公开(公告)号：US20180084032A1

公开(公告)日：2018-03-22

申请号：US15811592

申请日：2017-11-13

Applicant: Amazon Technologies, Inc.

Inventor： Nachiketh Rao Potlapally ,  Andrew Paul Mikulski ,  Donald Lee Bailey, JR. ,  Robert Eric Fitzgerald

IPC: H04L29/08 ,  H04L29/06 ,  H04L9/06 ,  H04L9/08

CPC classification number: H04L67/10 ,  H04L9/0662 ,  H04L9/0869 ,  H04L63/20 ,  H04L67/1023

Abstract: Methods and apparatus for a computing infrastructure for configurable-quality random data are disclosed. A storage medium stores program instructions that when executed on a processor designate some servers of a provider network as members of a pool of producers of random data usable by random data consumers. The instructions, when executed, determine a subset of the pool to be used to supply a collection of random data intended for a random data consumer, and one or more sources of random phenomena to be used to generate the collection of random data. The instructions, when executed, initiate a transmission of the collection of random data directed to the random data consumer.

公开(公告)号：US20180159891A1

公开(公告)日：2018-06-07

申请号：US15874771

申请日：2018-01-18

Applicant: Amazon Technologies, Inc.

Inventor： Hassan Sultan ,  John Schweitzer ,  Donald Lee Bailey, JR. ,  Gregory Branchek Roth ,  Nachiketh Rao Potlapally

IPC: H04L29/06 ,  G06F21/53 ,  G06F21/55

CPC classification number: H04L63/1433 ,  G06F21/53 ,  G06F21/554 ,  H04L63/1441 ,  H04L63/20

Abstract: A graph of a plurality of resources in a computing environment is generated, with the graph associating a first resource of the plurality with a second resource of the plurality. Based at least in part on measurements obtained at a point in a test computing environment that corresponds to a point in the computing environment, a graph representing the relationship between the first resource and the second resource is generated. A threat model identifying potential risks to the computing environment is created from the graph.

公开(公告)号：US20170235946A1

公开(公告)日：2017-08-17

申请号：US15436573

申请日：2017-02-17

Applicant: Amazon Technologies, Inc.

Inventor： Nachiketh Rao Potlapally ,  Michael David Marr ,  Eric Jason Brandwine ,  Donald Lee Bailey, JR.

IPC: G06F21/55 ,  G06F21/60 ,  H04L9/30 ,  G06F21/57 ,  H04L9/08

CPC classification number: G06F21/55 ,  G06F21/57 ,  G06F21/602 ,  G06F21/64 ,  H04L9/0861 ,  H04L9/30

Abstract: A trusted computing host is described that provides various security computations and other functions in a distributed multitenant and/or virtualized computing environment. The trusted host computing device can communicate with one or more host computing devices that host virtual machines to provide a number of security-related functions, including but not limited to boot firmware measurement, cryptographic key management, remote attestation, as well as security and forensics management. The trusted computing host maintains an isolated partition for each host computing device in the environment and communicates with peripheral cards on host computing devices in order to provide one or more security functions.

公开(公告)号：US20240323159A1

公开(公告)日：2024-09-26

申请号：US18679290

申请日：2024-05-30

Applicant: Amazon Technologies, Inc.

Inventor： Donald Lee Bailey, JR. ,  Abigail Fuller ,  John Paul Torres ,  Giulian Dalton Luz

IPC: H04L61/3015 ,  H04L61/5007 ,  H04L61/5053

CPC classification number: H04L61/3025 ,  H04L61/5007 ,  H04L61/5053

Abstract: A namespace monitoring service may track released namespaces such as internet protocol (IP) addresses and manage namespace cooldown pools, available namespace pools, and a registry of released namespaces to detect and mitigate security vulnerabilities that arise from reassignment of namespaces. The namespace monitoring service provides access to the released namespace registry and/or sends a data stream of namespace registry updates. The namespace monitoring service may manage namespace reassignment process and extend the cooldown period of released namespaces or place a hold on available namespaces.

