公开(公告)号：US11777995B2

公开(公告)日：2023-10-03

申请号：US17567318

申请日：2022-01-03

Applicant: Amazon Technologies, Inc.

Inventor： Ujjwal Rajkumar Pugalia ,  Sean McLaughlin ,  Neha Rungta ,  Andrew Jude Gacek ,  Matthias Schlaipfer ,  John Michael Renner ,  Jihong Chen ,  Alex Li ,  Erin Westfall ,  Daniel George Peebles ,  Himanshu Gupta

IPC: G06F15/16 ,  H04L9/40

CPC classification number: H04L63/20 ,  H04L63/08 ,  H04L63/102 ,  H04L63/105

Abstract: Resource state validation may be performed for access management policies by an identity and access management system. An access management policy associated with an account for network-based services may be received and validated according to resource state obtained for resources associated with the account. A correction for a portion of the access management policy may be identified according to the validation and provided via an interface for the identity and access management system.

公开(公告)号：US11757886B2

公开(公告)日：2023-09-12

申请号：US17119868

申请日：2020-12-11

Applicant: Amazon Technologies, Inc.

Inventor： John Byron Cook ,  Neha Rungta ,  Carsten Varming ,  Daniel George Peebles ,  Daniel Kroening ,  Alejandro Naser Pastoriza

IPC: H04L9/40 ,  H04L41/0604 ,  H04L41/22 ,  G06F21/62 ,  G06F16/901

CPC classification number: H04L63/101 ,  G06F21/62 ,  H04L41/0627 ,  H04L41/22 ,  H04L63/0435 ,  H04L63/10 ,  H04L63/105 ,  H04L63/20 ,  G06F16/9024

Abstract: Methods, systems, and computer-readable media for analysis of role reachability using policy complements are disclosed. An access control analyzer determines two nodes in a graph that potentially have a common edge. The nodes correspond to roles in a provider network, and the roles are associated with first and second access control policies that grant or deny access to resources. The access control analyzer performs a role reachability analysis that determines whether the first role can assume the second role for a particular state of one or more key-value tags. The role reachability analysis determines a third access control policy authorizing a negation of a role assumption request for the second role. The role reachability analysis performs analysis of the third access control policy with respect to a role assumption policy for the second role for the particular state of the one or more key-value tags.

公开(公告)号：US11483350B2

公开(公告)日：2022-10-25

申请号：US16369215

申请日：2019-03-29

Applicant: Amazon Technologies, Inc.

Inventor： Pauline Virginie Bolignano ,  Tyler Bray ,  John Byron Cook ,  Andrew Jude Gacek ,  Kasper Søe Luckow ,  Andrea Nedic ,  Neha Rungta ,  Cole Schlesinger ,  Carsten Varming

IPC: H04L9/40 ,  G06F8/41 ,  G06F9/54

Abstract: Techniques for intent-based governance are described. For example, in some instances a method of receiving an indication of a change involving of one or more of code, a policy, a network configuration, or a governance requirement rule impacting a resource in a provider network for an account that is to be analyzed using one or more governance requirement rules; determining one or more governance requirement rules to evaluate for compliance after the update; evaluating the determined one or more governance requirement rules for compliance using one or more reasoning engines according to one or more policies; and making a result of the evaluating available to a user provides such governance.

公开(公告)号：US11418532B1

公开(公告)日：2022-08-16

申请号：US16842496

申请日：2020-04-07

Applicant: Amazon Technologies, Inc.

Inventor： Michael Tautschnig ,  Neha Rungta ,  John Cook ,  Pauline Virginie Bolignano ,  Todd Granger MacDermid ,  Oksana Tkachuk

IPC: H04L29/06 ,  H04L9/40

Abstract: This disclosure describes techniques for automating a system-level security review of a network-based service. The techniques may include generating and utilizing a machine-readable threat model to identify system-level security threats to the network-based service. The network-based service may be scanned upon being provisioned in a service-provider network, and the machine-readable threat model may be generated based on results of the scan. The machine-readable threat model may represent components of the network-based service, system-level security constraints configured to identify system-level security threats to the service, and mitigations to remedy violations to the system-level security constraints. The network-based service may be continuously, or periodically, scanned to identify changes in the network-based service. The techniques further include updating the machine-readable threat model to account for the detected changes to the network-based service, and analyzing the updated machine-readable threat model to determine whether the changes to the network-based service violate a system-level security constraint.

公开(公告)号：US20190007418A1

公开(公告)日：2019-01-03

申请号：US15637238

申请日：2017-06-29

Applicant: Amazon Technologies, Inc.

Inventor： John Cook ,  Neha Rungta ,  Catherine Dodge ,  Jeff Puchalski ,  Carsten Varming

IPC: H04L29/06

Abstract: Requests of a computing system may be monitored. A request associated with the application of a policy may be identified and a policy verification routine may be invoked. The policy verification routine may detect whether the policy of the request is more permissive than a reference policy and perform a mitigation routine in response to determining that the policy of the request is more permissive than the reference policy. Propositional logics may be utilized in the evaluation of policies.

