Patents by Inventor Catherine Dodge
Catherine Dodge has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230262087Abstract: Methods, systems, and computer-readable media for automated packetless network reachability analysis are disclosed. An analysis is performed of network configuration data for a network comprising a host computer. Based at least in part on the analysis, one or more ports at the host computer that are reachable from another computer are determined. Based at least in part on the analysis, one or more routes to the one or more ports are determined. A report is generated that is descriptive of the one or more ports and the one or more routes.Type: ApplicationFiled: April 25, 2023Publication date: August 17, 2023Applicant: Amazon Technologies, Inc.Inventors: Catherine Dodge, Nikhil Reddy Cheruku, John Byron Cook, Temesghen Kahsai Azene, William Jo Kocik, Sean McLaughlin, Mark Edward Stalzer, Blake Whaley, Yiwen Wu
-
Patent number: 11671442Abstract: Methods, systems, and computer-readable media for automated packetless network reachability analysis are disclosed. An analysis is performed of network configuration data for a network comprising a host computer. Based at least in part on the analysis, one or more ports at the host computer that are reachable from another computer are determined. Based at least in part on the analysis, one or more routes to the one or more ports are determined. A report is generated that is descriptive of the one or more ports and the one or more routes.Type: GrantFiled: August 27, 2021Date of Patent: June 6, 2023Assignee: Amazon Technologies, Inc.Inventors: Catherine Dodge, Nikhil Reddy Cheruku, John Byron Cook, Temesghen Kahsai Azene, William Jo Kocik, Sean McLaughlin, Mark Edward Stalzer, Blake Whaley, Yiwen Wu
-
Patent number: 11616800Abstract: Security policies may be utilized to grant or deny permissions related to the access of computing resources. Two or more security policies may be compared to determine whether the policies are equivalent, whether one security is more permissive than another, and more. In some cases, it may be possible to identify whether there exists a security permission that is sufficient to determine two security policies lack equivalency. Propositional logics may be utilized in the evaluation of security policies.Type: GrantFiled: August 5, 2020Date of Patent: March 28, 2023Assignee: Amazon Technologies, Inc.Inventors: John Cook, Neha Rungta, Catherine Dodge, Jeff Puchalski, Carsten Varming
-
Publication number: 20210392157Abstract: Methods, systems, and computer-readable media for automated packetless network reachability analysis are disclosed. An analysis is performed of network configuration data for a network comprising a host computer. Based at least in part on the analysis, one or more ports at the host computer that are reachable from another computer are determined. Based at least in part on the analysis, one or more routes to the one or more ports are determined. A report is generated that is descriptive of the one or more ports and the one or more routes.Type: ApplicationFiled: August 27, 2021Publication date: December 16, 2021Applicant: Amazon Technologies, Inc.Inventors: Catherine Dodge, Nikhil Reddy Cheruku, John Byron Cook, Temesghen Kahsai Azene, William Jo Kocik, Sean McLaughlin, Mark Edward Stalzer, Blake Whaley, Yiwen Wu
-
Publication number: 20210377126Abstract: A virtual network verification service for provider networks that leverages a declarative logic programming language to allow clients to pose queries about their virtual networks as constraint problems; the queries may be resolved using a constraint solver engine. Semantics and logic for networking primitives of virtual networks in the provider network environment may be encoded as a set of rules according to the logic programming language; networking security standards and/or client-defined rules may also be encoded in the rules. A description of a virtual network may be obtained and encoded. A constraint problem expressed by a query may then be resolved for the encoded description according to the encoded rules using the constraint solver engine; the results may be provided to the client.Type: ApplicationFiled: August 11, 2021Publication date: December 2, 2021Applicant: Amazon Technologies, Inc.Inventors: John Cook, Catherine Dodge, Sean McLaughlin
-
Patent number: 11108805Abstract: Methods, systems, and computer-readable media for automated packetless network reachability analysis are disclosed. An analysis is performed of network configuration data for a network comprising a host computer. Based at least in part on the analysis, one or more ports at the host computer that are reachable from another computer are determined. Based at least in part on the analysis, one or more routes to the one or more ports are determined. A report is generated that is descriptive of the one or more ports and the one or more routes.Type: GrantFiled: June 27, 2018Date of Patent: August 31, 2021Assignee: Amazon Technologies, Inc.Inventors: Catherine Dodge, Nikhil Reddy Cheruku, John Byron Cook, Temesghen Kahsai Azene, William Jo Kocik, Sean McLaughlin, Mark Edward Stalzer, Blake Whaley, Yiwen Wu
-
Patent number: 11095523Abstract: A virtual network verification service for provider networks that leverages a declarative logic programming language to allow clients to pose queries about their virtual networks as constraint problems; the queries may be resolved using a constraint solver engine. Semantics and logic for networking primitives of virtual networks in the provider network environment may be encoded as a set of rules according to the logic programming language; networking security standards and/or client-defined rules may also be encoded in the rules. A description of a virtual network may be obtained and encoded. A constraint problem expressed by a query may then be resolved for the encoded description according to the encoded rules using the constraint solver engine; the results may be provided to the client.Type: GrantFiled: November 1, 2019Date of Patent: August 17, 2021Assignee: Amazon Technologies, Inc.Inventors: John Cook, Catherine Dodge, Sean McLaughlin
