公开(公告)号：US11616800B2

公开(公告)日：2023-03-28

申请号：US16985954

申请日：2020-08-05

Applicant: Amazon Technologies, Inc.

Inventor： John Cook ,  Neha Rungta ,  Catherine Dodge ,  Jeff Puchalski ,  Carsten Varming

IPC: H04L9/40 ,  H04L41/0869 ,  H04L41/22 ,  G06F21/55 ,  G06F21/57 ,  G06F21/60 ,  H04L41/0893

Abstract: Security policies may be utilized to grant or deny permissions related to the access of computing resources. Two or more security policies may be compared to determine whether the policies are equivalent, whether one security is more permissive than another, and more. In some cases, it may be possible to identify whether there exists a security permission that is sufficient to determine two security policies lack equivalency. Propositional logics may be utilized in the evaluation of security policies.

公开(公告)号：US10757128B2

公开(公告)日：2020-08-25

申请号：US15637227

申请日：2017-06-29

Applicant: Amazon Technologies, Inc.

Inventor： John Cook ,  Neha Rungta ,  Catherine Dodge ,  Jeff Puchalski ,  Carsten Varming

IPC: G06F21/57 ,  G06F21/60 ,  H04L29/06 ,  H04L12/24 ,  G06F21/55

Abstract: Security policies may be utilized to grant or deny permissions related to the access of computing resources. Two or more security policies may be compared to determine whether the policies are equivalent, whether one security is more permissive than another, and more. In some cases, it may be possible to identify whether there exists a security permission that is sufficient to determine two security policies lack equivalency. Propositional logics may be utilized in the evaluation of security policies.

公开(公告)号：US20190007443A1

公开(公告)日：2019-01-03

申请号：US15637227

申请日：2017-06-29

Applicant: Amazon Technologies, Inc.

Inventor： John Cook ,  Neha Rungta ,  Catherine Dodge ,  Jeff Puchalski ,  Carsten Varming

IPC: H04L29/06 ,  H04L12/24 ,  G06F21/55

Abstract: Security policies may be utilized to grant or deny permissions related to the access of computing resources. Two or more security policies may be compared to determine whether the policies are equivalent, whether one security is more permissive than another, and more. In some cases, it may be possible to identify whether there exists a security permission that is sufficient to determine two security policies lack equivalency. Propositional logics may be utilized in the evaluation of security policies.

公开(公告)号：US11863563B1

公开(公告)日：2024-01-02

申请号：US15923832

申请日：2018-03-16

Applicant: Amazon Technologies, Inc.

Inventor： Neha Rungta ,  Tyler Stuart Bray ,  Kasper Søe Luckow ,  Alexander Watson ,  Jeff Puchalski ,  John Cook ,  Michael Gough

IPC: H04L9/40

CPC classification number: H04L63/105 ,  H04L63/20

Abstract: The appropriate scoping of an access policy can be determined using the observed access and usage of various resources covered under that policy. Information about access requests received over a period of time can be logged, and actions represented in the log data can be mapped to the permissions of the access policy. A new access policy can be generated that includes grant permissions only for those actions that were received and/or granted during the monitored period of time. The new policy can be processed using policy logic to ensure that changes in permission comply with rules or policies for the target resources. The new policy can be at least partially implemented, or can be provided to an authorized user, who can choose to adopt or deny the new policy, or to accept some of the recommendations for modifying the current policy.

公开(公告)号：US20230370473A1

公开(公告)日：2023-11-16

申请号：US18359456

申请日：2023-07-26

Applicant: Amazon Technologies, Inc.

Inventor： Neha Rungta ,  Tyler Stuart Bray ,  Kasper Søe Luckow ,  Alexander Watson ,  Jeff Puchalski ,  John Cook ,  Michael Gough

IPC: H04L9/40

CPC classification number: H04L63/105 ,  H04L63/20

Abstract: The appropriate scoping of an access policy can be determined using the observed access and usage of various resources covered under that policy. Information about access requests received over a period of time can be logged, and actions represented in the log data can be mapped to the permissions of the access policy. A new access policy can be generated that includes grant permissions only for those actions that were received and/or granted during the monitored period of time. The new policy can be processed using policy logic to ensure that changes in permission comply with rules or policies for the target resources. The new policy can be at least partially implemented, or can be provided to an authorized user, who can choose to adopt or deny the new policy, or to accept some of the recommendations for modifying the current policy.

公开(公告)号：US20190007418A1

公开(公告)日：2019-01-03

申请号：US15637238

申请日：2017-06-29

Applicant: Amazon Technologies, Inc.

Inventor： John Cook ,  Neha Rungta ,  Catherine Dodge ,  Jeff Puchalski ,  Carsten Varming

IPC: H04L29/06

Abstract: Requests of a computing system may be monitored. A request associated with the application of a policy may be identified and a policy verification routine may be invoked. The policy verification routine may detect whether the policy of the request is more permissive than a reference policy and perform a mitigation routine in response to determining that the policy of the request is more permissive than the reference policy. Propositional logics may be utilized in the evaluation of policies.