Patents by Inventor Nicholas Alexander Allen

Nicholas Alexander Allen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Directed placement for request instances
    Patent number: 9697028
    Abstract: Techniques for placing guest virtual machines on a distributed and/or virtualized computer system while obeying communications latency constraints are described herein. A placement map is created with regions based on available capacity measurements of one or more host machines in a virtualized computer system. Requests to place one or more guest virtual machines on the host machines are retrieved and the placements are optimized by iteratively assigning the requests to the regions in the map such that constraints are satisfied but capacity may be exceeded and then reassigning those requests that violate available capacity. The iterative process completes when a valid placement map is produced.
    Type: Grant
    Filed: December 13, 2013
    Date of Patent: July 4, 2017
    Assignee: Amazon Technologies, Inc.
    Inventor: Nicholas Alexander Allen
  • Cross-site scripting defense using document object model template
    Patent number: 9699142
    Abstract: Method and apparatus for cross-site scripting defense using document object model template are disclosed. In the method and apparatus, a document object model template is generated based at least in part on representative information for web content. The document object model template is provided for use in determining whether received web content is permissible.
    Type: Grant
    Filed: May 7, 2014
    Date of Patent: July 4, 2017
    Assignee: Amazon Technologies, Inc.
    Inventor: Nicholas Alexander Allen
  • Enhanced authentication for secure communications
    Patent number: 9692757
    Abstract: A server obtains a challenge from another computer system during a negotiation with a client according to a protocol. The server injects the challenge into a message of the protocol to the client. The client uses the challenge in an authentication request. The server submits the authentication request to the other computer system for verification. The other computer system verifies the authentication request using a key registered to the client. The server operates further dependent at least in part on whether verification of the authentication request was successful.
    Type: Grant
    Filed: May 20, 2015
    Date of Patent: June 27, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Andrew Paul Mikulski, Nicholas Alexander Allen, Gregory Branchek Roth
  • FAST-BOOTING APPLICATION IMAGE
    Publication number: 20170153899
    Abstract: Execution of an executable portion of an application source executing in a first computer instance is monitored at least up to a point relative to a variation point. The execution is halted at the point. An application image of the first computer instance usable to instantiate a second computer instance is copied based at least in part on the variation point such that the second computer instance continues execution of the executable portion of the application source from the variation point, and the application image is caused to be stored.
    Type: Application
    Filed: February 10, 2017
    Publication date: June 1, 2017
    Inventor: Nicholas Alexander Allen
  • IDENTIFYING KERNEL DATA STRUCTURES
    Publication number: 20170147387
    Abstract: Execution state information corresponding to an instantiated virtual machine are retrieved. A score to indicate a target memory location is able to be determined based at least in part on a source memory location is computed based at least in part on the execution state information. The score and the target memory location are indicated.
    Type: Application
    Filed: February 1, 2017
    Publication date: May 25, 2017
    Inventor: Nicholas Alexander Allen
  • ADAPTIVE TIMEOUTS FOR SECURITY CREDENTIALS
    Publication number: 20170134367
    Abstract: Session-specific information stored to a cookie or other secure token can be selected and/or caused to vary over time, such that older copies will become less useful over time. Such an approach reduces the ability of entities obtaining a copy of the cookie from performing unauthorized tasks on a session. A cookie received with a request can contain a timestamp and an operation count for a session that may need to fall within an acceptable range of the current values in order for the request to be processed. A cookie returned with a response can be set to the correct value or incremented from the previous value based on various factors. The allowable bands can decrease with age of the session, and various parameter values such as a badness factor for a session can be updated continually based on the events for the session.
    Type: Application
    Filed: January 18, 2017
    Publication date: May 11, 2017
    Inventors: Gregory B. Roth, Nicholas Alexander Allen, Cristian M. llac
  • ROLE-BASED ACCESS CONTROL ASSIGNMENT
    Publication number: 20170134434
    Abstract: A first probability that indicates a probability that a user is associated with a role is determined, with the first probability having a first score. The first probability is perturbed to determine a second probability having a second score. The second score is evaluated against the first score to determine that the second probability indicates a more optimal probability of the user being associated with the role than the first probability. The role is assigned to the user based at least in part on the second score.
