公开(公告)号：US20180159891A1

公开(公告)日：2018-06-07

申请号：US15874771

申请日：2018-01-18

Applicant: Amazon Technologies, Inc.

Inventor： Hassan Sultan ,  John Schweitzer ,  Donald Lee Bailey, JR. ,  Gregory Branchek Roth ,  Nachiketh Rao Potlapally

IPC: H04L29/06 ,  G06F21/53 ,  G06F21/55

CPC classification number: H04L63/1433 ,  G06F21/53 ,  G06F21/554 ,  H04L63/1441 ,  H04L63/20

Abstract: A graph of a plurality of resources in a computing environment is generated, with the graph associating a first resource of the plurality with a second resource of the plurality. Based at least in part on measurements obtained at a point in a test computing environment that corresponds to a point in the computing environment, a graph representing the relationship between the first resource and the second resource is generated. A threat model identifying potential risks to the computing environment is created from the graph.

公开(公告)号：US10706155B1

公开(公告)日：2020-07-07

申请号：US15719450

申请日：2017-09-28

Applicant: Amazon Technologies, Inc.

Inventor： Vladimir Veselov ,  Adrian-Radu Grajdeanu ,  Hassan Sultan

IPC: G06F21/57 ,  G06F9/455

Abstract: Systems for providing a security assessment of a target computing resource, such as a virtual machine or an instance of a virtual machine, include a security assessments provisioning service that provisions third-party-authored rules packages and security assessments into the computing environment of the target computing resource. The third-party rules package includes rules that can operate on telemetry and configuration data of the target computing resource, produced by sensors that are native to the computing environment, but the sensor protocols, message format, and sensitive data are not exposed to the rules. The provisioning service can provide security assessments and/or rules packages that are “native” and are thus able to operate directly on the telemetry and configuration data.

公开(公告)号：US11805109B1

公开(公告)日：2023-10-31

申请号：US16285086

申请日：2019-02-25

Applicant: Amazon Technologies, Inc.

Inventor： Atul Khare ,  Ravi Akundi Murty ,  Hassan Sultan

IPC: H04L9/40 ,  H04L29/06 ,  H04L9/08 ,  H04L67/14 ,  G06F12/14

CPC classification number: H04L63/0485 ,  H04L63/0435 ,  H04L63/0471 ,  H04L63/166

Abstract: A computing device includes one or more processors, a memory and an encryption accelerator. The memory includes instructions that when executed on the processors cause a first networking session to be established between a pair of communication peers. Encryption of messages of the first session is enabled by a parameter of a security protocol of the session. The encryption accelerator obtains a key determined in the first session, and uses the key to encrypt messages of a second networking session established between the peers.

公开(公告)号：US10110629B1

公开(公告)日：2018-10-23

申请号：US15080504

申请日：2016-03-24

Applicant: Amazon Technologies, Inc.

Inventor： William Frederick Hingle Kruse ,  Hassan Sultan ,  Nicholas Howard Brown ,  James Leon Irving, Jr. ,  Donald Lee Bailey, Jr.

IPC: H04L29/06

Abstract: A honeypot resource management service receives a request to provision one or more honeypot resources. In response to the request, the service identifies at least one computing resource service that is to be used to present the one or more honeypot resources. The service generates configuration information that is transmitted to the at least one computing resource service to cause the computing resource service to present the one or more honeypot resources to users in accordance with a set of parameters specified in the configuration information.

公开(公告)号：US09876815B2

公开(公告)日：2018-01-23

申请号：US15256381

申请日：2016-09-02

Applicant: Amazon Technologies, Inc.

Inventor： Hassan Sultan ,  John Schweitzer ,  Donald Lee Bailey, Jr. ,  Gregory Branchek Roth ,  Nachiketh Rao Potlapally

IPC: G08B23/00 ,  H04L29/06 ,  G06F21/53 ,  G06F21/55

CPC classification number: H04L63/1433 ,  G06F21/53 ,  G06F21/554 ,  H04L63/1441 ,  H04L63/20

Abstract: A graph of a plurality of resources in a computing environment is generated, with the graph associating a first resource of the plurality with a second resource of the plurality. Based at least in part on measurements obtained at a point in a test computing environment that corresponds to a point in the computing environment, an expected value or expected range of values is determined. An assessment of a security state of the computing environment is generated based at least in part on a comparison between a measurement obtained at the point in the computing environment and the expected value or expected range of values, and responsive to a determination that the assessment indicates a rule violation in the computing environment, a security action is performed.

公开(公告)号：US09438618B1

公开(公告)日：2016-09-06

申请号：US14673642

申请日：2015-03-30

Applicant: Amazon Technologies, Inc.

