-
公开(公告)号:US12164652B1
公开(公告)日:2024-12-10
申请号:US17546494
申请日:2021-12-09
Applicant: Amazon Technologies, Inc.
Inventor: Meng Li , Vishal Gori , Zhixing Xu , Niloofar Razavi , Oksana Tkachuk
Abstract: Techniques are described for analyzing privilege escalation risks within the accounts, roles, and policies that comprise an organization's cloud provider environment. Privilege escalation refers broadly to scenarios in which a principal (e.g., a person or application) is able to gain access to resources or actions in a cloud provider environment that exceed a level intended for that principal. In the context of cloud provider environments, for example, such privilege escalation risks can result from the misconfiguration of policies and permissions attached to identities (e.g., users, groups of users, or roles) within an organization's environment. A multi-layer reasoning framework is used to build an ontology model of an organization's identities and relations among the identities, including defined access relationships, permission mutation relationships, and credential mutation relationships. The framework is further used to query the ontology model to identify particular identities associated with one or more specific types of privilege escalation risks.
Search Results
1
records
(took 0.009 seconds)
