Abstract: Modifications to throughput capacity provisioned at a data store for servicing access requests to the data store may be performed according to cache performance metrics. A cache that services access requests to the data store may be monitored to collected and evaluate cache performance metrics. The cache performance metrics may be evaluated with respect to criteria for triggering different throughput modifications. In response to triggering a throughput modification, the throughput capacity for the data store may be modified according to the triggered throughput modification. In some embodiments, the criteria for detecting throughput modifications may be determined and modified based on cache performance metrics.

Abstract: A service receives from a sender service a digital message and a corresponding trace, which includes an ordered set of digital signatures of one or more services that participated in causing the service to receive the digital message. The trace may further specify an ordering of the one or more services, which may be generated according to the order of participation of these one or more services. The service may compare the received trace to recorded message paths to determine whether the ordering specified within the trace is valid. If the ordering is valid, the service may use one or more digital certificates to further verify the digital signatures included within the trace. If the service determines that these digital signatures are also valid, the service may process the message.

Abstract: A client application cryptographically protects application data using an application-layer cryptographic key. The application-layer cryptographic key is derived from cryptographic material provided by a cryptographically protected network connection. The client exchanges the cryptographically protected application data with a service application via the cryptographically protected network connection. The client and service applications acquire matching application-layer cryptographic keys by leveraging shared secrets negotiated as part of establishing the cryptographically protected network connection. The shared secrets may include information that is negotiated as part of establishing a TLS session such as a pre-master secret, master secret, or session key. The application-layer cryptographic keys may be derived in part by applying a key derivation function, a one-way function or a cryptographic hash function to the shared secret information.

Abstract: An automated quality compliance verifier QCV identifies a quality control policy to be implemented for artifacts in a repository. The QCV determines one or more artifact metadata categories, including at least one category indicating an activity status (such as recent or ongoing use) of the artifacts. Metadata entries for at least the activity status category are obtained for a first and a second artifact. Based on an analysis of the metadata entries, the QCV assigns a higher priority to a first policy violation detection operation (PVDO) for the first artifact than to a second PVDO for the second artifact. Based on a result of the first PVDO, the QCV initiates one or more responsive actions.

Abstract: A client application cryptographically protects application data using an application-layer cryptographic key. The application-layer cryptographic key is derived from cryptographic material provided by a cryptographically protected network connection. The client exchanges the cryptographically protected application data with a service application via the cryptographically protected network connection. The client and service applications acquire matching application-layer cryptographic keys by leveraging shared secrets negotiated as part of establishing the cryptographically protected network connection. The shared secrets may include information that is negotiated as part of establishing a TLS session such as a pre-master secret, master secret, or session key. The application-layer cryptographic keys may be derived in part by applying a key derivation function, a one-way function or a cryptographic hash function to the shared secret information.

Abstract: A service receives from a sender service a digital message and a corresponding trace, which includes an ordered set of digital signatures of one or more services that participated in causing the service to receive the digital message. The trace may further specify an ordering of the one or more services, which may be generated according to the order of participation of these one or more services. The service may compare the received trace to recorded message paths to determine whether the ordering specified within the trace is valid. If the ordering is valid, the service may use one or more digital certificates to further verify the digital signatures included within the trace. If the service determines that these digital signatures are also valid, the service may process the message.

Abstract: A service receives from a sender service a digital message and a corresponding trace, which includes an ordered set of digital signatures of one or more services that participated in causing the service to receive the digital message. The trace may further specify an ordering of the one or more services, which may be generated according to the order of participation of these one or more services. The service may compare the received trace to recorded message paths to determine whether the ordering specified within the trace is valid. If the ordering is valid, the service may use one or more digital certificates to further verify the digital signatures included within the trace. If the service determines that these digital signatures are also valid, the service may process the message.