公开(公告)号：US12164652B1

公开(公告)日：2024-12-10

申请号：US17546494

申请日：2021-12-09

Applicant: Amazon Technologies, Inc.

Inventor： Meng Li ,  Vishal Gori ,  Zhixing Xu ,  Niloofar Razavi ,  Oksana Tkachuk

IPC: G06F21/60 ,  G06F21/31 ,  G06F21/45 ,  G06F21/62

Abstract: Techniques are described for analyzing privilege escalation risks within the accounts, roles, and policies that comprise an organization's cloud provider environment. Privilege escalation refers broadly to scenarios in which a principal (e.g., a person or application) is able to gain access to resources or actions in a cloud provider environment that exceed a level intended for that principal. In the context of cloud provider environments, for example, such privilege escalation risks can result from the misconfiguration of policies and permissions attached to identities (e.g., users, groups of users, or roles) within an organization's environment. A multi-layer reasoning framework is used to build an ontology model of an organization's identities and relations among the identities, including defined access relationships, permission mutation relationships, and credential mutation relationships. The framework is further used to query the ontology model to identify particular identities associated with one or more specific types of privilege escalation risks.

公开(公告)号：US10652266B1

公开(公告)日：2020-05-12

申请号：US15907870

申请日：2018-02-28

Applicant: Amazon Technologies, Inc.

Inventor： Michael Tautschnig ,  Neha Rungta ,  John Cook ,  Pauline Virginie Bolignano ,  Todd Granger MacDermid ,  Oksana Tkachuk

IPC: H04L29/06

Abstract: This disclosure describes techniques for automating a system-level security review of a network-based service. The techniques may include generating and utilizing a machine-readable threat model to identify system-level security threats to the network-based service. The network-based service may be scanned upon being provisioned in a service-provider network, and the machine-readable threat model may be generated based on results of the scan. The machine-readable threat model may represent components of the network-based service, system-level security constraints configured to identify system-level security threats to the service, and mitigations to remedy violations to the system-level security constraints. The network-based service may be continuously, or periodically, scanned to identify changes in the network-based service. The techniques further include updating the machine-readable threat model to account for the detected changes to the network-based service, and analyzing the updated machine-readable threat model to determine whether the changes to the network-based service violate a system-level security constraint.

公开(公告)号：US12132735B1

公开(公告)日：2024-10-29

申请号：US17855302

申请日：2022-06-30

Applicant: Amazon Technologies, Inc.

Inventor： Niloofar Razavi ,  Oksana Tkachuk ,  Zhixing Xu ,  Saeed Nejati ,  Meng Li

IPC: H04L29/06 ,  G06F16/33 ,  G06F16/36 ,  H04L9/40

CPC classification number: H04L63/10 ,  G06F16/334 ,  G06F16/367 ,  H04L63/1433 ,  H04L63/20

Abstract: Techniques are described for a domain-specific language and associated framework for implementing analyses of security, operational, or functional properties involving computing resources. The specification language enables users to readily define the semantics of a set of cross-resource relations of interest using a human-readable language. For example, the language enables users to express properties over computing resources based on a user-defined set of cross-resource relations. The specification language is human-readable, allowing users to easily add new cross-resource relations or to modify existing relations and properties, thereby enabling users to readily modify existing analyses or to create new ones entirely. The specification language is also machine-readable such that a compiler and other tools can automatically generate an ontology model based on local resource configurations, augment the graph with the cross-resource relations defined in the specifications, and perform graph reachability analyses based on defined properties of interest.

公开(公告)号：US11128653B1

公开(公告)日：2021-09-21

申请号：US16219622

申请日：2018-12-13

Applicant: Amazon Technologies, Inc.

Inventor： Oksana Tkachuk ,  Claudia Cauli ,  Neha Rungta ,  Pauline Virginie Bolignano ,  Juan Rodriguez Hortala ,  Sean Maher

IPC: H04L29/06 ,  H04L12/26 ,  H04L12/24 ,  G06F16/901 ,  G06F9/50 ,  G06F16/36 ,  G06F16/335

Abstract: In some embodiments, a system is provided, and computer-executable instructions cause the system to: obtain a file with instructions for provisioning resources of a service by referencing types of compute resources and including instructions for generating a customized resource of a first type; determine that the file references a first type of compute resources; retrieve threat modeling information associated with the first type of resource, including information identifying a first potential threat; generate a graph with nodes representing the first type of resource, the customized resource, and the first potential threat, and an edge connecting the first node and the second node with a predicate indicative of the relationship them; generate an ontology statement that relate the customized resource and first type of resource; and provide a plurality of ontology statements representing the graph to a reasoner to perform at least a portion of a security review without user intervention.

公开(公告)号：US11418532B1

公开(公告)日：2022-08-16

申请号：US16842496

申请日：2020-04-07

Applicant: Amazon Technologies, Inc.

Inventor： Michael Tautschnig ,  Neha Rungta ,  John Cook ,  Pauline Virginie Bolignano ,  Todd Granger MacDermid ,  Oksana Tkachuk

IPC: H04L29/06 ,  H04L9/40

Abstract: This disclosure describes techniques for automating a system-level security review of a network-based service. The techniques may include generating and utilizing a machine-readable threat model to identify system-level security threats to the network-based service. The network-based service may be scanned upon being provisioned in a service-provider network, and the machine-readable threat model may be generated based on results of the scan. The machine-readable threat model may represent components of the network-based service, system-level security constraints configured to identify system-level security threats to the service, and mitigations to remedy violations to the system-level security constraints. The network-based service may be continuously, or periodically, scanned to identify changes in the network-based service. The techniques further include updating the machine-readable threat model to account for the detected changes to the network-based service, and analyzing the updated machine-readable threat model to determine whether the changes to the network-based service violate a system-level security constraint.

公开(公告)号：US11750642B1

公开(公告)日：2023-09-05

申请号：US17887803

申请日：2022-08-15

Applicant: Amazon Technologies, Inc.

Inventor： Michael Tautschnig ,  Neha Rungta ,  John Cook ,  Pauline Virginie Bolignano ,  Todd Granger MacDermid ,  Oksana Tkachuk

IPC: H04L29/06 ,  H04L9/40

CPC classification number: H04L63/1433 ,  H04L63/10 ,  H04L63/1441 ,  H04L63/20

Abstract: This disclosure describes techniques for automating a system-level security review of a network-based service. The techniques may include generating and utilizing a machine-readable threat model to identify system-level security threats to the network-based service. The network-based service may be scanned upon being provisioned in a service-provider network, and the machine-readable threat model may be generated based on results of the scan. The machine-readable threat model may represent components of the network-based service, system-level security constraints configured to identify system-level security threats to the service, and mitigations to remedy violations to the system-level security constraints. The network-based service may be continuously, or periodically, scanned to identify changes in the network-based service. The techniques further include updating the machine-readable threat model to account for the detected changes to the network-based service, and analyzing the updated machine-readable threat model to determine whether the changes to the network-based service violate a system-level security constraint.