公开(公告)号：US12299154B1

公开(公告)日：2025-05-13

申请号：US17663401

申请日：2022-05-13

Applicant: Amazon Technologies, Inc.

Inventor： Jared Curran Davis ,  Andrew Jude Gacek ,  Harsh Raju Chamarthi ,  Neha Rungta ,  Vaibhav Bhushan Sharma

IPC: G06F21/62

Abstract: Secure data handling discovery techniques model are implemented to discover access to secure data within an application. A dataflow model is generated for an application to describe a secure zone with respect to secure data. The dataflow model is then evaluated and updated when dataflows that exit the secure zone are detected. Classifications of the exits are received and used to update the dataflow model.

公开(公告)号：US12261888B2

公开(公告)日：2025-03-25

申请号：US18070349

申请日：2022-11-28

Applicant: Amazon Technologies, Inc.

Inventor： Michael W. Hicks ,  John Holman Kastner ,  Emina Torlak ,  Richard Matthew McCutchen ,  Darin McAdams ,  Neha Rungta ,  Aaron Joseph Eline ,  Joseph Wallace Cutler ,  Eleftherios Ioannidis

IPC: H04L9/40

Abstract: A system and method for authorization policy validation. A validator takes as input an authorization policy to be analyzed and a schema that specifies entity types and their attributes, types of entity parents in an entity hierarchy, and which entity types can be used with which actions. The validator checks that the policy conforms to the schema. If the check passes, then the policy is guaranteed to be free of both type errors and attribute access errors for any input that conforms to the schema.

公开(公告)号：US20240314134A1

公开(公告)日：2024-09-19

申请号：US18674692

申请日：2024-05-24

Applicant: Amazon Technologies, Inc.

Inventor： John Byron Cook ,  Neha Rungta ,  Carsten Varming ,  Daniel George Peebles ,  Daniel Kroening ,  Alejandro Naser Pastoriza

IPC: H04L9/40 ,  H04L41/0604 ,  H04L41/22

CPC classification number: H04L63/101 ,  H04L41/0627 ,  H04L41/22 ,  H04L63/0435 ,  H04L63/20 ,  H04L63/105

Abstract: Methods, systems, and computer-readable media for analysis of role reachability with transitive tags are disclosed. An access control analyzer determines a graph including nodes and edges. The nodes represent roles in a provider network hosting resources. The roles are associated with access control policies granting or denying access to individual resources. One or more of the access control policies grant or deny access based (at least in part) on key-value attributes. The access control analyzer determines, based (at least in part) on a role reachability analysis of the graph, whether a first role can assume a second role using role assumption steps for a particular state of the attributes. The attributes may include transitive attributes that persist during the role assumption steps.

公开(公告)号：US12034727B2

公开(公告)日：2024-07-09

申请号：US17119855

申请日：2020-12-11

Applicant: Amazon Technologies, Inc.

Inventor： John Byron Cook ,  Neha Rungta ,  Carsten Varming ,  Daniel George Peebles ,  Daniel Kroening ,  Alejandro Naser Pastoriza

IPC: H04L9/40 ,  H04L41/0604 ,  H04L41/22

CPC classification number: H04L63/101 ,  H04L41/0627 ,  H04L41/22 ,  H04L63/0435 ,  H04L63/20 ,  H04L63/105

Abstract: Methods, systems, and computer-readable media for analysis of role reachability with transitive tags are disclosed. An access control analyzer determines a graph including nodes and edges. The nodes represent roles in a provider network hosting resources. The roles are associated with access control policies granting or denying access to individual resources. One or more of the access control policies grant or deny access based (at least in part) on key-value attributes. The access control analyzer determines, based (at least in part) on a role reachability analysis of the graph, whether a first role can assume a second role using role assumption steps for a particular state of the attributes. The attributes may include transitive attributes that persist during the role assumption steps.

公开(公告)号：US11797317B1

公开(公告)日：2023-10-24

申请号：US17548225

申请日：2021-12-10

Applicant: Amazon Technologies, Inc.

Inventor： Sean McLaughlin ,  Tongtong Xiang ,  Matthias Schlaipfer ,  Neha Rungta ,  Serdar Tasiran ,  John Byron Cook ,  Michael William Whalen

IPC: G06F9/445 ,  G06F11/36 ,  G06F8/60 ,  G06F8/41

CPC classification number: G06F9/44589 ,  G06F8/44 ,  G06F8/60 ,  G06F11/3608 ,  G06F11/3612

Abstract: A software development process may support a transition from unverifiable, legacy code to verifiable code that is provably correct by construction. A behavioral model may be developed for legacy software that includes various behavioral criteria. Then, source code implemented in a verifiable language may be verified using the behavioral model to perform verification. Once the source code is complete and verified, a new verified implementation may be compiled. The verified implementation may then be executed, along with the legacy software, to identify differences in behavior which are fed back into the behavioral model and subsequently into the new source code. This process may then be iterated with the verifiable code being deployable once behavioral differences are resolved.