Abstract: A remote procedure call chain is provided that replaces multiple consecutive remote procedure calls to multiple servers from a client by allowing a client to specify multiple functions to be performed consecutively at multiple servers in a single remote procedure call chain. The remote procedure call chain is executed by a sequence of multiple servers. Each server executes a service function and a chaining function of the remote procedure call chain. The chaining function uses the state of the remote procedure call chain in the sequence of servers to determine the next server to receive the remote procedure call chain, and the service function to be executed by that server. After the last service function is performed, the last server in the sequence of servers sends the results of the executed service functions to the client that originated the remote procedure call chain.

Abstract: In a cloud computing environment, a cache and a memory are partitioned into “colors”. The colors of the cache and the memory are allocated to virtual machines independently of one another. In order to provide cache isolation while allocating the memory and cache in different proportions, some of the colors of the memory are allocated to a virtual machine, but the virtual machine is not permitted to directly access these colors. Instead, when a request is received from the virtual machine for a memory page in one of the non-accessible colors, a hypervisor swaps the requested memory page with a memory page with a color that the virtual machine is permitted to access. The virtual machine is then permitted to access the requested memory page at the new color location.

Abstract: A cryptographically-secure component provides access-undeniability and verifiable revocation for clients with respect to downloaded content items from a server. A cryptographically-secure component is implemented in a client. When the client wants to purchase and download a content item from the server, the server requests an encryption key from the client. The client generates an encryption key that is bound to a state of the client that is associated with decrypting the content item. The server encrypts the content item using the encryption key and sends the encrypted content item to the client. Because the encryption key used to encrypt the content item is bound to the state associated with the client decrypting the content item, if the client desires to view the content item the client may first advance its state to the bound state to retrieve the decryption key.

Abstract: An application programming interface is provided that allows applications to assign multiple service-level agreements to their data transactions. The service-level agreements include latency bounds and consistency guarantees. The applications may assign utility values to each of the service-level agreements. A monitor component monitors the various replica nodes in a cloud storage system for latency and consistency, and when a transaction is received from an application, the monitor determines which of the replica nodes can likely fulfill the transaction in satisfaction of any of the service-level agreements. Where multiple service-level agreements can be satisfied, the replica node that can fulfill the transaction according to the service-level agreement with the greatest utility is selected. The application may be charged for the transaction based on the utility of the service-level agreement that was satisfied.

Abstract: A cryptographically-secure component provides access-undeniability and verifiable revocation for clients with respect to downloaded content items from a server. A cryptographically-secure component is implemented in a client. When the client wants to purchase and download a content item from the server, the server requests an encryption key from the client. The client generates an encryption key that is bound to a state of the client that is associated with decrypting the content item. The server encrypts the content item using the encryption key and sends the encrypted content item to the client. Because the encryption key used to encrypt the content item is bound to the state associated with the client decrypting the content item, if the client desires to view the content item the client may first advance its state to the bound state to retrieve the decryption key.

Abstract: An application programming interface is provided that allows applications to assign multiple service-level agreements to their data transactions. The service-level agreements include latency bounds and consistency guarantees. The applications may assign utility values to each of the service-level agreements. A monitor component monitors the various replica nodes in a cloud storage system for latency and consistency, and when a transaction is received from an application, the monitor determines which of the replica nodes can likely fulfill the transaction in satisfaction of any of the service-level agreements. Where multiple service-level agreements can be satisfied, the replica node that can fulfill the transaction according to the service-level agreement with the greatest utility is selected. The application may be charged for the transaction based on the utility of the service-level agreement that was satisfied.

Abstract: In a cloud computing environment, a cache and a memory are partitioned into “colors”. The colors of the cache and the memory are allocated to virtual machines independently of one another. In order to provide cache isolation while allocating the memory and cache in different proportions, some of the colors of the memory are allocated to a virtual machine, but the virtual machine is not permitted to directly access these colors. Instead, when a request is received from the virtual machine for a memory page in one of the non-accessible colors, a hypervisor swaps the requested memory page with a memory page with a color that the virtual machine is permitted to access. The virtual machine is then permitted to access the requested memory page at the new color location.

Abstract: A cryptographically-secure component is used to provide read-undeniability and deletion-verifiability for messaging applications. When a messaging application of a sending node desires to send a message to a messaging application of a receiving node, the sending node requests an encryption key from the receiving node. The cryptographically-secure component of the receiving node generates an encryption key that is bound to a state of the receiving node. The messaging application of the sending node encrypts the message using the encryption key and sends the encrypted message to the messaging application of the receiving node. Because the encryption key used to encrypt the message is bound to the state associated with reading the message by the cryptographically-secure component, if the receiving node desires to decrypt and read the encrypted message, the receiving node may advance its state to the bound state to retrieve the decryption key.

Abstract: A cryptographically-secure component is used to provide read-undeniability and deletion-verifiability for messaging applications. When a messaging application of a sending node desires to send a message to a messaging application of a receiving node, the sending node requests an encryption key from the receiving node. The cryptographically-secure component of the receiving node generates an encryption key that is bound to a state of the receiving node. The messaging application of the sending node encrypts the message using the encryption key and sends the encrypted message to the messaging application of the receiving node. Because the encryption key used to encrypt the message is bound to the state associated with reading the message by the cryptographically-secure component, if the receiving node desires to decrypt and read the encrypted message, the receiving node may advance its state to the bound state to retrieve the decryption key.

Abstract: A trusted read and write platform provides write-indisputability and read-undeniability for a distributed application. The platform is implemented at each node of the distributed application using a trusted platform module. To provide write-indisputability, the read and write platform of a node may generate a proof that is signed by the platform module and sent with a purportedly written result. The proof is decrypted using a public key associated with the platform module and includes indicators of the process taken by the read and write platform to write the result. To provide read-undeniability, the read and write platform may bind a key to a state of the platform module. A result to be read at the read and write platform is encrypted using the key and can only be decrypted when the read and write platform updates its state to the bound state.

Abstract: A remote procedure call chain is provided that replaces multiple consecutive remote procedure calls to multiple servers from a client by allowing a client to specify multiple functions to be performed consecutively at multiple servers in a single remote procedure call chain. The remote procedure call chain is executed by a sequence of multiple servers. Each server executes a service function and a chaining function of the remote procedure call chain. The chaining function uses the state of the remote procedure call chain in the sequence of servers to determine the next server to receive the remote procedure call chain, and the service function to be executed by that server. After the last service function is performed, the last server in the sequence of servers sends the results of the executed service functions to the client that originated the remote procedure call chain.