公开(公告)号：US10025718B1

公开(公告)日：2018-07-17

申请号：US15195884

申请日：2016-06-28

Applicant: Amazon Technologies, Inc.

Inventor： Muhammad Wasiq ,  Nima Sharifi Mehr

IPC: G06F12/08 ,  G06F12/0877

Abstract: Modifications to throughput capacity provisioned at a data store for servicing access requests to the data store may be performed according to cache performance metrics. A cache that services access requests to the data store may be monitored to collected and evaluate cache performance metrics. The cache performance metrics may be evaluated with respect to criteria for triggering different throughput modifications. In response to triggering a throughput modification, the throughput capacity for the data store may be modified according to the triggered throughput modification. In some embodiments, the criteria for detecting throughput modifications may be determined and modified based on cache performance metrics.

公开(公告)号：US09813450B1

公开(公告)日：2017-11-07

申请号：US14623414

申请日：2015-02-16

Applicant: Amazon Technologies, Inc.

Inventor： Muhammad Wasiq ,  Nima Sharifi Mehr

IPC: G06F17/00 ,  H04L29/06

CPC classification number: H04L63/20 ,  G06F21/577 ,  G06F2221/033

Abstract: An automated quality compliance verifier QCV identifies a quality control policy to be implemented for artifacts in a repository. The QCV determines one or more artifact metadata categories, including at least one category indicating an activity status (such as recent or ongoing use) of the artifacts. Metadata entries for at least the activity status category are obtained for a first and a second artifact. Based on an analysis of the metadata entries, the QCV assigns a higher priority to a first policy violation detection operation (PVDO) for the first artifact than to a second PVDO for the second artifact. Based on a result of the first PVDO, the QCV initiates one or more responsive actions.

公开(公告)号：US11729171B1

公开(公告)日：2023-08-15

申请号：US17395892

申请日：2021-08-06

Applicant: Amazon Technologies, Inc.

Inventor： Muhammad Wasiq ,  Nima Sharifi Mehr

IPC: H04L9/40 ,  H04L67/02 ,  G06F21/62 ,  H04L61/4511 ,  H04L101/604

CPC classification number: H04L63/10 ,  G06F21/6263 ,  H04L61/4511 ,  H04L63/102 ,  H04L67/02 ,  H04L63/168 ,  H04L2101/604

Abstract: Disclosed are various embodiments for preventing the unintended leakage of cookie data. In one embodiment, a browser application stores cookie data from a first network site having a high-level domain in a client computing device. The cookie data includes a sharing attribute. The cookie data is automatically made accessible to the first network site. A network service is queried to obtain data indicating a classification associated with the first network site. The cookie data is made accessible to a second network site having the same high-level domain based at least in part on the sharing attribute and the classification meeting at least one predetermined criterion.

公开(公告)号：US10924503B1

公开(公告)日：2021-02-16

申请号：US15993216

申请日：2018-05-30

Applicant: Amazon Technologies, Inc.

Inventor： Shane Anil Pereira ,  Muhammad Wasiq

IPC: H04L29/06

Abstract: Systems, methods, and computer-readable media are disclosed for systems and methods for identifying false positives in malicious domain data using network traffic data logs. Example methods may include determining a first domain name identifier in a set of domain name identifiers classified as malicious, determining a first IP address associated with the first domain name identifier, and determining first virtual private cloud (VPC) flow log data that corresponds to historical network traffic associated with the first IP address. Certain methods may include determining second VPC flow log data that corresponds to historical network traffic associated with a second IP address that is classified as non-malicious, determining, using the first VPC flow log data and the second VPC flow log data, that the first VPC flow log data is non-malicious, and determining that the first domain name identifier is to be classified as non-malicious.

公开(公告)号：US20190377883A1

公开(公告)日：2019-12-12

申请号：US16548733

申请日：2019-08-22

Applicant: Amazon Technologies, Inc.

Inventor： Muhammad Wasiq ,  Nima Sharifi Mehr

IPC: G06F21/57 ,  G06F21/62 ,  G06N20/00 ,  H04L9/08 ,  H04L29/06

Abstract: An end-to-end request path associated with an application frontend is determined. A change to a service in the end-to-end request path is identified. A weight value to associate with the change is determined based at least in part on the characteristics of the change. The weight value is aggregated with weight values associated with other code changes is obtained from aggregating the weight value with the weight values of other code changes to produce a collective weight of the code changes. A security review is determined to be triggered based at least in part on the collective weight reaching a value relative to a threshold.

公开(公告)号：US20180322066A1

公开(公告)日：2018-11-08

申请号：US16035461

申请日：2018-07-13

Applicant: Amazon Technologies, Inc.

