Snowflake has been granted a patent for a method enabling sandboxed user-defined function code to securely access the Internet via a cloud data platform. The technology involves receiving remote procedure calls, providing an overlay network for secure access, and enabling network calls within a sandbox process. GlobalData’s report on Snowflake gives a 360-degree view of the company including its patenting strategy. Buy the report here.

According to GlobalData’s company profile on Snowflake, Social media analytics was a key innovation area identified from patents. Snowflake's grant share as of February 2024 was 66%. Grant share is based on the ratio of number of grants to total number of patents.

Securely enabling sandboxed user-defined functions to access the internet

Source: United States Patent and Trademark Office (USPTO). Credit: Snowflake Inc

A recently granted patent (Publication Number: US11930045B1) outlines a method and system for managing remote procedure calls related to user-defined functions (UDFs) executing within a sandbox process. The method involves receiving a remote procedure call related to a UDF, establishing a secure egress path for UDF external access through an overlay network, enabling the use of a tunneling protocol for the overlay network, and allowing the UDF to initiate network calls based on this network. The system includes hardware processors and memory storing instructions to execute these operations, ensuring secure and controlled access for UDFs within a sandbox environment.



Furthermore, the patent details additional features such as enabling external access from the sandbox process, deploying an extended Berkeley Packet Filter (eBPF) for packet validation, capturing log data for error events related to UDFs, providing direct external access to UDFs via the secure egress path, and preventing unauthorized Domain Name System (DNS) requests. The system also includes mechanisms for collecting metric event information associated with UDFs, instantiating user code runtimes within sandbox processes, and implementing access control lists for authorized hosts and access usage rights. These features aim to enhance the security, control, and efficiency of executing UDFs within a sandbox environment, ensuring compliance with specified policies and preventing unauthorized access or actions.