    Type: Application
    Filed: January 24, 2017
    Publication date: May 11, 2017
    Inventor: Nicholas Alexander Allen
  • Updating virtual machine images
    Patent number: 9641406
    Abstract: Remote computing resource service providers allow customers to execute virtual computer systems in a virtual environment on hardware provided by the computing resource service provider. The virtual computer systems may be suspended for an indeterminate amount of time and saved as images in one or more storage systems of the service provider. Periodically, updates for the virtual computer systems are required. In order to update virtual computer systems that are stored in a suspended state, an offline patch and indirection map is generated and used to update the virtual computer systems.
    Type: Grant
    Filed: December 18, 2013
    Date of Patent: May 2, 2017
    Assignee: Amazon Technologies, Inc.
    Inventor: Nicholas Alexander Allen
  • Multithreaded application thread schedule selection
    Patent number: 9632823
    Abstract: A method and apparatus for multithreaded application thread schedule selection are disclosed. In the method and apparatus a thread execution schedule for executing an application is selected from a plurality of thread execution schedules, whereby the selection is based at least in part on an identity associated with the application and an identity associated with one or more inputs to the application. The application is then executed in accordance with the thread execution schedule and execution status information is stored as a result of execution of the application.
    Type: Grant
    Filed: September 8, 2014
    Date of Patent: April 25, 2017
    Assignee: Amazon Technologies, Inc.
    Inventor: Nicholas Alexander Allen
  • Distributed data store for hierarchical data
    Patent number: 9633073
    Abstract: A computing resource service provider may store user data in a distributed data storage system. The distributed data storage system may contain one or more storage nodes configured to store hierarchical data in one or more data stores such as a column data store. Data in the data stores may be compressed or otherwise encoded, by a storage optimizer, in order to reduce that redundancy in the hierarchical data stored in the one or more data stores. Responses to user queries may be fulfilled based at least in part on data stored in the one or more data stores. A query processor may scan multiple different data stores across various storage nodes in order to obtain items responsive to the user query.
    Type: Grant
    Filed: March 24, 2014
    Date of Patent: April 25, 2017
    Assignee: Amazon Technologies, Inc.
    Inventor: Nicholas Alexander Allen
  • Propagating state information to network nodes
    Patent number: 9609031
    Abstract: Method and apparatus for propagating state information updates are disclosed. In the method and apparatus, a node establishes connections with one or more nodes of a plurality of nodes based at least in part on the number of connections retained by each node of the plurality of nodes. The node may then propagate state information updates to the one or more nodes.
    Type: Grant
    Filed: December 17, 2013
    Date of Patent: March 28, 2017
    Assignee: Amazon Technologies, Inc.
    Inventor: Nicholas Alexander Allen
  • Overlay networks for application groups
    Patent number: 9602612
    Abstract: A method and apparatus for configuring an overlay network are provided. In the method and apparatus, a first application is caused to be deployed for execution on the first computer system, with the application being member of an application group. First information is provided to the first computer system, with the first information being usable for securing communication between at least the first application and a second application deployed to a second computer system. Second information usable for establishing a routing entity for the first computer system is provided to the first computer system, with the routing entity established to route data from or to the first application.
    Type: Grant
    Filed: May 4, 2016
    Date of Patent: March 21, 2017
    Assignee: Amazon Technologies, Inc.
    Inventor: Nicholas Alexander Allen
  • LATENCY-BASED DETECTION OF COVERT ROUTING
    Publication number: 20170054748
    Abstract: A method and apparatus for detecting covert routing is disclosed. In the method and apparatus, data addressed to a remote computer system are forwarded over a first network path, whereby the data is associated with a computer system of a plurality of computer systems. Further, a plurality of first network performance metrics is obtained. A likelihood of covert routing is determined based at least in part on the plurality of first network performance metrics.
    Type: Application
    Filed: November 4, 2016
    Publication date: February 23, 2017
    Inventor: Nicholas Alexander Allen
  • Identifying kernel data structures
    Patent number: 9575793
    Abstract: Techniques for identifying kernel data structures are disclosed herein. A representation of memory location relationships between pairs of memory locations is created based on a virtual machine image. A virtual machine is instantiated based at least in part on the representation and based at least in part on the virtual machine image. The representation is validated based on confidence scores associated with correlations between one or more memory snapshots of the virtual machine and the memory locations, and the parts of the representation that are not valid are removed from the representation.
    Type: Grant
    Filed: August 26, 2014
    Date of Patent: February 21, 2017
    Assignee: Amazon Technologies, Inc.
