resources, such as files, ports, I/O devices, memory, and processing unit bandwidth. Resource usage accounting and resource limit enforcement can be implemented without the use of in-kernel control groups. The resource access control modules can be extended Berkeley Program Format (eBPF) Linux Security Module (LSM) programs linked to LSM hooks in the Linux operation system kernel.Type: ApplicationFiled: November 11, 2021Publication date: March 17, 2022Applicant: Intel CorporationInventor: Mikko Ylinen
-
Publication number: 20220012095Abstract: An apparatus to facilitate metrics and security-based accelerator service rescheduling and auto-scaling using a programmable network device is disclosed. The apparatus includes processors to collect metrics corresponding to communication links between microservices of a service managed by a service mesh; determine, based on analysis of the metrics, that a workload of the service can be accelerated by offload to a hardware accelerator device; generate a scaling request to cause the hardware accelerator device to be allocated to a cluster of hardware devices configured for the service; cause the scaling request to be transmitted to a programmable network device managing the hardware accelerator device, the programmable network device to allocate the hardware accelerator device to the cluster and to register the hardware accelerator device with the service mesh; and schedule the workload of the service to the hardware accelerator device.Type: ApplicationFiled: September 22, 2021Publication date: January 13, 2022Applicant: Intel CorporationInventors: Mikko Ylinen, Ismo Puustinen, Reshma Lal, Soham Jayesh Desai
-
Publication number: 20210390186Abstract: Technologies for fast launch of trusted containers include a computing device having a trusted platform module (TPM). The computing device measures a container runtime with the TPM and executes the container runtime in response to the measurement. The computing device establishes a trust relationship between the TPM and a virtual platform credential, provisions the virtual platform credential to a virtual TPM, and executes a guest environment in response to provisioning the virtual platform credential. The computing device measures a containerized application with the virtual TPM and executes the containerized application in response to the measurement. The computing device may perform a trusted computing operation in the guest environment with the virtual TPM. The virtual TPM and the containerized application may be protected with multi-key total memory encryption (MKTME) support of the computing device. State of the virtual TPM may be encrypted and persisted. Other embodiments are described and claimed.Type: ApplicationFiled: May 17, 2021Publication date: December 16, 2021Inventors: Ned Smith, Samuel Ortiz, Manohar Castelino, Mikko Ylinen
-
Patent number: 11017092Abstract: Technologies for fast launch of trusted containers include a computing device having a trusted platform module (TPM). The computing device measures a container runtime with the TPM and executes the container runtime in response to the measurement. The computing device establishes a trust relationship between the TPM and a virtual platform credential, provisions the virtual platform credential to a virtual TPM, and executes a guest environment in response to provisioning the virtual platform credential. The computing device measures a containerized application with the virtual TPM and executes the containerized application in response to the measurement. The computing device may perform a trusted computing operation in the guest environment with the virtual TPM. The virtual TPM and the containerized application may be protected with multi-key total memory encryption (MKTME) support of the computing device. State of the virtual TPM may be encrypted and persisted. Other embodiments are described and claimed.Type: GrantFiled: September 27, 2018Date of Patent: May 25, 2021Assignee: Intel CorporationInventors: Ned Smith, Samuel Ortiz, Manohar Castelino, Mikko Ylinen
-
Publication number: 20190042759Abstract: Technologies for fast launch of trusted containers include a computing device having a trusted platform module (TPM). The computing device measures a container runtime with the TPM and executes the container runtime in response to the measurement. The computing device establishes a trust relationship between the TPM and a virtual platform credential, provisions the virtual platform credential to a virtual TPM, and executes a guest environment in response to provisioning the virtual platform credential. The computing device measures a containerized application with the virtual TPM and executes the containerized application in response to the measurement. The computing device may perform a trusted computing operation in the guest environment with the virtual TPM. The virtual TPM and the containerized application may be protected with multi-key total memory encryption (MKTME) support of the computing device. State of the virtual TPM may be encrypted and persisted. Other embodiments are described and claimed.Type: ApplicationFiled: September 27, 2018Publication date: February 7, 2019Inventors: Ned Smith, Samuel Ortiz, Manohar Castelino, Mikko Ylinen