公开(公告)号：US20200314145A1

公开(公告)日：2020-10-01

申请号：US16369215

申请日：2019-03-29

Applicant: Amazon Technologies, Inc.

Inventor： Pauline Virginie BOLIGNANO ,  Tyler BRAY ,  John Byron COOK ,  Andrew Jude GACEK ,  Kasper Søe LUCKOW ,  Andrea NEDIC ,  Neha RUNGTA ,  Cole SCHLESINGER ,  Carsten VARMING

IPC: H04L29/06 ,  G06F9/54 ,  G06F8/41

Abstract: Techniques for intent-based governance are described. For example, in some instances a method of receiving an indication of a change involving of one or more of code, a policy, a network configuration, or a governance requirement rule impacting a resource in a provider network for an account that is to be analyzed using one or more governance requirement rules; determining one or more governance requirement rules to evaluate for compliance after the update; evaluating the determined one or more governance requirement rules for compliance using one or more reasoning engines according to one or more policies; and making a result of the evaluating available to a user provides such governance.

公开(公告)号：US20190278928A1

公开(公告)日：2019-09-12

申请号：US15913741

申请日：2018-03-06

Applicant: Amazon Technologies, Inc.

Inventor： Neha RUNGTA ,  Pauline Virginie BOLIGNANO ,  Catherine DODGE ,  Carsten VARMING ,  John COOK ,  Rajesh VISWANATHAN ,  Daryl Stephen COOKE ,  Santosh KALYANKRISHNAN

IPC: G06F21/62 ,  G06F9/445 ,  G06F9/455

Abstract: A security assessment system of a computing resource service provider performs security analyses of virtual resource instances, such as virtual machine instances and virtual data store instances, to verify that certain invariable security requirements are satisfied by the instances' corresponding configurations; these analyses are performed before the instances are provisioned and deployed. If the security checks, which can be selected by the administrator of the resources, fail, the requested resources are denied deployment. Notifications identifying the faulty configuration(s) may be send to the administrative user. A template for launching virtual resource instances may be transformed into an optimized template for performing the pre-deployment security checks, such as by storing information needed to perform the checks within the optimized template itself.

公开(公告)号：US20220094643A1

公开(公告)日：2022-03-24

申请号：US17029581

申请日：2020-09-23

Applicant: Amazon Technologies, Inc.

Inventor： John Byron COOK ,  Neha RUNGTA ,  Andrew Jude GACEK ,  Daniel George PEEBLES ,  Carsten VARMING

IPC: H04L12/911 ,  H04L12/923

Abstract: Techniques are described for using compositional reasoning techniques to perform role reachability analyses relative to collections of user accounts and roles of a cloud provider network. Delegated role-based resource management generally is a method for controlling access to resources in cloud provider networks and other distributed systems. Many cloud provider networks, for example, implement identity and access management subsystems using this approach, where the concept of “roles” is used to specify which resources can be accessed by people, software, or (recursively) by other roles. An abstraction of the role reachability analysis is provided that can be used as input to a model-checking application to reason about such role reachability questions (e.g., which roles of an organization are reachable from other roles).

公开(公告)号：US20200257611A1

公开(公告)日：2020-08-13

申请号：US16864713

申请日：2020-05-01

Applicant: Amazon Technologies, Inc.

Inventor： Juan Rodriguez HORTALA ,  Neha RUNGTA ,  Mark R. TUTTLE ,  Serdar TASIRAN ,  Michael TAUTSCHNIG ,  Andrea NEDIC ,  Carsten VARMING ,  John Byron COOK ,  Sean MCLAUGHLIN

IPC: G06F11/36 ,  G06F9/50 ,  G06F8/65 ,  G06F9/54

Abstract: A method for verifying source code for a program includes determining that a new version of the source code is available. One or more verification tools are determined to use for verification of the new version of the source code from a verification specification associated with the source code. A plurality of verification tasks to perform for the verification of the new version of the source code are automatically determined from the verification specification associated with the source code. The plurality of verification tasks for the new version of the source code are automatically performed using the one or more verification tools. A determination is then made as to whether the new version of the source code is verified.

公开(公告)号：US20200073739A1

公开(公告)日：2020-03-05

申请号：US16115408

申请日：2018-08-28

Applicant: Amazon Technologies, Inc.

Inventor： Neha RUNGTA ,  Temesghen KAHSAI AZENE ,  Pauline Virginie BOLIGNANO ,  Kasper Soe LUCKOW ,  Sean McLAUGHLIN ,  Catherine DODGE ,  Andrew Jude GACEK ,  Carsten VARMING ,  John Byron COOK ,  Daniel SCHWARTZ-NARBONNE ,  Juan Rodriguez HORTALA

IPC: G06F11/07 ,  G06F11/14 ,  G06F9/50 ,  G06F9/455 ,  G06F9/451 ,  G06F8/60

Abstract: A constraint solver service of a computing resource service provider performs evaluations of logic problems provided by the service provider's users and/or services by deploying a plurality of constraint solvers to concurrently evaluate the logic problem. Each deployed solver has, or is configured with, different characteristics and/or capabilities than the other solvers; thus, the solvers can have varying execution times and ways of finding a solution. The service may control execution of the solvers using virtual computing resources, such as by installing and configuring a solver to execute in a software container instance. The service receives solver results and delivers them according to a solution strategy such as “first received” to reduce latency or “check for agreement” to validate the solution. An interface allows the provider of the logic problem to select and configure solvers, issue commands and modifications during solver execution, select the solution strategy, and receive the solution.