公开(公告)号：US10110629B1

公开(公告)日：2018-10-23

申请号：US15080504

申请日：2016-03-24

Applicant: Amazon Technologies, Inc.

Inventor： William Frederick Hingle Kruse ,  Hassan Sultan ,  Nicholas Howard Brown ,  James Leon Irving, Jr. ,  Donald Lee Bailey, Jr.

IPC: H04L29/06

Abstract: A honeypot resource management service receives a request to provision one or more honeypot resources. In response to the request, the service identifies at least one computing resource service that is to be used to present the one or more honeypot resources. The service generates configuration information that is transmitted to the at least one computing resource service to cause the computing resource service to present the one or more honeypot resources to users in accordance with a set of parameters specified in the configuration information.

公开(公告)号：US09876815B2

公开(公告)日：2018-01-23

申请号：US15256381

申请日：2016-09-02

Applicant: Amazon Technologies, Inc.

Inventor： Hassan Sultan ,  John Schweitzer ,  Donald Lee Bailey, Jr. ,  Gregory Branchek Roth ,  Nachiketh Rao Potlapally

IPC: G08B23/00 ,  H04L29/06 ,  G06F21/53 ,  G06F21/55

CPC classification number: H04L63/1433 ,  G06F21/53 ,  G06F21/554 ,  H04L63/1441 ,  H04L63/20

Abstract: A graph of a plurality of resources in a computing environment is generated, with the graph associating a first resource of the plurality with a second resource of the plurality. Based at least in part on measurements obtained at a point in a test computing environment that corresponds to a point in the computing environment, an expected value or expected range of values is determined. An assessment of a security state of the computing environment is generated based at least in part on a comparison between a measurement obtained at the point in the computing environment and the expected value or expected range of values, and responsive to a determination that the assessment indicates a rule violation in the computing environment, a security action is performed.

公开(公告)号：US09514324B1

公开(公告)日：2016-12-06

申请号：US14311027

申请日：2014-06-20

Applicant: Amazon Technologies, Inc.

Inventor： Nachiketh Rao Potlapally ,  Jonathan Matthew Miller ,  Eric Jason Brandwine ,  Stephen Edward Schmidt ,  Donald Lee Bailey, Jr.

IPC: G06F21/62 ,  H04L29/06

CPC classification number: G06F21/6218 ,  G06F2221/2111 ,  H04L63/06 ,  H04L63/10

Abstract: A computer-implemented method includes restricting access to customer data to certain geographic regions authorized by the customer. The restriction can be managed by associating policy information with the customer data that identifies the geographic regions authorized by the customer. Resources attempting to access the customer data can evaluate the policy information associated with the customer data with respect to the geographic location in which the resource is located to determine whether the resource is permitted to access the customer data. The restriction can also be managed by encrypting the customer data with a cryptographic key that corresponds to the customer and/or the authorized geographic regions.

Abstract translation: 计算机实现的方法包括将客户数据的访问限制到客户授权的某些地理区域。 可以通过将策略信息与识别客户授权的地理区域的客户数据相关联来管理该限制。 尝试访问客户数据的资源可以针对资源所在的地理位置评估与客户数据相关联的策略信息，以确定资源是否被允许访问客户数据。 也可以通过使用与客户和/或授权的地理区域对应的加密密钥加密客户数据来管理该限制。

公开(公告)号：US09438618B1

公开(公告)日：2016-09-06

申请号：US14673642

申请日：2015-03-30

Applicant: Amazon Technologies, Inc.

Inventor： Hassan Sultan ,  John Schweitzer ,  Donald Lee Bailey, Jr. ,  Gregory Branchek Roth ,  Nachiketh Rao Potlapally

IPC: G06F7/04 ,  H04L29/06

CPC classification number: H04L63/1433 ,  G06F21/53 ,  G06F21/554 ,  H04L63/1441 ,  H04L63/20

Abstract: A system and method for threat detection and mitigation through run-time introspection. The system and method comprising receiving a request to monitor a computing environment. Based on the received request, the system and method further includes determining a set of introspection points for monitoring the computing environment. receive a request to monitor a computing environment, measuring at individual introspection points of the set of introspection points to obtain a set of measurements, generating a graph of a set of resources in the computing environment, wherein the graph correlates individual resources in the set of resources to other resources based on at based at least in part on the set of measurements, and determining whether to perform a security action based at least in part on whether an evaluation of the graph indicates a threat to the computing environment.

Abstract translation: 一种通过运行时内省进行威胁检测和缓解的系统和方法。 该系统和方法包括接收监视计算环境的请求。 基于接收的请求，系统和方法还包括确定用于监视计算环境的一组内省点。 接收监视计算环境的请求，在所述一组内省点的各个内省点处进行测量以获得一组测量，生成计算环境中的一组资源的图，其中所述图将所述一组 至少部分地基于所述一组测量，以及至少部分地基于所述图形的评估是否指示对所述计算环境的威胁来确定是否执行安全动作来确定基于其他资源的资源。