Abstract: In one embodiment, a service enabled network (SEN) controller receives, from a control plane of a network service device, service instructions for corresponding network services. The SEN controller may then distribute the service instructions for the network services to appropriate network access devices within the computer network, such that each of the network access devices may correspondingly implement the network services at their respective data planes, thus providing a distributed implementation of the network service within the computer network.

Abstract: A method for network storage by receiving, by a storage compiler, a first storage definition from a storage application developer, where the first storage definition describes a customized storage implementation for storing data in an abstraction of at least one physical storage device, compiling the first storage definition to generate a first customized storage implementation module, and loading the first customized storage implementation module into an IO engine. The first customized storage implementation module causes data to be stored in the at least one physical storage device differently than prior to loading the first customized storage implementation module in the IO engine.

Abstract: The method includes receiving, by a data plane definition language compiler, a first data plane definition describing customized functionality of a data plane of a first network application, and compiling the data plane definition to generate a first set of customized data processing modules and a program interface that allows a control plane of the network application to access the first set of customized data processing modules. The method also includes loading the first set of customized data processing modules into a data plane container, wherein the network application is executed via a network operating system, and wherein, upon execution of the network application the customized data processing module causes the data plane container of the network application to process packets differently than prior to loading the customized data processing module in the data plane container.

Abstract: A method includes joining a vehicular access network (VAN) comprising cooperative communication between a plurality of on-board units (OBU) in respective vehicles, scanning the VAN to pick up a coverage of at least one infrastructure access point (IAP), which operates on a control channel in a radio access tree (RAT) comprising a plurality of cells, listening to a channel allocation information from the IAP that includes a request for a mobile cell gateway (MCG) at a nominal location in the RAT, and sending a candidacy message to the at least one IAP to become an MCG. Certain embodiments include establishing the VAN in a highway, and in urban areas, aggregating traffic in a cell and transmitting to the IAP via the MCG, and other features.

Abstract: A method and apparatus is disclosed herein for use of a connectivity manager and a network infrastructure including the same. In one embodiment, the network infrastructure comprises one or more physical devices communicably coupled into a physical network infrastructure or via the overlay provided by the physical servers; and a virtual network domain containing a virtual network infrastructure executing on the physical network infrastructure. In one embodiment, the virtual network domain comprises one or more virtual network functions connected together through one or more links and executing on the one or more physical devices, and one or more interfaces coupled to one or more network functions via one or more links to communicate data between the virtual network domain and at least one of the one or more physical devices of the physical network infrastructure while the virtual network domain is isolated from other virtual infrastructures executing on the physical network infrastructure.

Abstract: In accordance with one embodiment, a system and method are provided for translation services to facilitate interoperation between mobility schemes. In other embodiments, the system and method may provide transport and network services for legacy applications, and adaptive coding for message, packet, link and physical layers.

Abstract: A method includes selecting a path for routing a data packet from a source node to a destination node in a vehicular ad hoc network, storing the data packet if the selected path is identified as a dead end, and establishing a communication link with a first node. The method also includes forwarding the data packet to the first node if a first distance between the first node and the destination node is less than a second distance between the source node and the destination node. More specific embodiments include sending a query for location information of the destination node, receiving the location information including two or more available paths from the source node to the destination node, and determining the path for routing the data packet is an optimal path of the two or more available paths.

Abstract: A method for monitoring network conditions by receiving a first condition definition describing a first network condition to be monitored in a network and an activation definition, determining a network topology of the network, and compiling the first condition definition to generate a first data plane component, a first control plane component, and an activation component. The method also includes deploying the first data plane component into a data plane of the network, where the data plane component captures and synthesizes a first stream of network events to generate a first modified stream of network events. The method also includes deploying the control plane component into a network operating system for the network. The control plane component receives and correlates the first modified stream of network events. The method also includes deploying an activation component that, upon receiving the correlated stream of events, initiates the activation definition.

Abstract: Techniques for memory compartmentalization for trusted execution of a virtual machine (VM) on a multi-core processing architecture are described. Memory compartmentalization may be achieved by encrypting layer 3 (L3) cache lines using a key under the control of a given VM within the trust boundaries of the processing core on which that VMs is executed. Further, embodiments described herein provide an efficient method for storing and processing encryption related metadata associated with each encrypt/decrypt operation performed for the L3 cache lines.

Abstract: A method in one embodiment includes intercepting a message in an on-board unit (OBU) of a vehicular network environment between a source and a receiver in the vehicular network environment, verifying the message is sent from the source, verifying the message is not altered, evaluating a set of source flow control policies associated with the source, and blocking the message if the set of source flow control policies indicate the message is not permitted. In specific embodiments, the message is not permitted if a level of access assigned to the source in the set of source flow control policies does not match a level of access tagged on the message. In further embodiments, the method includes evaluating a set of receiver flow control policies associated with the receiver, and blocking the message if the set of receiver flow control policies indicates the message is not permitted.