Inventor： Muhammad Wasiq ,  Nima Sharifi Mehr

IPC: G06F12/0877

CPC classification number: G06F12/0877 ,  G06F2212/1021 ,  G06F2212/154 ,  G06F2212/263 ,  G06F2212/60

Abstract: Modifications to throughput capacity provisioned at a data store for servicing access requests to the data store may be performed according to cache performance metrics. A cache that services access requests to the data store may be monitored to collected and evaluate cache performance metrics. The cache performance metrics may be evaluated with respect to criteria for triggering different throughput modifications. In response to triggering a throughput modification, the throughput capacity for the data store may be modified according to the triggered throughput modification. In some embodiments, the criteria for detecting throughput modifications may be determined and modified based on cache performance metrics.

公开(公告)号：US09781081B1

公开(公告)日：2017-10-03

申请号：US14874248

申请日：2015-10-02

Applicant: Amazon Technologies, Inc.

Inventor： Muhammad Wasiq ,  Nima Sharifi Mehr

IPC: H04L29/06 ,  H04L9/32 ,  H04K1/00 ,  H04L9/00

CPC classification number: H04L63/0428 ,  H04L63/0478 ,  H04L63/06 ,  H04L63/061 ,  H04L63/166 ,  H04L63/168

Abstract: A client application cryptographically protects application data using an application-layer cryptographic key. The application-layer cryptographic key is derived from cryptographic material provided by a cryptographically protected network connection. The client exchanges the cryptographically protected application data with a service application via the cryptographically protected network connection. The client and service applications acquire matching application-layer cryptographic keys by leveraging shared secrets negotiated as part of establishing the cryptographically protected network connection. The shared secrets may include information that is negotiated as part of establishing a TLS session such as a pre-master secret, master secret, or session key. The application-layer cryptographic keys may be derived in part by applying a key derivation function, a one-way function or a cryptographic hash function to the shared secret information.

公开(公告)号：US09559849B1

公开(公告)日：2017-01-31

申请号：US14490465

申请日：2014-09-18

Applicant: Amazon Technologies, Inc.

Inventor： Muhammad Wasiq ,  Nima Sharifi Mehr

IPC: H04L29/00 ,  H04L9/32

CPC classification number: H04L63/0823 ,  H04L9/3247 ,  H04L9/3263 ,  H04L63/123 ,  H04L63/1483

Abstract: A service receives from a sender service a digital message and a corresponding trace, which includes an ordered set of digital signatures of one or more services that participated in causing the service to receive the digital message. The trace may further specify an ordering of the one or more services, which may be generated according to the order of participation of these one or more services. The service may compare the received trace to recorded message paths to determine whether the ordering specified within the trace is valid. If the ordering is valid, the service may use one or more digital certificates to further verify the digital signatures included within the trace. If the service determines that these digital signatures are also valid, the service may process the message.

Abstract translation: 服务从发送者服务接收数字消息和对应的跟踪，其包括参与使服务接收数字消息的一个或多个服务的有序数字签名集合。 跟踪可以进一步指定可以根据这些一个或多个服务的参与顺序生成的一个或多个服务的顺序。 服务可以将接收的跟踪与记录的消息路径进行比较，以确定跟踪中指定的排序是否有效。 如果订购有效，则服务可以使用一个或多个数字证书来进一步验证包含在跟踪内的数字签名。 如果服务确定这些数字签名也是有效的，则服务可以处理消息。

公开(公告)号：US11704408B1

公开(公告)日：2023-07-18

申请号：US17364440

申请日：2021-06-30

Applicant: Amazon Technologies, Inc.

Inventor： Mircea Ciubotariu ,  Muhammad Wasiq ,  Shane Anil Pereira

IPC: G06F21/00 ,  G06F21/56 ,  G06F21/57 ,  G06F9/455

CPC classification number: G06F21/565 ,  G06F21/577 ,  G06F9/45558 ,  G06F2009/45587 ,  G06F2221/034

Abstract: Techniques for threat scanning transplanted containers are described. A method of threat scanning transplanted containers may include generating a container map of running containers on a block storage volume mounted to a scanning instance of a threat scanning service, scanning the block storage volume by a scanning engine of the scanning instance, identifying at least one threat on the block storage volume, and identifying at least one container associated with the at least one threat using the container map.

公开(公告)号：US11095647B2

公开(公告)日：2021-08-17

申请号：US16265414

申请日：2019-02-01

Applicant: Amazon Technologies, Inc.

Inventor： Muhammad Wasiq ,  Nima Sharifi Mehr

IPC: H04L29/06 ,  H04L29/12 ,  H04L29/08 ,  G06F21/62

Abstract: Disclosed are various embodiments for preventing the unintended leakage of cookie data. In one embodiment, a browser application stores cookie data from a first network site having a high-level domain in a client computing device. A classification is assigned to a second network site having the high-level domain. The cookie data is sent to the second network site based at least in part on the classification rather than the default behavior of the browser application.