公开(公告)号：US20170134367A1

公开(公告)日：2017-05-11

申请号：US15409120

申请日：2017-01-18

Applicant: Amazon Technologies, Inc.

Inventor： Gregory B. Roth ,  Nicholas Alexander Allen ,  Cristian M. llac

IPC: H04L29/06 ,  H04L12/26 ,  H04L29/08

CPC classification number: H04L63/083 ,  H04L43/106 ,  H04L63/08 ,  H04L63/0807 ,  H04L63/0846 ,  H04L63/108 ,  H04L63/168 ,  H04L63/20 ,  H04L67/14 ,  H04L67/146 ,  H04L67/42 ,  H04L2463/121

Abstract: Session-specific information stored to a cookie or other secure token can be selected and/or caused to vary over time, such that older copies will become less useful over time. Such an approach reduces the ability of entities obtaining a copy of the cookie from performing unauthorized tasks on a session. A cookie received with a request can contain a timestamp and an operation count for a session that may need to fall within an acceptable range of the current values in order for the request to be processed. A cookie returned with a response can be set to the correct value or incremented from the previous value based on various factors. The allowable bands can decrease with age of the session, and various parameter values such as a badness factor for a session can be updated continually based on the events for the session.

公开(公告)号：US09609031B1

公开(公告)日：2017-03-28

申请号：US14109006

申请日：2013-12-17

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F15/16 ,  H04L29/06 ,  H04L12/24

CPC classification number: H04L29/08972 ,  G06F15/16 ,  H04L12/4641 ,  H04L41/0816 ,  H04L41/12 ,  H04L45/02 ,  H04L45/26 ,  H04L65/403 ,  H04L65/4076 ,  H04L67/141 ,  H04L67/16 ,  H04W40/248

Abstract: Method and apparatus for propagating state information updates are disclosed. In the method and apparatus, a node establishes connections with one or more nodes of a plurality of nodes based at least in part on the number of connections retained by each node of the plurality of nodes. The node may then propagate state information updates to the one or more nodes.

公开(公告)号：US09507621B1

公开(公告)日：2016-11-29

申请号：US14469151

申请日：2014-08-26

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F21/566 ,  G06F21/71 ,  G06F2009/45587

Abstract: A method and apparatus for signature-based detection of kernel data structure modification are disclosed. In the method and apparatus a signature is generated for a kernel data structure, whereby the kernel data structure is capable of being modified based at least in part on access to the kernel data structure. The signature is also updated as a result of access to the kernel data structure due at least in part to one or more identified instructions being executed. The signature is used to determine whether the kernel data structure is accessed by one or more other instructions.

Abstract translation: 公开了一种用于内核数据结构修改的基于签名的检测的方法和装置。 在所述方法和装置中，为内核数据结构生成签名，由此至少部分地基于对内核数据结构的访问来修改内核数据结构。 由于至少部分地由于执行的一个或多个已识别指令而访问内核数据结构，签名也被更新。 该签名用于确定内核数据结构是否被一个或多个其他指令访问。

公开(公告)号：US09448827B1

公开(公告)日：2016-09-20

申请号：US14106644

申请日：2013-12-13

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F9/455

CPC classification number: G06F9/45533 ,  G06F9/45558 ,  G06F2009/45575

Abstract: Techniques for reclaiming resources from guest computing systems while those systems are waiting for responses to requests in virtualized and/or distributed computer systems are described herein. At a time after issuing a request and determining that the response will take longer than a threshold length of time, one or more computer system entities within a computer system invoke one or more computer system capabilities to at least instantiate a listener object, transfer the listener object to another system domain, suspend the guest computing system and reclaim resources from the suspended guest computing system. When the response is returned to the listener object, the guest computer system is restored and the response is forwarded to the restored guest. While the guest computing system is suspended, the reclaimed resources are made available to other computer system entities.

Abstract translation: 这里描述了在来自虚拟和/或分布式计算机系统的这些系统等待对请求的响应的情况下从客体计算系统回收资源的技术。 在发出请求并确定响应将花费超过阈值时间长度的时间之后，计算机系统内的一个或多个计算机系统实体调用一个或多个计算机系统能力来至少实例化侦听器对象，传送侦听器 对象到另一个系统域，挂起客户计算系统并从挂起的客户计算系统回收资源。 当响应返回到侦听器对象时，客户计算机系统将被还原并将响应转发到已恢复的客户端。 当客户机计算系统暂停时，回收的资源可用于其他计算机系统实体。

公开(公告)号：US09448820B1

公开(公告)日：2016-09-20

申请号：US13733780

申请日：2013-01-03

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F9/455 ,  G06F9/48 ,  G06F9/50 ,  G06F11/30

CPC classification number: G06F9/455 ,  G06F9/45558 ,  G06F9/4843 ,  G06F9/5066 ,  G06F11/3082 ,  G06F11/3612 ,  G06F2009/45591

Abstract: Systems and methods are described for analyzing and verifying distributed applications. In one embodiment, an application program is executed as independently executable components. During execution, redundant portions of application program data are aggregated. A property of the application program is verified using the aggregated application program data to represent code execution paths.