Inventor： Hassan Sultan ,  John Schweitzer ,  Donald Lee Bailey, Jr. ,  Gregory Branchek Roth ,  Nachiketh Rao Potlapally

IPC: G06F7/04 ,  H04L29/06

CPC classification number: H04L63/1433 ,  G06F21/53 ,  G06F21/554 ,  H04L63/1441 ,  H04L63/20

Abstract: A system and method for threat detection and mitigation through run-time introspection. The system and method comprising receiving a request to monitor a computing environment. Based on the received request, the system and method further includes determining a set of introspection points for monitoring the computing environment. receive a request to monitor a computing environment, measuring at individual introspection points of the set of introspection points to obtain a set of measurements, generating a graph of a set of resources in the computing environment, wherein the graph correlates individual resources in the set of resources to other resources based on at based at least in part on the set of measurements, and determining whether to perform a security action based at least in part on whether an evaluation of the graph indicates a threat to the computing environment.

Abstract translation: 一种通过运行时内省进行威胁检测和缓解的系统和方法。 该系统和方法包括接收监视计算环境的请求。 基于接收的请求，系统和方法还包括确定用于监视计算环境的一组内省点。 接收监视计算环境的请求，在所述一组内省点的各个内省点处进行测量以获得一组测量，生成计算环境中的一组资源的图，其中所述图将所述一组 至少部分地基于所述一组测量，以及至少部分地基于所述图形的评估是否指示对所述计算环境的威胁来确定是否执行安全动作来确定基于其他资源的资源。

公开(公告)号：US11822690B1

公开(公告)日：2023-11-21

申请号：US17156863

申请日：2021-01-25

Applicant: Amazon Technologies, Inc.

Inventor： Hassan Sultan ,  Mayank Thakore

IPC: G06F21/62

CPC classification number: G06F21/6227 ,  G06F21/6209

Abstract: Devices and techniques are generally described for centralized data egress validation. In various examples, a request to send first data to a first destination may be received. In some examples, a first decoder that corresponds to a format of the first data may be determined. In further examples, a policy associated with the first decoder may be determined. In some examples, second data may be generated using the first decoder to parse the first data according to the policy. In various examples, the second data may be evaluated using the policy and a determination may be made whether the first data is permissible to send to the first destination.

公开(公告)号：US10348759B2

公开(公告)日：2019-07-09

申请号：US15874771

申请日：2018-01-18

Applicant: Amazon Technologies, Inc.

Inventor： Hassan Sultan ,  John Schweitzer ,  Donald Lee Bailey, Jr. ,  Gregory Branchek Roth ,  Nachiketh Rao Potlapally

IPC: G08B23/00 ,  H04L29/06 ,  G06F21/53 ,  G06F21/55

Abstract: A graph of a plurality of resources in a computing environment is generated, with the graph associating a first resource of the plurality with a second resource of the plurality. Based at least in part on measurements obtained at a point in a test computing environment that corresponds to a point in the computing environment, a graph representing the relationship between the first resource and the second resource is generated. A threat model identifying potential risks to the computing environment is created from the graph.

公开(公告)号：US20160373481A1

公开(公告)日：2016-12-22

申请号：US15256381

申请日：2016-09-02

Applicant: Amazon Technologies, Inc.

Inventor： Hassan Sultan ,  John Schweitzer ,  Donald Lee Bailey, JR. ,  Gregory Branchek Roth ,  Nachiketh Rao Potlapally

IPC: H04L29/06

CPC classification number: H04L63/1433 ,  G06F21/53 ,  G06F21/554 ,  H04L63/1441 ,  H04L63/20

Abstract: A graph of a plurality of resources in a computing environment is generated, with the graph associating a first resource of the plurality with a second resource of the plurality. Based at least in part on measurements obtained at a point in a test computing environment that corresponds to a point in the computing environment, an expected value or expected range of values is determined. An assessment of a security state of the computing environment is generated based at least in part on a comparison between a measurement obtained at the point in the computing environment and the expected value or expected range of values, and responsive to a determination that the assessment indicates a rule violation in the computing environment, a security action is performed.

Abstract translation: 生成计算环境中的多个资源的图形，其中该图将多个的第一资源与多个的第二资源相关联。 至少部分地基于在与计算环境中的点对应的测试计算环境中的点处获得的测量值，确定值的期望值或预期范围。 至少部分地基于在计算环境中的点获得的测量值与期望值或期望值之间的比较来生成对计算环境的安全状态的评估，并且响应于评估指示的确定 在计算环境中的规则违规，执行安全措施。