Abstract: As requests are received, virtual computer systems are provisioned to process the requests. The virtual computer systems may be configured without various components typically implemented by virtual computer systems, such as traditional operating systems, network interfaces and the like. Application images for the virtual computer systems are configured so that execution of the applications can begin soon after provisioning, with minimal overhead the provisioning process contributing relatively little to any latency in processing the request.

Abstract: A computer system image is executed on a computing node over a network. A system specification file transmitted over the network specifies the computer system image by specifying components of the computer system image. The components include an operating system and at least one resource. The system specification file also contains a signature associated with the resource. A resource is determined to be authorized to be incorporated into the computer system image by verifying the signature. A computer system image can then be formed based on the components specified by the system specification file and executed locally.

Abstract: The disclosure relates to training a fraud heuristic and using the fraud heuristic to identify fraudulent requests. One example includes a system that receives a set of requests from known malicious users and updates a fraud score heuristic based these known malicious requests. The system then receives one or more uncategorized request and categorizes the one or more uncategorized request as being fraudulent or non-fraudulent using the updated fraud score heuristic.

Abstract: Techniques for making placement decisions for the placement of computing resources in a computer network utilize approximations of the network. A simplified representation of the network is used to determine a placement that satisfies a set of connectivity requirements. The simplified representation may be generated, at least in part, probabilistically based on the network.

Abstract: Source information for requests submitted to a system are classified to enable differential handling of requests over a session whose source information changes over the session. For source information (e.g., an IP address) classified as fixed, stronger authentication may be required to fulfill requests when the source information changes during the session. Similarly, for source information classified as dynamic, source information may be allowed to change without requiring the stronger authentication.

Abstract: A communication to a network location is detected at a computing device. The communication is transmitted to the network location in a manner dependent at least in part on whether the network location is at the computing device or at a different computing device.

Abstract: A proof-of-work system where a first party (e.g., a client computer system) may request access to a computing resource. A second party (e.g., a service provider) may determine a challenge that may be provided to the first party. A valid solution to the challenge may be generated and provided for the request to be fulfilled. The challenge may include a message and a seed, such that the seed may be used at least in part to cryptographically derive information that may be used to generate a solution to the challenge. A hash tree may be generated as of generating the solution.

Abstract: Secure information flow may include a service receiving a request for data from a caller. The service may respond to the request with the requested data via a secure flow container. The secure flow container may then send the information to the caller component. Before the secure flow container receives or sends the information, a monitoring environment may permit the secure flow container to receive or send the information, respectively.

Abstract: A key distribution service operated by a signature authority distributes one-time-use cryptographic keys to one or more delegates that generate digital signatures on behalf of the signature authority. The key distribution service uses a root seed value to generate subordinate seeds. The subordinate seeds are used to generate a set of cryptographic keys. Hashes are generated for each key, and the hashes are arranged into a Merkle tree with a root hash controlled by the signature authority. In response to a request from a delegate, the signature authority provides a subordinate seed to the delegate. The delegate uses the subordinate seed to generate one or more cryptographic keys. The cryptographic keys are used to generate digital signatures which are verifiable up to the root hash of the Merkle tree. Additional subordinate seeds may be distributed to entities by the signature authority when appropriate.

Abstract: A signature authority generates revocable one-time-use keys that are able to generate digital signatures. The signature authority generates a set of one-time-use keys, where each one-time-use key has a secret key and a public key derived from a hash of the secret key. The signature authority generates one or more revocation values that, when published, proves that the signature authority has the authority to revoke corresponding cryptographic keys. The signature authority hashes the public keys and the revocation values and arranges the hashes in a hash tree where the root of the hash tree acts as a public key of the signature authority. In some implementations, the one-time-use cryptographic keys are generated from a tree of seed values, and a particular revocation value is linked to a particular seed value, allowing for the revocation of a block of one-time-use cryptographic keys associated with the particular seed.

Abstract: A method and apparatus for detecting covert routing is disclosed. In the method and apparatus, data addressed to a remote computer system are forwarded over a first network path, whereby the data is associated with a computer system of a plurality of computer systems. Further, a plurality of first network performance metrics is obtained. A likelihood of covert routing is determined based at least in part on the plurality of first network performance metrics.

