公开(公告)号：US20210392157A1

公开(公告)日：2021-12-16

申请号：US17459908

申请日：2021-08-27

Applicant: Amazon Technologies, Inc.

Inventor： Catherine Dodge ,  Nikhil Reddy Cheruku ,  John Byron Cook ,  Temesghen Kahsai Azene ,  William Jo Kocik ,  Sean McLaughlin ,  Mark Edward Stalzer ,  Blake Whaley ,  Yiwen Wu

IPC: H04L29/06 ,  G06F16/2455 ,  H04L12/24 ,  H04L12/26

Abstract: Methods, systems, and computer-readable media for automated packetless network reachability analysis are disclosed. An analysis is performed of network configuration data for a network comprising a host computer. Based at least in part on the analysis, one or more ports at the host computer that are reachable from another computer are determined. Based at least in part on the analysis, one or more routes to the one or more ports are determined. A report is generated that is descriptive of the one or more ports and the one or more routes.

公开(公告)号：US20200073783A1

公开(公告)日：2020-03-05

申请号：US16122676

申请日：2018-09-05

Applicant: Amazon Technologies, Inc.

Inventor： Juan Rodriguez Hortala ,  Neha Rungta ,  Mark R. Tuttle ,  Serdar Tasiran ,  Michael Tautschnig ,  Andrea Nedic ,  Carsten Varming ,  John Byron Cook ,  Sean McLaughlin

IPC: G06F11/36 ,  G06F9/50 ,  G06F8/65 ,  G06F9/54

Abstract: A method for verifying source code for a program includes determining that a new version of the source code is available. One or more verification tools are determined to use for verification of the new version of the source code from a verification specification associated with the source code. A plurality of verification tasks to perform for the verification of the new version of the source code are automatically determined from the verification specification associated with the source code. The plurality of verification tasks for the new version of the source code are automatically performed using the one or more verification tools. A determination is then made as to whether the new version of the source code is verified.

公开(公告)号：US20240314134A1

公开(公告)日：2024-09-19

申请号：US18674692

申请日：2024-05-24

Applicant: Amazon Technologies, Inc.

Inventor： John Byron Cook ,  Neha Rungta ,  Carsten Varming ,  Daniel George Peebles ,  Daniel Kroening ,  Alejandro Naser Pastoriza

IPC: H04L9/40 ,  H04L41/0604 ,  H04L41/22

CPC classification number: H04L63/101 ,  H04L41/0627 ,  H04L41/22 ,  H04L63/0435 ,  H04L63/20 ,  H04L63/105

Abstract: Methods, systems, and computer-readable media for analysis of role reachability with transitive tags are disclosed. An access control analyzer determines a graph including nodes and edges. The nodes represent roles in a provider network hosting resources. The roles are associated with access control policies granting or denying access to individual resources. One or more of the access control policies grant or deny access based (at least in part) on key-value attributes. The access control analyzer determines, based (at least in part) on a role reachability analysis of the graph, whether a first role can assume a second role using role assumption steps for a particular state of the attributes. The attributes may include transitive attributes that persist during the role assumption steps.

公开(公告)号：US12034727B2

公开(公告)日：2024-07-09

申请号：US17119855

申请日：2020-12-11

Applicant: Amazon Technologies, Inc.

Inventor： John Byron Cook ,  Neha Rungta ,  Carsten Varming ,  Daniel George Peebles ,  Daniel Kroening ,  Alejandro Naser Pastoriza

IPC: H04L9/40 ,  H04L41/0604 ,  H04L41/22

CPC classification number: H04L63/101 ,  H04L41/0627 ,  H04L41/22 ,  H04L63/0435 ,  H04L63/20 ,  H04L63/105

Abstract: Methods, systems, and computer-readable media for analysis of role reachability with transitive tags are disclosed. An access control analyzer determines a graph including nodes and edges. The nodes represent roles in a provider network hosting resources. The roles are associated with access control policies granting or denying access to individual resources. One or more of the access control policies grant or deny access based (at least in part) on key-value attributes. The access control analyzer determines, based (at least in part) on a role reachability analysis of the graph, whether a first role can assume a second role using role assumption steps for a particular state of the attributes. The attributes may include transitive attributes that persist during the role assumption steps.

公开(公告)号：US11797317B1

公开(公告)日：2023-10-24

申请号：US17548225

申请日：2021-12-10

Applicant: Amazon Technologies, Inc.

