Secure execution of user-defined functions

Assignee

• Snowflake Inc. · US

Inventors

• Brandon S. Baker · Redmond, US
• Derek Ernest Denny-Brown, II · Seattle, US
• Michael Halcrow · Pflugerville, US
• Sven Tenzing Choden Konigsmark · Seattle, US
• Niranjan Kumar Sharma · Redmond, US
• Nitya Kumar Sharma · Bellevue, US
• Haowei Yu · Newark, US
• Andong Zhan · San Mateo, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/101
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Systems and methods are disclosed for securely executing user-defined functions within a cloud data platform. A method involves receiving, via hardware processors, a request to execute a user-defined function (UDF) contained within a sandbox process. The UDF comprises code for performing specified operations that necessitate access to external resources. To facilitate this access, a secure egress path is established using an overlay network designed to isolate the UDF's network traffic from other processes. Authentication and authorization details for the UDF are managed externally to the sandbox process, ensuring that the UDF's functionality remains orthogonal to the cloud data platform's operations. This approach enables the secure and controlled execution of UDFs, allowing them to interact with external systems while maintaining the integrity and security of the cloud data platform environment.