Abstract: An airbag tether separation system includes an airbag tether separator having an explosive and a housing including a wall with at least one space formed in the wall. The tether separator is structured so that, when the explosive is activated, the explosive produces shockwaves causing separation of a portion of a tether extending between the explosive and the wall. At least a portion of the shockwaves also pass into the at least one space, from where they may pass through the space away from a separation region of the tether and to an exterior of the housing, or be reflected in a direction away from the separation region of the tether.

Abstract: Various methods are disclosed for folding a driver occupant airbag for incorporation into an associated airbag module. One method includes steps of positioning the airbag on a working surface, pinching at least one portion of an edge of the airbag along a rapid deployment axis of the airbag, laterally compressing the airbag, and longitudinally compressing the laterally compressed airbag to provide an installation-ready airbag component suitable for installation into an airbag module. Pinching the airbag at one or more locations along the rapid deployment axis during folding may cause the pinched airbag portions to deploy more rapidly than other portions of the airbag when the airbag is inflated. Alternative folding methods are also disclosed.

Abstract: A method includes identifying a middlebox receiving network flow and communicating with one or more backend virtual machines. The method also includes receiving flow statistics corresponding to the network flow of the middlebox and determining whether the flow statistics satisfy an offload rule. The offload rule indicates when to migrate the network flow from the middlebox to an end host. When the flow statistics satisfy the offload rule, the method also includes migrating the network flow from the middlebox to the end host.

Abstract: A method includes identifying a middlebox receiving network flow and communicating with one or more backend virtual machines. The method also includes receiving flow statistics corresponding to the network flow of the middlebox and determining whether the flow statistics satisfy an offload rule. The offload rule indicates when to migrate the network flow from the middlebox to an end host. When the flow statistics satisfy the offload rule, the method also includes migrating the network flow from the middlebox to the end host.

Abstract: A vehicle occupant restraint system includes an airbag cushion. A reaction surface is configured to move between a retracted position and a deployed position upon deployment of the airbag cushion, such that the reaction surfaces will direct the airbag cushion toward an occupant area upon deployment of the airbag cushion. Multiple embodiments of reaction surfaces are disclosed, including deployable instrument panel sections, flexible straps, and hoods.

Abstract: An airbag can include active vents to manage the pressure within the airbag when deployed. The active vent can be at least partially controlled by using a tether. A tether separator can be configured to separate the tether. The tether separator can include an explosive. The tether separator can be operatively positioned relative to the tether such that, when the tether separator is activated, the explosive produces shockwaves and/or heat energy. The shockwaves and/or the heat energy can cause the tether to be separated into two pieces. In some instances, a portion of the tether can be held in tension to facilitate the separation of the tether.

Abstract: An airbag can include active vents to manage the pressure within the airbag when deployed. The active vent can be at least partially controlled by using a tether. A tether separator can be configured to separate the tether. The tether separator can include an explosive. The tether separator can be operatively positioned relative to the tether such that, when the tether separator is activated, the explosive produces shockwaves and/or heat energy. The shockwaves and/or the heat energy can cause the tether to be separated into two pieces. In some instances, a portion of the tether can be held in tension to facilitate the separation of the tether.

Abstract: A method includes identifying a middlebox receiving network flow and communicating with one or more backend virtual machines. The method also includes receiving flow statistics corresponding to the network flow of the middlebox and determining whether the flow statistics satisfy an offload rule. The offload rule indicates when to migrate the network flow from the middlebox to an end host. When the flow statistics satisfy the offload rule, the method also includes migrating the network flow from the middlebox to the end host.

Abstract: A method includes identifying a middlebox receiving network flow and communicating with one or more backend virtual machines. The method also includes receiving flow statistics corresponding to the network flow of the middlebox and determining whether the flow statistics satisfy an offload rule. The offload rule indicates when to migrate the network flow from the middlebox to an end host. When the flow statistics satisfy the offload rule, the method also includes migrating the network flow from the middlebox to the end host.

Abstract: A vehicle occupant restraint system includes an airbag cushion. A reaction surface is configured to move between a retracted position and a deployed position upon deployment of the airbag cushion, such that the reaction surfaces will direct the airbag cushion toward an occupant area upon deployment of the airbag cushion. Multiple embodiments of reaction surfaces are disclosed, including deployable instrument panel sections, flexible straps, and hoods.

