-
公开(公告)号:US20240403186A1
公开(公告)日:2024-12-05
申请号:US18807743
申请日:2024-08-16
Applicant: Amazon Technologies, Inc.
Inventor: Vaibhav Bhushan Sharma , Andrew Jude Gacek , Michael William Whalen , Saswat Padhi , Andrew Apicelli , Raveesh Yadav , Samuel Bayless , Roman Pruzhanskiy , Rajat Gupta , Harshil Rajeshkumar Shah , Fernando Dias Pauer , Ankush Das , Dhivashini Jaganathan
Abstract: System and methods for IoT event detector correctness verification. Detector models (e.g., state-based models including variables, states, transitions and actions) take IoT device data as input and detect, based on the data, events that triggers actions. To verify a correctness of the models prior to deploying the models at scale, an event detector model correctness checker obtains a representation of a definition of the model, verifies, based on analysis of the model definition, whether the model complies with correctness properties, and generates a report indicating whether the model complies. Example correctness properties include a reachability correctness property that indicates that respective states or actions are reachable according to the definition of the event detector model. The analysis may be accessed via an interface element and may result in generation of a report that identifies a location of non-compliance within the model definition.
-
公开(公告)号:US11483317B1
公开(公告)日:2022-10-25
申请号:US16206859
申请日:2018-11-30
Applicant: Amazon Technologies, Inc.
Inventor: Pauline Virginie Bolignano , John Byron Cook , Andrew Jude Gacek , Kasper Luckow , Neha Rungta , Cole Schlesinger , Ian Sweet , Carsten Varming
IPC: H04L9/40 , G06F16/901 , G06F9/54
Abstract: A policy auditing service can be implemented, in accordance with at least one embodiment that obtains a set of parameters that indicates a snapshot of a policy configuration for an account, a query, and a security policy. The security policy may encode a security requirement or invariant. The policy auditing system may determine states that can be reached via mutative operations (e.g., role assumption) and use a policy analyzer service to determine whether assuming a role results in a grant of access that is at least as permissive as the security policy of the set of parameters.
-
公开(公告)号:US10922423B1
公开(公告)日:2021-02-16
申请号:US16015114
申请日:2018-06-21
Applicant: Amazon Technologies, Inc.
Inventor: Neha Rungta , Kasper Søe Luckow , Andrew Jude Gacek , Carsten Varming , John Cook
Abstract: A security policy analyzer service of a computing resource service provider performs evaluations of security policies provided by the service provider's users, to determine whether the security policies are valid, satisfiable, accurate, and/or sufficiently secure. The service may compare the user-provided policy to a stored or best-practices policy to begin the evaluation, translating encoded security permissions into propositional logic formulae that can be compared to determine which policy is more permissive. The service determines values of the parameters in a request for access to a computing resource based on the policy comparison, and generates request contexts using the values. The service uses the request contexts to generate one or more comparative policies that are then used iteratively as the second policy in the comparison to the user-provided policy, in order to produce additional request contexts that represent allow/deny “edge cases” along the borders of policy permission statements.
-
公开(公告)号:US11677789B2
公开(公告)日:2023-06-13
申请号:US17119663
申请日:2020-12-11
Applicant: Amazon Technologies, Inc.
Inventor: Neha Rungta , Daniel George Peebles , Andrew Jude Gacek , Marvin Theimer , Rebecca Claire Weiss , Brigid Ann Johnson
IPC: G06F15/16 , H04L9/40 , H04L41/5051 , H04L41/50
CPC classification number: H04L63/205 , H04L41/5051 , H04L41/5096 , H04L63/102
Abstract: Techniques for intent-based access control are described. A method of intent-based access control may include receiving, via a user interface of an intent-based governance service, one or more intent statements associated with user resources in a provider network, the one or more intent statements expressing at least one type of action allowed to be performed on the user resources, compiling the one or more intent statements into at least one access control policy, and associating the at least one access control policy with the user resources.
-
公开(公告)号:US20220201043A1
公开(公告)日:2022-06-23
申请号:US17567318
申请日:2022-01-03
Applicant: Amazon Technologies, Inc.
Inventor: Ujjwal Rajkumar Pugalia , Sean McLaughlin , Neha Rungta , Andrew Jude Gacek , Matthias Schlaipfer , John Michael Renner , Jihong Chen , Alex Li , Erin Westfall , Daniel George Peebles , Himanshu Gupta
IPC: H04L9/40
Abstract: Resource state validation may be performed for access management policies by an identity and access management system. An access management policy associated with an account for network-based services may be received and validated according to resource state obtained for resources associated with the account. A correction for a portion of the access management policy may be identified according to the validation and provided via an interface for the identity and access management system.