Abstract translation: 描述了分析和验证分布式应用程序的系统和方法。 在一个实施例中，应用程序被执行为独立的可执行组件。 在执行期间，应用程序数据的冗余部分被聚合。 使用聚合的应用程序数据来验证应用程序的属性来表示代码执行路径。

公开(公告)号：US09430359B1

公开(公告)日：2016-08-30

申请号：US14073351

申请日：2013-11-06

Applicant: Amazon Technologies, Inc.

Inventor： Andrew Thomas Troutman ,  Joshua William McFarlane ,  Matthew Roy Noble ,  Nicholas Alexander Allen

IPC: G06F9/44 ,  G06F11/36

CPC classification number: G06F11/3668 ,  G06F11/0706 ,  G06F11/0793 ,  G06F11/366 ,  G06F11/3692

Abstract: Technologies are described herein for use in identifying and resolving software issues. One or more corrective actions may be identified and taken that are based upon the similarity between an unresolved issue and one or more resolved issues and/or upon the similarity between code changes made to resolve similar previously resolved issues. A version control graph might also be utilized to determine if a change made to resolve an issue in one branch of a software component is applicable to another branch of the software component. The version control graph might also be utilized to compute the relevance of an entry in an issue tracking system for an issue at a point in time after the entry is created in the issue tracking system.

公开(公告)号：US20160191241A1

公开(公告)日：2016-06-30

申请号：US15018209

申请日：2016-02-08

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: H04L9/08

CPC classification number: H04L9/0891 ,  H04L9/0894

Abstract: Techniques for improving the security and availability of cryptographic key systems are described herein. A graph representation of a network of cryptographic key servers is created with vertices representing the servers and edges representing connections between pairs of servers. As cryptographic key events are received, the graph is used to locate the appropriate servers upon which to perform the operations associated with the events. In the event that the network requires repairing, the graph is first repaired obeying any constraints on the graph and then the network is updated to reflect alterations to the graph.

Abstract translation: 本文描述了用于提高加密密钥系统的安全性和可用性的技术。 创建加密密钥服务器网络的图形表示，其中表示服务器的顶点和表示服务器对之间的连接的边。 随着接收到加密密钥事件，该图用于定位在其上执行与事件相关联的操作的适当服务器。 在网络需要修复的情况下，首先修复图表，遵循图形上的任何约束，然后更新网络以反映图形的更改。

公开(公告)号：US20160173518A1

公开(公告)日：2016-06-16

申请号：US15048823

申请日：2016-02-19

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Nicholas Alexander Allen

IPC: H04L29/06 ,  H04L29/12

CPC classification number: H04L63/1416 ,  G06F21/45 ,  G06F21/62 ,  G06F2221/2101 ,  G06F2221/2111 ,  H04L61/2007 ,  H04L63/08 ,  H04L63/105 ,  H04L63/1441

Abstract: Source information for requests submitted to a system are classified to enable differential handling of requests over a session whose source information changes over the session. For source information (e.g., an IP address) classified as fixed, stronger authentication may be required to fulfill requests when the source information changes during the session. Similarly, for source information classified as dynamic, source information may be allowed to change without requiring the stronger authentication.

Abstract translation: 提交给系统的请求的源信息被分类，以便能够通过会话的源信息更改的会话对请求进行差异处理。 对于分类为固定的源信息（例如，IP地址），当源信息在会话期间改变时，可能需要更强的认证来满足请求。 类似地，对于分类为动态的源信息，可以允许源信息改变而不需要更强的认证。

公开(公告)号：US09363281B1

公开(公告)日：2016-06-07

申请号：US14163997

申请日：2014-01-24

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F21/55 ,  H04L29/06

CPC classification number: H04L63/1425 ,  H04L63/1408

Abstract: A method and apparatus for detecting covert routing is disclosed. In the method and apparatus, data addressed to an unrestricted computer system traverses a first routing path. The data may be caused to traverse a second a routing path to be received by the unrestricted computer system, whereby a response received from the unrestricted computer system may be indicative of a potential that the data traversing the first routing path was covertly routed to a restricted computer system.

Abstract translation: 公开了一种用于检测隐蔽路由的方法和装置。 在该方法和装置中，寻址到无限制计算机系统的数据遍历第一路由路径。 可以使数据遍历将由无限制计算机系统接收的路由路径，由此从非限制性计算机系统接收的响应可以指示穿过第一路由路径的数据被隐蔽地路由到受限制的潜在 电脑系统。

公开(公告)号：US09348634B2

公开(公告)日：2016-05-24

申请号：US13964941

申请日：2013-08-12

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F9/445 ,  G06F9/44 ,  G06F9/455

CPC classification number: G06F9/45558 ,  G06F3/0619 ,  G06F3/065 ,  G06F3/067 ,  G06F8/63 ,  G06F8/71 ,  G06F9/4401 ,  G06F9/4406 ,  G06F2009/45562 ,  G06F2009/45583

Abstract: Application boot images are generated for later instantiation of computer system images. A computer system partially executes executable code of an application source. A snapshot of the computer system is taken and the snapshot is used to build a repository of application boot images that can be accessed for computer system instantiation.

Abstract translation: 生成应用程序启动映像以供稍后实例化计算机系统映像。 计算机系统部分地执行应用源的可执行代码。 拍摄计算机系统的快照，并且快照用于构建可以为计算机系统实例化访问的应用程序启动映像的存储库。