公开(公告)号：US20160373481A1

公开(公告)日：2016-12-22

申请号：US15256381

申请日：2016-09-02

Applicant: Amazon Technologies, Inc.

Inventor： Hassan Sultan ,  John Schweitzer ,  Donald Lee Bailey, JR. ,  Gregory Branchek Roth ,  Nachiketh Rao Potlapally

IPC: H04L29/06

CPC classification number: H04L63/1433 ,  G06F21/53 ,  G06F21/554 ,  H04L63/1441 ,  H04L63/20

Abstract: A graph of a plurality of resources in a computing environment is generated, with the graph associating a first resource of the plurality with a second resource of the plurality. Based at least in part on measurements obtained at a point in a test computing environment that corresponds to a point in the computing environment, an expected value or expected range of values is determined. An assessment of a security state of the computing environment is generated based at least in part on a comparison between a measurement obtained at the point in the computing environment and the expected value or expected range of values, and responsive to a determination that the assessment indicates a rule violation in the computing environment, a security action is performed.

Abstract translation: 生成计算环境中的多个资源的图形，其中该图将多个的第一资源与多个的第二资源相关联。 至少部分地基于在与计算环境中的点对应的测试计算环境中的点处获得的测量值，确定值的期望值或预期范围。 至少部分地基于在计算环境中的点获得的测量值与期望值或期望值之间的比较来生成对计算环境的安全状态的评估，并且响应于评估指示的确定 在计算环境中的规则违规，执行安全措施。

公开(公告)号：US20180173579A1

公开(公告)日：2018-06-21

申请号：US15900042

申请日：2018-02-20

Applicant: Amazon Technologies, Inc.

Inventor： Nachiketh Rao Potlapally ,  Donald Lee Bailey, JR. ,  Richard Weatherly

IPC: G06F11/07 ,  G06F11/34 ,  G06F11/30

CPC classification number: G06F11/079 ,  G06F11/0709 ,  G06F11/0751 ,  G06F11/0757 ,  G06F11/0772 ,  G06F11/0793 ,  G06F11/3006 ,  G06F11/3419

Abstract: Anomalous behavior in a multi-tenant computing environment may be identified by analyzing hardware sensor value data associated with hardware events on a host machine. A privileged virtual machine instance executing on a host machine acquires hardware sensor values and causes the values to be compared to other hardware sensor value data that may be indicative of anomalous behavior; for example, various threshold values, patterns, and/or signatures of hardware counter values generated by analyzing and correlating hardware event counter data. In this manner, potential anomalous behavior on an instance may be determined without having to access customer data or workloads associated with the instance.

公开(公告)号：US20160070929A1

公开(公告)日：2016-03-10

申请号：US14868006

申请日：2015-09-28

Applicant: Amazon Technologies, Inc.

Inventor： Nachiketh Rao Potlapally ,  Michael David Marr ,  Eric Jason Brandwine ,  Donald Lee Bailey, JR.

IPC: G06F21/64

CPC classification number: G06F21/55 ,  G06F21/57 ,  G06F21/602 ,  G06F21/64 ,  H04L9/0861 ,  H04L9/30

Abstract: A trusted computing host is described that provides various security computations and other functions in a distributed multitenant and/or virtualized computing environment. The trusted host computing device can communicate with one or more host computing devices that host virtual machines to provide a number of security-related functions, including but not limited to boot firmware measurement, cryptographic key management, remote attestation, as well as security and forensics management. The trusted computing host maintains an isolated partition for each host computing device in the environment and communicates with peripheral cards on host computing devices in order to provide one or more security functions.

Abstract translation: 描述了在分布式多租户和/或虚拟化计算环境中提供各种安全计算和其他功能的可信计算主机。 可信主机计算设备可以与主机虚拟机的一个或多个主机计算设备进行通信，以提供许多与安全相关的功能，包括但不限于启动固件测量，密码密钥管理，远程验证以及安全和取证 管理。 可信计算主机为环境中的每个主机计算设备维护隔离的分区，并与主机计算设备上的外围卡进行通信，以便提供一个或多个安全功能。