-
Patent Agency Ranking
公开(公告)号:US11301357B1
公开(公告)日:2022-04-12
申请号:US16584611
申请日:2019-09-26
Applicant: Amazon Technologies, Inc.
Inventor: Andrew Jude Gacek , Neha Rungta , Lee Pike
Abstract: Techniques for performing compile-time checks of source code using static analysis are described herein. One or more application programming interface calls to a remote computing service provider are detected in a set of source code listings using static analysis, and properties of each call are checked against a user-defined model containing rules defining incorrect behavior. If incorrect behavior is detected, a visualization is presented containing information about the incorrect behavior.
-
公开(公告)号:US12299154B1
公开(公告)日:2025-05-13
申请号:US17663401
申请日:2022-05-13
Applicant: Amazon Technologies, Inc.
Inventor: Jared Curran Davis , Andrew Jude Gacek , Harsh Raju Chamarthi , Neha Rungta , Vaibhav Bhushan Sharma
IPC: G06F21/62
Abstract: Secure data handling discovery techniques model are implemented to discover access to secure data within an application. A dataflow model is generated for an application to describe a secure zone with respect to secure data. The dataflow model is then evaluated and updated when dataflows that exit the secure zone are detected. Classifications of the exits are received and used to update the dataflow model.
-
公开(公告)号:US11218511B1
公开(公告)日:2022-01-04
申请号:US17114286
申请日:2020-12-07
Applicant: Amazon Technologies, Inc.
Inventor: Ujjwal Rajkumar Pugalia , Sean McLaughlin , Neha Rungta , Andrew Jude Gacek , Matthias Schlaipfer , John Michael Renner , Jihong Chen , Alex Li , Erin Westfall , Daniel George Peebles , Himanshu Gupta
Abstract: Resource state validation may be performed for access management policies by an identity and access management system. An access management policy associated with an account for network-based services may be received and validated according to resource state obtained for resources associated with the account. A correction for a portion of the access management policy may be identified according to the validation and provided via an interface for the identity and access management system.
-
公开(公告)号:US10977111B2
公开(公告)日:2021-04-13
申请号:US16115408
申请日:2018-08-28
Applicant: Amazon Technologies, Inc.
Inventor: Neha Rungta , Temesghen Kahsai Azene , Pauline Virginie Bolignano , Kasper Soe Luckow , Sean McLaughlin , Catherine Dodge , Andrew Jude Gacek , Carsten Varming , John Byron Cook , Daniel Schwartz-Narbonne , Juan Rodriguez Hortala
Abstract: A constraint solver service of a computing resource service provider performs evaluations of logic problems provided by the service provider's users and/or services by deploying a plurality of constraint solvers to concurrently evaluate the logic problem. Each deployed solver has, or is configured with, different characteristics and/or capabilities than the other solvers; thus, the solvers can have varying execution times and ways of finding a solution. The service may control execution of the solvers using virtual computing resources, such as by installing and configuring a solver to execute in a software container instance. The service receives solver results and delivers them according to a solution strategy such as “first received” to reduce latency or “check for agreement” to validate the solution. An interface allows the provider of the logic problem to select and configure solvers, issue commands and modifications during solver execution, select the solution strategy, and receive the solution.
-
公开(公告)号:US12093160B1
公开(公告)日:2024-09-17
申请号:US17543585
申请日:2021-12-06
Applicant: Amazon Technologies, Inc.
Inventor: Vaibhav Bhushan Sharma , Andrew Jude Gacek , Michael William Whalen , Saswat Padhi , Andrew Apicelli , Raveesh Yadav , Samuel Bayless , Roman Pruzhanskiy , Rajat Gupta , Harshil Rajeshkumar Shah , Fernando Dias Pauer , Ankush Das , Dhivashini Jaganathan
CPC classification number: G06F11/3447 , G06F11/3013 , G06F11/3476 , G06F11/3604 , H04L67/62
Abstract: System and methods for IoT event detector correctness verification. Detector models (e.g., state-based models including variables, states, transitions and actions) take IoT device data as input and detect, based on the data, events that triggers actions. To verify a correctness of the models prior to deploying the models at scale, an event detector model correctness checker obtains a representation of a definition of the model, verifies, based on analysis of the model definition, whether the model complies with correctness properties, and generates a report indicating whether the model complies. Example correctness properties include a reachability correctness property that indicates that respective states or actions are reachable according to the definition of the event detector model. The analysis may be accessed via an interface element and may result in generation of a report that identifies a location of non-compliance within the model definition.
-
-
-
-
-
-
-
-
-
Search Results
12
records
(took 0.014 seconds)
