公开(公告)号：US20180159891A1

公开(公告)日：2018-06-07

申请号：US15874771

申请日：2018-01-18

Applicant: Amazon Technologies, Inc.

Inventor： Hassan Sultan ,  John Schweitzer ,  Donald Lee Bailey, JR. ,  Gregory Branchek Roth ,  Nachiketh Rao Potlapally

IPC: H04L29/06 ,  G06F21/53 ,  G06F21/55

CPC classification number: H04L63/1433 ,  G06F21/53 ,  G06F21/554 ,  H04L63/1441 ,  H04L63/20

Abstract: A graph of a plurality of resources in a computing environment is generated, with the graph associating a first resource of the plurality with a second resource of the plurality. Based at least in part on measurements obtained at a point in a test computing environment that corresponds to a point in the computing environment, a graph representing the relationship between the first resource and the second resource is generated. A threat model identifying potential risks to the computing environment is created from the graph.

公开(公告)号：US09876815B2

公开(公告)日：2018-01-23

申请号：US15256381

申请日：2016-09-02

Applicant: Amazon Technologies, Inc.

Inventor： Hassan Sultan ,  John Schweitzer ,  Donald Lee Bailey, Jr. ,  Gregory Branchek Roth ,  Nachiketh Rao Potlapally

IPC: G08B23/00 ,  H04L29/06 ,  G06F21/53 ,  G06F21/55

CPC classification number: H04L63/1433 ,  G06F21/53 ,  G06F21/554 ,  H04L63/1441 ,  H04L63/20

Abstract: A graph of a plurality of resources in a computing environment is generated, with the graph associating a first resource of the plurality with a second resource of the plurality. Based at least in part on measurements obtained at a point in a test computing environment that corresponds to a point in the computing environment, an expected value or expected range of values is determined. An assessment of a security state of the computing environment is generated based at least in part on a comparison between a measurement obtained at the point in the computing environment and the expected value or expected range of values, and responsive to a determination that the assessment indicates a rule violation in the computing environment, a security action is performed.

公开(公告)号：US09471354B1

公开(公告)日：2016-10-18

申请号：US14314926

申请日：2014-06-25

Applicant: Amazon Technologies, Inc.

Inventor： John Schweitzer

IPC: G06F9/455 ,  G06F9/48

CPC classification number: G06F9/4843 ,  G06F8/63 ,  G06F9/45504

Abstract: A virtual computer system service determines, for a selected virtual machine image, information that is generated based at least in part on the contents of the selected virtual machine image. The virtual computer system service may compare this information to other information obtained from other virtual machine images to determine a similarity score for each of these other virtual machine images. Based at least in part on these similarity scores, the virtual computer system service determines a provenance for the selected virtual machine image, which is provided to an administrator, customer or other entity.

Abstract translation: 虚拟计算机系统服务针对所选择的虚拟机映像确定至少部分地基于所选择的虚拟机映像的内容生成的信息。 虚拟计算机系统服务可以将该信息与从其他虚拟机图像获得的其他信息进行比较，以确定这些其他虚拟机图像中的每一个的相似性得分。 至少部分地基于这些相似度得分，虚拟计算机系统服务确定所提供给管理员，客户或其他实体的所选择的虚拟机映像的来源。

公开(公告)号：US09438618B1

公开(公告)日：2016-09-06

申请号：US14673642

申请日：2015-03-30

Applicant: Amazon Technologies, Inc.

Inventor： Hassan Sultan ,  John Schweitzer ,  Donald Lee Bailey, Jr. ,  Gregory Branchek Roth ,  Nachiketh Rao Potlapally

IPC: G06F7/04 ,  H04L29/06

CPC classification number: H04L63/1433 ,  G06F21/53 ,  G06F21/554 ,  H04L63/1441 ,  H04L63/20

Abstract: A system and method for threat detection and mitigation through run-time introspection. The system and method comprising receiving a request to monitor a computing environment. Based on the received request, the system and method further includes determining a set of introspection points for monitoring the computing environment. receive a request to monitor a computing environment, measuring at individual introspection points of the set of introspection points to obtain a set of measurements, generating a graph of a set of resources in the computing environment, wherein the graph correlates individual resources in the set of resources to other resources based on at based at least in part on the set of measurements, and determining whether to perform a security action based at least in part on whether an evaluation of the graph indicates a threat to the computing environment.

Abstract translation: 一种通过运行时内省进行威胁检测和缓解的系统和方法。 该系统和方法包括接收监视计算环境的请求。 基于接收的请求，系统和方法还包括确定用于监视计算环境的一组内省点。 接收监视计算环境的请求，在所述一组内省点的各个内省点处进行测量以获得一组测量，生成计算环境中的一组资源的图，其中所述图将所述一组 至少部分地基于所述一组测量，以及至少部分地基于所述图形的评估是否指示对所述计算环境的威胁来确定是否执行安全动作来确定基于其他资源的资源。

公开(公告)号：US10348759B2

公开(公告)日：2019-07-09

申请号：US15874771

申请日：2018-01-18

Applicant: Amazon Technologies, Inc.

Inventor： Hassan Sultan ,  John Schweitzer ,  Donald Lee Bailey, Jr. ,  Gregory Branchek Roth ,  Nachiketh Rao Potlapally

IPC: G08B23/00 ,  H04L29/06 ,  G06F21/53 ,  G06F21/55

Abstract: A graph of a plurality of resources in a computing environment is generated, with the graph associating a first resource of the plurality with a second resource of the plurality. Based at least in part on measurements obtained at a point in a test computing environment that corresponds to a point in the computing environment, a graph representing the relationship between the first resource and the second resource is generated. A threat model identifying potential risks to the computing environment is created from the graph.

公开(公告)号：US20160373481A1

公开(公告)日：2016-12-22

申请号：US15256381

申请日：2016-09-02

Applicant: Amazon Technologies, Inc.

Inventor： Hassan Sultan ,  John Schweitzer ,  Donald Lee Bailey, JR. ,  Gregory Branchek Roth ,  Nachiketh Rao Potlapally

IPC: H04L29/06

CPC classification number: H04L63/1433 ,  G06F21/53 ,  G06F21/554 ,  H04L63/1441 ,  H04L63/20

Abstract: A graph of a plurality of resources in a computing environment is generated, with the graph associating a first resource of the plurality with a second resource of the plurality. Based at least in part on measurements obtained at a point in a test computing environment that corresponds to a point in the computing environment, an expected value or expected range of values is determined. An assessment of a security state of the computing environment is generated based at least in part on a comparison between a measurement obtained at the point in the computing environment and the expected value or expected range of values, and responsive to a determination that the assessment indicates a rule violation in the computing environment, a security action is performed.

Abstract translation: 生成计算环境中的多个资源的图形，其中该图将多个的第一资源与多个的第二资源相关联。 至少部分地基于在与计算环境中的点对应的测试计算环境中的点处获得的测量值，确定值的期望值或预期范围。 至少部分地基于在计算环境中的点获得的测量值与期望值或期望值之间的比较来生成对计算环境的安全状态的评估，并且响应于评估指示的确定 在计算环境中的规则违规，执行安全措施。