-
公开(公告)号:US11019089B1
公开(公告)日:2021-05-25
申请号:US15906969
申请日:2018-02-27
Applicant: Amazon Technologies, Inc.
Inventor: Nima Sharifi Mehr
IPC: H04L29/06
Abstract: A security assessment service for implementing security assessments based on security credentials utilized to access network-based services. The system implements security assessments associated with various actions attributed to different types of techniques that can be utilized for compromised security information. The processing result of the security assessment can be utilized to determine the result of the techniques associated with the security assessment, the performance of security monitoring services, and an anticipated result on a virtual network.
-
公开(公告)号:US10769045B1
公开(公告)日:2020-09-08
申请号:US15716400
申请日:2017-09-26
Applicant: Amazon Technologies, Inc.
Inventor: Nima Sharifi Mehr
Abstract: A simulated attack service of a computing resource service provider generates a cloned computing resource environment on which a simulated attack is executed. The cloned computing resource environment may be based at least in part on a computing resource environment including a set of computing resources. The simulated attack service may execute the simulated attack by at least directing a simulated attack payload to the cloned computing resource environment based at least in part on a signature included in the simulated attack payload. A measure of the effectiveness of an intrusion detection system may then be generated based at least in part on threat analysis information generated by the intrusion detection system and the simulated attack payloads of the simulated attack.
-
公开(公告)号:US20200280519A1
公开(公告)日:2020-09-03
申请号:US16875899
申请日:2020-05-15
Applicant: Amazon Technologies, Inc.
Inventor: Nima Sharifi Mehr
IPC: H04L12/803 , H04L29/06
Abstract: Network devices, such as load balancers may be configured to forward client metadata to back-end nodes using defined fields of a security protocol. For example, client metadata may be inserted into an extension field or certificate defined by a security protocol that is used for a secure connection between the load balancer and the back-end node. In some instances, a source IP address based on a received request may be inserted into the extension field or certificate defined by the security protocol before the request is forwarded to the back-end node. The back-end node may extract the client metadata and use the client metadata for any of a number of processes (e.g., billing, tracking, security, logging, etc.).
-
公开(公告)号:US10659366B1
公开(公告)日:2020-05-19
申请号:US14932577
申请日:2015-11-04
Applicant: Amazon Technologies, Inc.
Inventor: Nima Sharifi Mehr
IPC: H04L12/803 , H04L29/06
Abstract: Network devices, such as load balancers may be configured to forward client metadata to back-end nodes using defined fields of a security protocol. For example, client metadata may be inserted into an extension field or certificate defined by a security protocol that is used for a secure connection between the load balancer and the back-end node. In some instances, a source IP address based on a received request may be inserted into the extension field or certificate defined by the security protocol before the request is forwarded to the back-end node. The back-end node may extract the client metadata and use the client metadata for any of a number of processes (e.g., billing, tracking, security, logging, etc.).
-
公开(公告)号:US20190377883A1
公开(公告)日:2019-12-12
申请号:US16548733
申请日:2019-08-22
Applicant: Amazon Technologies, Inc.
Inventor: Muhammad Wasiq , Nima Sharifi Mehr
Abstract: An end-to-end request path associated with an application frontend is determined. A change to a service in the end-to-end request path is identified. A weight value to associate with the change is determined based at least in part on the characteristics of the change. The weight value is aggregated with weight values associated with other code changes is obtained from aggregating the weight value with the weight values of other code changes to produce a collective weight of the code changes. A security review is determined to be triggered based at least in part on the collective weight reaching a value relative to a threshold.
-
Patent Agency Ranking
公开(公告)号:US10481993B1
公开(公告)日:2019-11-19
申请号:US15296569
申请日:2016-10-18
Applicant: Amazon Technologies, Inc.
Inventor: Nima Sharifi Mehr
Abstract: A computing function may be executed on a computing node by a computing services provider. Execution of the computing function may generate diagnostic information. A first set of diagnostic information may be analyzed to identify an operational state associated with an elevated risk of an error condition. The identified operational state may be mapped to a property associated additional diagnostic information that may be generated and stored in response to the identification of the operational state. Diagnostic information not associated with the operational state may be discarded.
-
公开(公告)号:US10460097B2
公开(公告)日:2019-10-29
申请号:US15688692
申请日:2017-08-28
Applicant: Amazon Technologies, Inc.
Inventor: Nima Sharifi Mehr , Eric Desmond Keith Villiers
Abstract: A destination server communicates with a computer system using cryptographically protected communications utilizing a first negotiable feature. The destination server detects a triggering event and, in response to the triggering event, causes the cryptographic protected communications with the computer system to change from the first negotiable feature to a second negotiable feature. As a result of stored data indicating that the computer system fails to support the second negotiable feature, the destination server initiates a security measure.
-
公开(公告)号:US10320680B1
公开(公告)日:2019-06-11
申请号:US14932580
申请日:2015-11-04
Applicant: Amazon Technologies, Inc.
Inventor: Nima Sharifi Mehr
IPC: H04L12/26 , H04L12/803 , H04L12/841
Abstract: Network devices, such as load balancers may be configured to route requests to hosts that are responding in a shorter period of time than other hosts. Sometimes hosts respond in shorter periods of time due to errors (they short-circuit). Such behavior may cause a spike in failed requests and increase the impact of a host malfunction. Disclosed is an enhanced load balancing algorithm that reduces request loads to hosts that are responding to request more quickly than expected or historically observed. A load balancer tracks the hosts' performance. Upon detecting response times shorter than expected from a host, the load balancer will reduce the load on the host. The request routing will go back to normal distribution after the host behaving according to its known performance profile.
-
公开(公告)号:US10291589B1
公开(公告)日:2019-05-14
申请号:US14569611
申请日:2014-12-12
Applicant: Amazon Technologies, Inc.
Inventor: Nima Sharifi Mehr
Abstract: A computer system enforces access control rules based at least in part on a set of parameters for cryptographic protection of communications that has been negotiated with another computer system. A cryptographically protected communications session is established. A request is transmitted over the cryptographically protected communications session. Fulfillment of the request is dependent on a set of parameters for cryptographic protection of communications of the cryptographically protected communications session.
-
公开(公告)号:US10164997B2
公开(公告)日:2018-12-25
申请号:US15422253
申请日:2017-02-01
Applicant: Amazon Technologies, Inc.
Inventor: Nima Sharifi Mehr , Christopher Dunn , Alexis Floyd , David James Kane-Parry , Volker Helmut Mosthaf , Christopher Gordon Williams
Abstract: A first computer is selected for testing. Information sent from a second computer system to the first computer is intercepted. The information is modified to be noncompliant with a communication protocol, thereby producing noncompliant information. A determination is made whether the first computer device has failed to provide a particular response to receipt of the noncompliant information, and an operation is performed based at least in part on the determination.
-
-
-
-
-
-
-
-
-
Search Results
151
records
(took 0.023 seconds)