    Inventor: Nicholas Alexander Allen
  • Adaptive timeouts for security credentials
    Patent number: 9571488
    Abstract: Session-specific information stored to a cookie or other secure token can be selected and/or caused to vary over time, such that older copies will become less useful over time. Such an approach reduces the ability of entities obtaining a copy of the cookie from performing unauthorized tasks on a session. A cookie received with a request can contain a timestamp and an operation count for a session that may need to fall within an acceptable range of the current values in order for the request to be processed. A cookie returned with a response can be set to the correct value or incremented from the previous value based on various factors. The allowable bands can decrease with age of the session, and various parameter values such as a badness factor for a session can be updated continually based on the events for the session.
    Type: Grant
    Filed: November 30, 2015
    Date of Patent: February 14, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory B. Roth, Nicholas Alexander Allen, Cristian M. Ilac
  • Identifying tamper-resistant characteristics for kernel data structures
    Patent number: 9530007
    Abstract: Techniques for identifying tamper-resistant characteristics for kernel data structures are disclosed herein. A set of kernel data structures is received, the set based on an operating system kernel. A plurality of virtual machines are instantiated based on the operating system kernel, each virtual machine of the plurality of virtual machine instances based on one or more modifications to one or more values to the virtual machine, the modifications based on the kernel data structures. Those modifications which cause virtual machine failures indicate which kernel data structures may be tamper-resistant.
    Type: Grant
    Filed: August 26, 2014
    Date of Patent: December 27, 2016
    Assignee: Amazon Technologies, Inc.
    Inventor: Nicholas Alexander Allen
  • Analysis tool for data security
    Patent number: 9507943
    Abstract: Technologies are described herein for an analysis tool for data security. An analysis tool can be configured to analyze data using a dynamic analysis and a static analysis. During the dynamic analysis, test execution paths can be executed against the data to track dynamic flows corresponding to execution paths through the data and to track variable values for variables referenced during the dynamic analysis. During the static analysis, possible program execution paths can be identified. The dynamic flows can be mapped to the static flows and a taint status of the variables associated with the mapped dynamic flows can be evaluated. Based upon the taint status, the analysis tool can identify potentially unsafe static flows.
    Type: Grant
    Filed: February 19, 2013
    Date of Patent: November 29, 2016
    Assignee: Amazon Technologies, Inc.
    Inventor: Nicholas Alexander Allen
  • Signature-based detection of kernel data structure modification
    Patent number: 9507621
    Abstract: A method and apparatus for signature-based detection of kernel data structure modification are disclosed. In the method and apparatus a signature is generated for a kernel data structure, whereby the kernel data structure is capable of being modified based at least in part on access to the kernel data structure. The signature is also updated as a result of access to the kernel data structure due at least in part to one or more identified instructions being executed. The signature is used to determine whether the kernel data structure is accessed by one or more other instructions.
    Type: Grant
    Filed: August 26, 2014
    Date of Patent: November 29, 2016
    Assignee: Amazon Technologies, Inc.
    Inventor: Nicholas Alexander Allen
  • Multiply-encrypted message for filtering
    Patent number: 9497023
    Abstract: A multiple encryption mechanism is described. In an embodiment, an encrypted electronic message and a first decryption key of a public-private key group is received. The first decryption key is operable to decrypt a set of properties for the encrypted electronic message without decrypting the encrypted electronic message. The encrypted electronic message and the set of message properties are encrypted using one or more encryption keys of the public-private key group. The set of properties for the encrypted electronic message is decrypted using the first decryption key. Using the decrypted set of properties, it is determined whether the encrypted electronic message should be flagged as a specified type of electronic message.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: November 15, 2016
    Assignee: Amazon Technologies, Inc.
    Inventor: Nicholas Alexander Allen
  • Latency-based detection of covert routing
    Patent number: 9491188
    Abstract: A method and apparatus for detecting covert routing is disclosed. In the method and apparatus, a plurality of first data portions addressed to a remote computer system are forwarded over a first network path, whereby each first data portion of the plurality of first data portions is associated with a computer system of a plurality of computer systems. Further, a plurality of first network performance metrics are obtained, whereby each first network performance metric of the plurality of first network performance metrics is associated with a routing of a first data portion of the plurality of first data portions over the first network path. A likelihood of covert routing is determined based at least in part on the plurality of first network performance metrics.
    Type: Grant
    Filed: January 24, 2014
    Date of Patent: November 8, 2016
    Assignee: Amazon Technologies, Inc.
    Inventor: Nicholas Alexander Allen