Abstract: Methods for forming a semiconductor structure and semiconductor structures are described. The method comprises patterning a substrate to form a first opening and a second opening, the substrate comprising an n transistor and a p transistor, the first opening over the n transistor and the second opening over the p transistor; pre-cleaning the substrate; depositing a titanium silicide (TiSi) layer on the n transistor and on the p transistor by plasma-enhanced chemical vapor deposition (PECVD); optionally depositing a first barrier layer on the titanium silicide (TiSi) layer and selectively removing the first barrier layer from the p transistor; selectively forming a molybdenum silicide (MoSi) layer on the titanium silicide (TiSi) layer on the n transistor and the p transistor; forming a second barrier layer on the molybdenum silicide (MoSi) layer; and annealing the semiconductor structure. The method may be performed in a processing chamber without breaking vacuum.

Abstract: A device receives network segment information identifying network segments associated with a network, and receives endpoint host session information identifying sessions associated with endpoint hosts communicating with the network. The device generates, based on the network segment information and the endpoint host session information, a data structure that includes information associating the network segments with the sessions associated with the endpoint hosts. The device updates the data structure based on changes in the sessions associated with the endpoint hosts and based on changes in locations of the endpoint hosts within the network segments, and identifies, based on the data structure, a particular endpoint host, of the endpoint hosts, that changed locations within the network segments. The device determines a threat policy action to enforce for the particular endpoint host, and causes the threat policy action to be enforced, by the network, for the particular endpoint host.

Abstract: A method includes identifying a middlebox receiving network flow and communicating with one or more backend virtual machines. The method also includes receiving flow statistics corresponding to the network flow of the middlebox and determining whether the flow statistics satisfy an offload rule. The offload rule indicates when to migrate the network flow from the middlebox to an end host. When the flow statistics satisfy the offload rule, the method also includes migrating the network flow from the middlebox to the end host.

Abstract: A vehicle occupant restraint system includes an airbag cushion. A reaction surface is configured to move between a retracted position and a deployed position upon deployment of the airbag cushion, such that the reaction surfaces will direct the airbag cushion toward an occupant area upon deployment of the airbag cushion. Multiple embodiments of reaction surfaces are disclosed, including deployable instrument panel sections, flexible straps, and hoods.

Abstract: An airbag can include active vents to manage the pressure within the airbag when deployed. The active vent can be at least partially controlled by using a tether. A tether separator can be configured to separate the tether. The tether separator can include an explosive. The tether separator can be operatively positioned relative to the tether such that, when the tether separator is activated, the explosive produces shockwaves and/or heat energy. The shockwaves and/or the heat energy can cause the tether to be separated into two pieces. In some instances, a portion of the tether can be held in tension to facilitate the separation of the tether.

Abstract: An airbag can include active vents to manage the pressure within the airbag when deployed. The active vent can be at least partially controlled by using a tether. A tether separator can be configured to separate the tether. The tether separator can include an explosive. The tether separator can be operatively positioned relative to the tether such that, when the tether separator is activated, the explosive produces shockwaves and/or heat energy. The shockwaves and/or the heat energy can cause the tether to be separated into two pieces. In some instances, a portion of the tether can be held in tension to facilitate the separation of the tether.

Abstract: A method includes identifying a middlebox receiving network flow and communicating with one or more backend virtual machines. The method also includes receiving flow statistics corresponding to the network flow of the middlebox and determining whether the flow statistics satisfy an offload rule. The offload rule indicates when to migrate the network flow from the middlebox to an end host. When the flow statistics satisfy the offload rule, the method also includes migrating the network flow from the middlebox to the end host.

Abstract: A method includes identifying a middlebox receiving network flow and communicating with one or more backend virtual machines. The method also includes receiving flow statistics corresponding to the network flow of the middlebox and determining whether the flow statistics satisfy an offload rule. The offload rule indicates when to migrate the network flow from the middlebox to an end host. When the flow statistics satisfy the offload rule, the method also includes migrating the network flow from the middlebox to the end host.

Abstract: A vehicle occupant restraint system includes an airbag cushion. A reaction surface is configured to move between a retracted position and a deployed position upon deployment of the airbag cushion, such that the reaction surfaces will direct the airbag cushion toward an occupant area upon deployment of the airbag cushion. Multiple embodiments of reaction surfaces are disclosed, including deployable instrument panel sections, flexible straps, and hoods.

Abstract: A method for transparent migration of virtual network functions is provided. The method includes identifying a middlebox receiving network flow and communicating with one or more backend virtual machines. The method also includes receiving flow statistics corresponding to the network flow of the middlebox and determining whether the flow statistics satisfy an offload rule. The offload rule indicates when to migrate the network flow from the middlebox to an end host. When the flow statistics satisfy the offload rule, the method also includes migrating the network flow from the middlebox to the end host.

