公开(公告)号：US10949236B2

公开(公告)日：2021-03-16

申请号：US15697191

申请日：2017-09-06

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F9/455 ,  G06F9/4401 ,  G06F3/06 ,  G06F8/61 ,  G06F8/71

Abstract: A method and apparatus for configuring an overlay network are provided. In the method and apparatus, an application source comprising an executable portion is obtained. A computer system instance is caused to execute at least some of the executable portion, and a snapshot of the computer system instance after partial but incomplete execution of the executable portion is obtained such that the snapshot is usable to instantiate another computer system instance to continue execution of the executable portion from a point in execution at which the snapshot was obtained.

公开(公告)号：US10938575B2

公开(公告)日：2021-03-02

申请号：US16716037

申请日：2019-12-16

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Alan Rubin ,  Matthew John Campagna ,  Nicholas Alexander Allen

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/08

Abstract: A digital signature over a message may be compressed by determining a plurality of values based at least in part on the message. A mapping of the plurality of values over a digital signature scheme may be used to determine a value from which a portion of the compressed digital signature is decompressible by cryptographically deriving one or more components of the uncompressed digital signature. A public key may be used to verify the authenticity of the compressed digital signature and message.

公开(公告)号：US10817601B2

公开(公告)日：2020-10-27

申请号：US15876020

申请日：2018-01-19

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F11/30 ,  G06F21/53 ,  G06F9/455

Abstract: Techniques for restricting the execution of algorithms contained in applications executing on virtual machines executing within a computer system are described herein. A first sampled set of computer executable instructions is gathered from a virtual machine by a controlling domain and compared against a reference set of computer executable instructions. If the first set is similar to the reference set, and if the execution of the algorithm corresponding to the reference set is restricted by one or more computer system polices, one or more operations limiting the execution of the restricted algorithm are performed, thus ensuring conformance with the computer system policies.

公开(公告)号：US10776141B2

公开(公告)日：2020-09-15

申请号：US15610459

申请日：2017-05-31

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F9/455

Abstract: Techniques for placing virtual machines at hardware locations are described herein. A first assignment of virtual machines to hardware locations that fails to satisfy a set of placement criteria is detected, a second assignment of virtual machines to hardware locations that assigns a subset of the set of virtual machines to new hardware locations is generated, and it is determined if the second assignment of virtual machines to hardware locations satisfies a subset of the set of placement criteria.

公开(公告)号：US10771306B2

公开(公告)日：2020-09-08

申请号：US15788381

申请日：2017-10-19

Applicant: Amazon Technologies, Inc.

Inventor： Raleigh H. Upshur ,  Nicholas Alexander Allen ,  Patrick J. Ward

IPC: H04L29/08 ,  G06F11/00 ,  H04L12/24

Abstract: Disclosed are various embodiments for a log monitoring system to monitor the health of server log files. The log monitoring system may generate at least one log health signal based on an analysis of the server log content generated by at least one host application. Furthermore, the application may generate a system integrity record based on the at least one log health signal and an external signal, wherein the external signal embodies a system health metric of the at least one host application.

公开(公告)号：US10706146B2

公开(公告)日：2020-07-07

申请号：US15698399

申请日：2017-09-07

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F21/55 ,  G06F12/14

Abstract: A method and apparatus for detecting kernel data structure tampering are disclosed. In the method and apparatus, a memory region of a computer system is scanned for one or more characteristics of a kernel data structure of an operating system kernel. It is then determined, based at least in part on identifying whether the one or more characteristics are found in the memory region, whether the kernel data structure is stored in the memory region of the computer system for tampering with the kernel data structure.

公开(公告)号：US10469322B2

公开(公告)日：2019-11-05

申请号：US15725671

申请日：2017-10-05

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F15/173 ,  H04L12/24 ,  H04L29/06

Abstract: A response rate limiting device is provided that may reduce the volume of network traffic generated as a result of an amplification attack. The rate liming device receives a packet and determines identification information corresponding to the packet. The rate limiting device receives a second packet bound for a network destination. Based at least in part on the size of the first packet and the size of the second packet, the rate limiting device determines a transmission rate for the second packet. The second packet is transmitted to the network destination in accordance with the determined transfer rate.

公开(公告)号：US10353725B2

公开(公告)日：2019-07-16

申请号：US15061932

申请日：2016-03-04

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F3/00 ,  G06F9/44 ,  G06F9/46 ,  G06F13/00 ,  G06F9/455 ,  G06F9/50 ,  G06F12/02

Abstract: A computer system implements a hypervisor which, in turn, implements one or more computer system instances and a controller. The controller and a computer system instance share a memory. A request is processed using facilities of both the computer system instance and the controller. As part of request processing, information is passed between the computer system instance and the controller via the shared memory.

公开(公告)号：US10129281B2

公开(公告)日：2018-11-13

申请号：US15344396

申请日：2016-11-04

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: H04L29/06 ,  H04L9/00

Abstract: A method and apparatus for detecting covert routing is disclosed. In the method and apparatus, data addressed to a remote computer system are forwarded over a first network path, whereby the data is associated with a computer system of a plurality of computer systems. Further, a plurality of first network performance metrics is obtained. A likelihood of covert routing is determined based at least in part on the plurality of first network performance metrics.

公开(公告)号：US10129034B2

公开(公告)日：2018-11-13

申请号：US15946614

申请日：2018-04-05

Applicant: Amazon Technologies, Inc.

Inventor： Matthew John Campagna ,  Gregory Alan Rubin ,  Nicholas Alexander Allen ,  Andrew Kyle Driggs ,  Eric Jason Brandwine

IPC: H04L9/32 ,  H04L9/30 ,  H04L9/14 ,  H04L9/08 ,  H04L9/06

Abstract: A signature authority generates a master seed value that is used to generate a seed tree of subordinate nodes. Each subordinate node of the seed tree is generated from the value of its parent node using a cryptographic hash or one-way function. The signature authority selects subordinate seed values from the seed tree which are distributed to one or more subordinates, each of which generates a set of one-time-use cryptographic keys from the provided seed. Each subordinate generates a hash tree from its set of one-time-use cryptographic keys, and returns the root of its hash tree to the signature authority. The signature authority integrates the hashes provided by the key generators into a comprehensive hash tree, and the root of the hash tree acts as a public key for the signature authority.