Abstract: A method in one example embodiment includes receiving a set of data in real time from a plurality of machine devices associated with at least one vehicle, providing a set of reference data corresponding to a machine device of the plurality of machine devices, comparing the set of data with the set of reference data, and detecting a deviation within the set of data from the set of reference data. The method further includes initiating an operation associated with the deviation. The set of reference data could be a trend of previous data received from the machine device or a common trend based on a previous set of data of the machine device. More specific embodiments include receiving a plurality of data containing the set of data from the plurality of machine devices and identifying a state of the machine device using the set of data.

Abstract: A method for network storage by receiving, by a storage compiler, a first storage definition from a storage application developer, where the first storage definition describes a customized storage implementation for storing data in an abstraction of at least one physical storage device, compiling the first storage definition to generate a first customized storage implementation module, and loading the first customized storage implementation module into an IO engine. The first customized storage implementation module causes data to be stored in the at least one physical storage device differently than prior to loading the first customized storage implementation module in the IO engine.

Abstract: Techniques are described for securely booting and executing a virtual machine (VM) image in an untrusted cloud infrastructure. A multi-core processor may be configured with additional hardware components—referred to as a trust anchor. The trust anchor may be provisioned with a private/public key pair, which allows the multi-core CPU to authenticate itself as being able to securely boot and execute a virtual machine (VM) image in an untrusted cloud infrastructure.

Abstract: The method includes receiving, by a data plane definition language compiler, a first data plane definition describing customized functionality of a data plane of a first network application, and compiling the data plane definition to generate a first set of customized data processing modules and a program interface that allows a control plane of the network application to access the first set of customized data processing modules. The method also includes loading the first set of customized data processing modules into a data plane container, wherein the network application is executed via a network operating system, and wherein, upon execution of the network application the customized data processing module causes the data plane container of the network application to process packets differently than prior to loading the customized data processing module in the data plane container.

Abstract: The present disclosure presents a method and apparatus configured to provide for the trusted execution of virtual machines (VMs) on a virtualization server, e.g., for executing VMs on a virtualization server provided within Infrastructure as a Service (IaaS) cloud environment. A physical multi-core CPU may be configured with a hardware trust anchor. The trust anchor itself may be configured to manage session keys used to encrypt/decrypt instructions and data when a VM (or hypervisor) is executed on one of the CPU cores. When a context switch occurs due to an exception, the trust anchor swaps the session key used to encrypt/decrypt the contents of memory and cache allocated to a VM (or hypervisor).

Abstract: A method and a computer-readable storage medium are disclosed for flexible network measurement. Embodiments disclose receiving a network measurement request, transmitting portions of the request to network devices, configuring the network devices to collect metrics from packet data based on the portions of the request, and performing operations to generate metrics as a response to the network measurement request. Embodiments also disclose a flexible, dynamically configurable packet parser. Other embodiments are also disclosed.

Abstract: A method includes joining a vehicular access network (VAN) comprising cooperative communication between a plurality of on-board units (OBU) in respective vehicles, scanning the VAN to pick up a coverage of at least one infrastructure access point (IAP), which operates on a control channel in a radio access tree (RAT) comprising a plurality of cells, listening to a channel allocation information from the IAP that includes a request for a mobile cell gateway (MCG) at a nominal location in the RAT, and sending a candidacy message to the at least one IAP to become an MCG. Certain embodiments include establishing the VAN in a highway, and in urban areas, aggregating traffic in a cell and transmitting to the IAP via the MCG, and other features.

Abstract: A method includes joining a vehicular access network (VAN) comprising cooperative communication between a plurality of on-board units (OBU) in respective vehicles, scanning the VAN to pick up a coverage of at least one infrastructure access point (IAP), which operates on a control channel in a radio access tree (RAT) comprising a plurality of cells, listening to a channel allocation information from the IAP that includes a request for a mobile cell gateway (MCG) at a nominal location in the RAT, and sending a candidacy message to the at least one IAP to become an MCG. Certain embodiments include establishing the VAN in a highway, and in urban areas, aggregating traffic in a cell and transmitting to the IAP via the MCG, and other features.

Abstract: In one embodiment, a method includes obtaining a request for data, determining if the data is present in a physical memory, and obtaining the data from a non-volatile random access memory if it is determined that the data is not present in the physical memory. The request is obtained by an overall system that includes the physical memory and the non-volatile random access memory, and the overall system is configured to push information from the physical memory to the non-volatile random access memory.

Abstract: Techniques are described for securely booting and executing a virtual machine (VM) image in an untrusted cloud infrastructure. A multi-core processor may be configured with additional hardware components—referred to as a trust anchor. The trust anchor may be provisioned with a private/public key pair, which allows the multi-core CPU to authenticate itself as being able to securely boot and execute a virtual machine (VM) image in an untrusted cloud infrastructure.