Abstract: Described herein is a system and method for providing and administering a partitionable environment for operating application software. The environment is provided together with a plurality of deployable resources usable within the environment and one or more resource group templates. Each resource group template defines a grouping of the deployable resources within a domain. An administration console is usable to create and configure one or more partitions within the domain, with each partition providing an administrative and runtime subdivision of the domain. The administration console can be set to display the one or more partitions and enable creation and configuration of specific artifacts within the one or more partitions.

Abstract: Methods, systems, and computer readable media for rapid filtering of opaque data traffic are disclosed. According to one method, the method includes receiving a packet containing a payload. The method also includes analyzing a portion of the payload for determining whether the packet contains compressed or encrypted data. The method further includes performing, if the packet contains compressed or encrypted data, at least one of sending the packet to an opaque traffic analysis engine for analysis, discarding the packet, logging the packet, or marking the packet.

Abstract: Methods, systems, and computer readable media for detecting a compromised computing host are disclosed. According to one method, the method includes receiving one or more domain name system (DNS) non-existent domain (NX) messages associated with a computing host. The method also includes determining, using a host score associated with one or more unique DNS zones or domain names included in the one or more DNS NX messages, whether the computing host is compromised. The method further includes performing, in response to determining that the computing host is compromised, a mitigation action.

Abstract: According to one aspect, the subject matter described herein includes a method for efficient computer forensic analysis and data access control. The method includes steps occurring from within a virtualization layer separate from a guest operating system. The steps include monitoring disk accesses by the guest operating system to a region of interest on a disk from which data is copied into memory. The steps also include tracking subsequent accesses to the memory resident data where the memory resident data is copied from its initial location to other memory locations or over a network. The steps further include linking operations made by the guest operating system associated with the disk accesses with operations made by the guest operating system associated with the memory accessed.

Abstract: According to one aspect, the subject matter described herein includes a method for detecting injected machine code. The method includes extracting data content from a buffer. The method also includes providing an operating system kernel configured to detect injected machine code. The method further includes executing, using the operating system kernel, the data content on a physical processor. The method further includes monitoring, using the operating system kernel, the execution of the data content to determine whether the data content contains injected machine code indicative of a code injection attack.

Abstract: Methods, systems, and computer readable media for detecting a compromised computing host are disclosed. According to one method, the method includes receiving one or more domain name system (DNS) non-existent domain (NX) messages associated with a computing host. The method also includes determining, using a host score associated with one or more unique DNS zones or domain names included in the one or more DNS NX messages, whether the computing host is compromised. The method further includes performing, in response to determining that the computing host is compromised, a mitigation action.

Abstract: Described herein is a system and method for providing and administering a partitionable environment for operating application software. The environment is provided together with a plurality of deployable resources usable within the environment and one or more resource group templates. Each resource group template defines a grouping of the deployable resources within a domain. An administration console is usable to create and configure one or more partitions within the domain, with each partition providing an administrative and runtime subdivision of the domain. The administration console can be set to display the one or more partitions and enable creation and configuration of specific artifacts within the one or more partitions.

Abstract: A source device obtains a data packet that includes both a destination address and a payload. The source device selects an exit point address of multiple exit point addresses corresponding to the destination address based on one or more policies. The source device encapsulates the data packet with a header that includes the selected exit point address, and the encapsulated data packet is provided to the backbone network. The encapsulated data packet is routed through the backbone network based on the exit point address, and an edge router of the backbone network identifies an interface of the edge router that corresponds to the exit point address. The header is removed from the encapsulated data packet, and the data packet is added to a buffer of the interface for routing to one or more other devices outside of the backbone network.

Abstract: Methods, systems, and computer readable media for rapid filtering of opaque data traffic are disclosed. According to one method, the method includes receiving a packet containing a payload. The method also includes analyzing a portion of the payload for determining whether the packet contains compressed or encrypted data. The method further includes performing, if the packet contains compressed or encrypted data, at least one of sending the packet to an opaque traffic analysis engine for analysis, discarding the packet, logging the packet, or marking the packet.

Abstract: According to one aspect, the subject matter described herein includes a method for detecting injected machine code. The method includes extracting data content from a buffer. The method also includes providing an operating system kernel configured to detect injected machine code. The method further includes executing, using the operating system kernel, the data content on a physical processor. The method further includes monitoring, using the operating system kernel, the execution of the data content to determine whether the data content contains injected machine code indicative of a code injection attack.