Abstract: A signature authority generates a master seed value that is used as the root of a seed tree of subordinate nodes. Each subordinate node of the seed tree is generated from the value of its parent node using a cryptographic hash or one-way function. The signature authority selects subordinate seed values which are distributed to one or more key generators, each of which generates a set of one-time-use cryptographic keys. Each key generator generates a hash tree from its set of one-time-use cryptographic keys, and the root of its hash tree is returned to the signature authority. The signature authority integrates the hashes provided by the key generators into a comprehensive hash tree. The root of the comprehensive hash tree acts as a public key for the signature authority.

Abstract: A signature authority generates a master seed value that is used to generate a seed tree of subordinate nodes. Each subordinate node of the seed tree is generated from the value of its parent node using a cryptographic hash or one-way function. The signature authority selects subordinate seed values from the seed tree which are distributed to one or more subordinates, each of which generates a set of one-time-use cryptographic keys from the provided seed. Each subordinate generates a hash tree from its set of one-time-use cryptographic keys, and returns the root of its hash tree to the signature authority. The signature authority integrates the hashes provided by the key generators into a comprehensive hash tree, and the root of the hash tree acts as a public key for the signature authority.

Abstract: A method and apparatus for detecting covert routing is disclosed. In the method and apparatus, data addressed to a remote computer system are forwarded over a first network path, whereby the data is associated with a computer system of a plurality of computer systems. Further, a plurality of first network performance metrics is obtained. A likelihood of covert routing is determined based at least in part on the plurality of first network performance metrics.

Abstract: A communication to a network location is detected at a computing device. The communication to the network location is encrypted dependent at least in part on whether the network location is at a different computing device from the computing device.

Abstract: A method and apparatus for encoding security codes are provided. In the method and apparatus a first code, which may be an erroneous code, is compared to a set of codes to identify a code portion. The code portion may be identified as contributing to inducing erroneous entry of the first code. The likelihood associated with issuing a second code including the code portion may be updated to negatively bias issuing the second code.

Abstract: The disclosure relates to provisioning honeypot computing services using a simulation state database to simulate a set of computing resources. One example includes a system that receives a mutating request associated with honeypot credentials, updates a simulation state database associated with the honeypot credentials at least based on the mutating request and generates a simulated mutating response based at least on the simulation state database that simulates a response to the mutating request. The system can also receive a query request associated with the honeypot credentials, query the simulation state database at least based on the query request, and generate a simulated query response based at least on the simulation state database that simulates a response to the query request.

Abstract: Technologies are described herein for use in identifying and resolving software issues. One or more corrective actions may be identified and taken that are based upon the similarity between an unresolved issue and one or more resolved issues and/or upon the similarity between code changes made to resolve similar previously resolved issues. A version control graph might also be utilized to determine if a change made to resolve an issue in one branch of a software component is applicable to another branch of the software component. The version control graph might also be utilized to compute the relevance of an entry in an issue tracking system for an issue at a point in time after the entry is created in the issue tracking system.

Abstract: A service metadata replication system includes an ingester that scrapes or receives service data including metadata values for service objects from various services. The ingester formats the metadata values for storage in a service store. The service store can asynchronously replicate a portion of the metadata values through a write intake to a storage cluster. In addition, an inter-regional replicator asynchronously replicates one or more additional metadata values to the storage cluster from another service instance that is remotely located. An authorization runtime scrapes or receives security information regarding the service instance. A query processor can issue a query request for a portion of the metadata values and a portion of the additional metadata values to a read intake. The read intake can then satisfy the query request based on the contents of the authorization runtime and storage cluster.

Abstract: The disclosure relates to provisioning honeypot computing services using a simulation state database to simulate a set of computing resources. One example includes a system that receives a mutating request associated with honeypot credentials, updates a simulation state database associated with the honeypot credentials at least based on the mutating request and generates a simulated mutating response based at least on the simulation state database that simulates a response to the mutating request. The system can also receive a query request associated with the honeypot credentials, query the simulation state database at least based on the query request, and generate a simulated query response based at least on the simulation state database that simulates a response to the query request.