-
公开(公告)号:US11616800B2
公开(公告)日:2023-03-28
申请号:US16985954
申请日:2020-08-05
Applicant: Amazon Technologies, Inc.
Inventor: John Cook , Neha Rungta , Catherine Dodge , Jeff Puchalski , Carsten Varming
IPC: H04L9/40 , H04L41/0869 , H04L41/22 , G06F21/55 , G06F21/57 , G06F21/60 , H04L41/0893
Abstract: Security policies may be utilized to grant or deny permissions related to the access of computing resources. Two or more security policies may be compared to determine whether the policies are equivalent, whether one security is more permissive than another, and more. In some cases, it may be possible to identify whether there exists a security permission that is sufficient to determine two security policies lack equivalency. Propositional logics may be utilized in the evaluation of security policies.
-
公开(公告)号:US10757128B2
公开(公告)日:2020-08-25
申请号:US15637227
申请日:2017-06-29
Applicant: Amazon Technologies, Inc.
Inventor: John Cook , Neha Rungta , Catherine Dodge , Jeff Puchalski , Carsten Varming
Abstract: Security policies may be utilized to grant or deny permissions related to the access of computing resources. Two or more security policies may be compared to determine whether the policies are equivalent, whether one security is more permissive than another, and more. In some cases, it may be possible to identify whether there exists a security permission that is sufficient to determine two security policies lack equivalency. Propositional logics may be utilized in the evaluation of security policies.
-
公开(公告)号:US20190007443A1
公开(公告)日:2019-01-03
申请号:US15637227
申请日:2017-06-29
Applicant: Amazon Technologies, Inc.
Inventor: John Cook , Neha Rungta , Catherine Dodge , Jeff Puchalski , Carsten Varming
Abstract: Security policies may be utilized to grant or deny permissions related to the access of computing resources. Two or more security policies may be compared to determine whether the policies are equivalent, whether one security is more permissive than another, and more. In some cases, it may be possible to identify whether there exists a security permission that is sufficient to determine two security policies lack equivalency. Propositional logics may be utilized in the evaluation of security policies.
-
公开(公告)号:US11863563B1
公开(公告)日:2024-01-02
申请号:US15923832
申请日:2018-03-16
Applicant: Amazon Technologies, Inc.
Inventor: Neha Rungta , Tyler Stuart Bray , Kasper Søe Luckow , Alexander Watson , Jeff Puchalski , John Cook , Michael Gough
IPC: H04L9/40
CPC classification number: H04L63/105 , H04L63/20
Abstract: The appropriate scoping of an access policy can be determined using the observed access and usage of various resources covered under that policy. Information about access requests received over a period of time can be logged, and actions represented in the log data can be mapped to the permissions of the access policy. A new access policy can be generated that includes grant permissions only for those actions that were received and/or granted during the monitored period of time. The new policy can be processed using policy logic to ensure that changes in permission comply with rules or policies for the target resources. The new policy can be at least partially implemented, or can be provided to an authorized user, who can choose to adopt or deny the new policy, or to accept some of the recommendations for modifying the current policy.
-
公开(公告)号:US20230370473A1
公开(公告)日:2023-11-16
申请号:US18359456
申请日:2023-07-26
Applicant: Amazon Technologies, Inc.
Inventor: Neha Rungta , Tyler Stuart Bray , Kasper Søe Luckow , Alexander Watson , Jeff Puchalski , John Cook , Michael Gough
IPC: H04L9/40
CPC classification number: H04L63/105 , H04L63/20
Abstract: The appropriate scoping of an access policy can be determined using the observed access and usage of various resources covered under that policy. Information about access requests received over a period of time can be logged, and actions represented in the log data can be mapped to the permissions of the access policy. A new access policy can be generated that includes grant permissions only for those actions that were received and/or granted during the monitored period of time. The new policy can be processed using policy logic to ensure that changes in permission comply with rules or policies for the target resources. The new policy can be at least partially implemented, or can be provided to an authorized user, who can choose to adopt or deny the new policy, or to accept some of the recommendations for modifying the current policy.
-
公开(公告)号:US20190007418A1
公开(公告)日:2019-01-03
申请号:US15637238
申请日:2017-06-29
Applicant: Amazon Technologies, Inc.
Inventor: John Cook , Neha Rungta , Catherine Dodge , Jeff Puchalski , Carsten Varming
IPC: H04L29/06
Abstract: Requests of a computing system may be monitored. A request associated with the application of a policy may be identified and a policy verification routine may be invoked. The policy verification routine may detect whether the policy of the request is more permissive than a reference policy and perform a mitigation routine in response to determining that the policy of the request is more permissive than the reference policy. Propositional logics may be utilized in the evaluation of policies.
-
-
-
-
-