Inventor： Sean McLaughlin ,  Tongtong Xiang ,  Matthias Schlaipfer ,  Neha Rungta ,  Serdar Tasiran ,  John Byron Cook ,  Michael William Whalen

IPC: G06F9/445 ,  G06F11/36 ,  G06F8/60 ,  G06F8/41

CPC classification number: G06F9/44589 ,  G06F8/44 ,  G06F8/60 ,  G06F11/3608 ,  G06F11/3612

Abstract: A software development process may support a transition from unverifiable, legacy code to verifiable code that is provably correct by construction. A behavioral model may be developed for legacy software that includes various behavioral criteria. Then, source code implemented in a verifiable language may be verified using the behavioral model to perform verification. Once the source code is complete and verified, a new verified implementation may be compiled. The verified implementation may then be executed, along with the legacy software, to identify differences in behavior which are fed back into the behavioral model and subsequently into the new source code. This process may then be iterated with the verifiable code being deployable once behavioral differences are resolved.

公开(公告)号：US20220191205A1

公开(公告)日：2022-06-16

申请号：US17119855

申请日：2020-12-11

Applicant: Amazon Technologies, Inc.

Inventor： John Byron Cook ,  Neha Rungta ,  Carsten Varming ,  Daniel George Peebles ,  Daniel Kroening ,  Alejandro Naser Pastoriza

IPC: H04L29/06 ,  H04L12/24

Abstract: Methods, systems, and computer-readable media for analysis of role reachability with transitive tags are disclosed. An access control analyzer determines a graph comprising a plurality of nodes and one or more edges. The nodes represent roles in a provider network hosting resources. The roles are associated with access control policies granting or denying access to individual resources. One or more of the access control policies grant or deny access based (at least in part) on one or more key-value attributes. The access control analyzer determines, based (at least in part) on a role reachability analysis of the graph, whether a first role can assume a second role using one or more role assumption steps for a particular state of the one or more attributes. The one or more attributes may comprise one or more transitive attributes that persist during the one or more role assumption steps.

公开(公告)号：US11232015B2

公开(公告)日：2022-01-25

申请号：US16864713

申请日：2020-05-01

Applicant: Amazon Technologies, Inc.

Inventor： Juan Rodriguez Hortala ,  Neha Rungta ,  Mark R. Tuttle ,  Serdar Tasiran ,  Michael Tautschnig ,  Andrea Nedic ,  Carsten Varming ,  John Byron Cook ,  Sean McLaughlin

IPC: G06F9/44 ,  G06F11/36 ,  G06F9/54 ,  G06F8/65 ,  G06F9/50

Abstract: A method for verifying source code for a program includes determining that a new version of the source code is available. One or more verification tools are determined to use for verification of the new version of the source code from a verification specification associated with the source code. A plurality of verification tasks to perform for the verification of the new version of the source code are automatically determined from the verification specification associated with the source code. The plurality of verification tasks for the new version of the source code are automatically performed using the one or more verification tools. A determination is then made as to whether the new version of the source code is verified.

公开(公告)号：US10977111B2

公开(公告)日：2021-04-13

申请号：US16115408

申请日：2018-08-28

Applicant: Amazon Technologies, Inc.

Inventor： Neha Rungta ,  Temesghen Kahsai Azene ,  Pauline Virginie Bolignano ,  Kasper Soe Luckow ,  Sean McLaughlin ,  Catherine Dodge ,  Andrew Jude Gacek ,  Carsten Varming ,  John Byron Cook ,  Daniel Schwartz-Narbonne ,  Juan Rodriguez Hortala

IPC: G06F11/07 ,  G06F11/14 ,  G06F9/50 ,  G06F9/451 ,  G06F8/60 ,  G06F9/455 ,  G06F11/36

Abstract: A constraint solver service of a computing resource service provider performs evaluations of logic problems provided by the service provider's users and/or services by deploying a plurality of constraint solvers to concurrently evaluate the logic problem. Each deployed solver has, or is configured with, different characteristics and/or capabilities than the other solvers; thus, the solvers can have varying execution times and ways of finding a solution. The service may control execution of the solvers using virtual computing resources, such as by installing and configuring a solver to execute in a software container instance. The service receives solver results and delivers them according to a solution strategy such as “first received” to reduce latency or “check for agreement” to validate the solution. An interface allows the provider of the logic problem to select and configure solvers, issue commands and modifications during solver execution, select the solution strategy, and receive the solution.