Abstract: A method for transparent migration of virtual network functions is provided. The method includes identifying a middlebox receiving network flow and communicating with one or more backend virtual machines. The method also includes receiving flow statistics corresponding to the network flow of the middlebox and determining whether the flow statistics satisfy an offload rule. The offload rule indicates when to migrate the network flow from the middlebox to an end host. When the flow statistics satisfy the offload rule, the method also includes migrating the network flow from the middlebox to the end host.

Abstract: Described herein is a system and method for providing and administering a partitionable environment for operating application software. The environment is provided together with a plurality of deployable resources usable within the environment and one or more resource group templates. Each resource group template defines a grouping of the deployable resources within a domain. An administration console is usable to create and configure one or more partitions within the domain, with each partition providing an administrative and runtime subdivision of the domain. The administration console can be set to display the one or more partitions and enable creation and configuration of specific artifacts within the one or more partitions.

Abstract: Methods, systems, and computer readable media for rapid filtering of opaque data traffic are disclosed. According to one method, the method includes receiving a packet containing a payload. The method also includes analyzing a portion of the payload for determining whether the packet contains compressed or encrypted data. The method further includes performing, if the packet contains compressed or encrypted data, at least one of sending the packet to an opaque traffic analysis engine for analysis, discarding the packet, logging the packet, or marking the packet.

Abstract: Methods, systems, and computer readable media for detecting a compromised computing host are disclosed. According to one method, the method includes receiving one or more domain name system (DNS) non-existent domain (NX) messages associated with a computing host. The method also includes determining, using a host score associated with one or more unique DNS zones or domain names included in the one or more DNS NX messages, whether the computing host is compromised. The method further includes performing, in response to determining that the computing host is compromised, a mitigation action.

Abstract: According to one aspect, the subject matter described herein includes a method for efficient computer forensic analysis and data access control. The method includes steps occurring from within a virtualization layer separate from a guest operating system. The steps include monitoring disk accesses by the guest operating system to a region of interest on a disk from which data is copied into memory. The steps also include tracking subsequent accesses to the memory resident data where the memory resident data is copied from its initial location to other memory locations or over a network. The steps further include linking operations made by the guest operating system associated with the disk accesses with operations made by the guest operating system associated with the memory accessed.

Abstract: According to one aspect, the subject matter described herein includes a method for detecting injected machine code. The method includes extracting data content from a buffer. The method also includes providing an operating system kernel configured to detect injected machine code. The method further includes executing, using the operating system kernel, the data content on a physical processor. The method further includes monitoring, using the operating system kernel, the execution of the data content to determine whether the data content contains injected machine code indicative of a code injection attack.

Abstract: Methods, systems, and computer readable media for detecting a compromised computing host are disclosed. According to one method, the method includes receiving one or more domain name system (DNS) non-existent domain (NX) messages associated with a computing host. The method also includes determining, using a host score associated with one or more unique DNS zones or domain names included in the one or more DNS NX messages, whether the computing host is compromised. The method further includes performing, in response to determining that the computing host is compromised, a mitigation action.

Abstract: Described herein is a system and method for providing and administering a partitionable environment for operating application software. The environment is provided together with a plurality of deployable resources usable within the environment and one or more resource group templates. Each resource group template defines a grouping of the deployable resources within a domain. An administration console is usable to create and configure one or more partitions within the domain, with each partition providing an administrative and runtime subdivision of the domain. The administration console can be set to display the one or more partitions and enable creation and configuration of specific artifacts within the one or more partitions.

Abstract: A source device obtains a data packet that includes both a destination address and a payload. The source device selects an exit point address of multiple exit point addresses corresponding to the destination address based on one or more policies. The source device encapsulates the data packet with a header that includes the selected exit point address, and the encapsulated data packet is provided to the backbone network. The encapsulated data packet is routed through the backbone network based on the exit point address, and an edge router of the backbone network identifies an interface of the edge router that corresponds to the exit point address. The header is removed from the encapsulated data packet, and the data packet is added to a buffer of the interface for routing to one or more other devices outside of the backbone network.

Abstract: Methods, systems, and computer readable media for rapid filtering of opaque data traffic are disclosed. According to one method, the method includes receiving a packet containing a payload. The method also includes analyzing a portion of the payload for determining whether the packet contains compressed or encrypted data. The method further includes performing, if the packet contains compressed or encrypted data, at least one of sending the packet to an opaque traffic analysis engine for analysis, discarding the packet, logging the packet, or marking the packet.