-
Patent number: 11017107Abstract: A security assessment system of a computing resource service provider performs security analyses of virtual resource instances, such as virtual machine instances and virtual data store instances, to verify that certain invariable security requirements are satisfied by the instances' corresponding configurations; these analyses are performed before the instances are provisioned and deployed. If the security checks, which can be selected by the administrator of the resources, fail, the requested resources are denied deployment. Notifications identifying the faulty configuration(s) may be send to the administrative user. A template for launching virtual resource instances may be transformed into an optimized template for performing the pre-deployment security checks, such as by storing information needed to perform the checks within the optimized template itself.Type: GrantFiled: March 6, 2018Date of Patent: May 25, 2021Assignee: Amazon Technologies, Inc.Inventors: Neha Rungta, Pauline Virginie Bolignano, Catherine Dodge, Carsten Varming, John Cook, Rajesh Viswanathan, Daryl Stephen Cooke, Santosh Kalyankrishnan
-
Patent number: 10977111Abstract: A constraint solver service of a computing resource service provider performs evaluations of logic problems provided by the service provider's users and/or services by deploying a plurality of constraint solvers to concurrently evaluate the logic problem. Each deployed solver has, or is configured with, different characteristics and/or capabilities than the other solvers; thus, the solvers can have varying execution times and ways of finding a solution. The service may control execution of the solvers using virtual computing resources, such as by installing and configuring a solver to execute in a software container instance. The service receives solver results and delivers them according to a solution strategy such as “first received” to reduce latency or “check for agreement” to validate the solution. An interface allows the provider of the logic problem to select and configure solvers, issue commands and modifications during solver execution, select the solution strategy, and receive the solution.Type: GrantFiled: August 28, 2018Date of Patent: April 13, 2021Assignee: Amazon Technologies, Inc.Inventors: Neha Rungta, Temesghen Kahsai Azene, Pauline Virginie Bolignano, Kasper Soe Luckow, Sean McLaughlin, Catherine Dodge, Andrew Jude Gacek, Carsten Varming, John Byron Cook, Daniel Schwartz-Narbonne, Juan Rodriguez Hortala
-
Publication number: 20200366707Abstract: Security policies may be utilized to grant or deny permissions related to the access of computing resources. Two or more security policies may be compared to determine whether the policies are equivalent, whether one security is more permissive than another, and more. In some cases, it may be possible to identify whether there exists a security permission that is sufficient to determine two security policies lack equivalency. Propositional logics may be utilized in the evaluation of security policies.Type: ApplicationFiled: August 5, 2020Publication date: November 19, 2020Inventors: John Cook, Neha Rungta, Catherine Dodge, Jeff Puchalski, Carsten Varming
-
Patent number: 10757128Abstract: Security policies may be utilized to grant or deny permissions related to the access of computing resources. Two or more security policies may be compared to determine whether the policies are equivalent, whether one security is more permissive than another, and more. In some cases, it may be possible to identify whether there exists a security permission that is sufficient to determine two security policies lack equivalency. Propositional logics may be utilized in the evaluation of security policies.Type: GrantFiled: June 29, 2017Date of Patent: August 25, 2020Assignee: Amazon Technologies, Inc.Inventors: John Cook, Neha Rungta, Catherine Dodge, Jeff Puchalski, Carsten Varming
-
Patent number: 10630695Abstract: Requests of a computing system may be monitored. A request associated with the application of a policy may be identified and a policy verification routine may be invoked. The policy verification routine may detect whether the policy of the request is more permissive than a reference policy and perform a mitigation routine in response to determining that the policy of the request is more permissive than the reference policy. Propositional logics may be utilized in the evaluation of policies.Type: GrantFiled: June 29, 2017Date of Patent: April 21, 2020Assignee: Amazon Technologies, Inc.Inventors: John Cook, Neha Rungta, Catherine Dodge, Jeff Puchalski, Carsten Varming
-
Publication number: 20200073739Abstract: A constraint solver service of a computing resource service provider performs evaluations of logic problems provided by the service provider's users and/or services by deploying a plurality of constraint solvers to concurrently evaluate the logic problem. Each deployed solver has, or is configured with, different characteristics and/or capabilities than the other solvers; thus, the solvers can have varying execution times and ways of finding a solution. The service may control execution of the solvers using virtual computing resources, such as by installing and configuring a solver to execute in a software container instance. The service receives solver results and delivers them according to a solution strategy such as “first received” to reduce latency or “check for agreement” to validate the solution. An interface allows the provider of the logic problem to select and configure solvers, issue commands and modifications during solver execution, select the solution strategy, and receive the solution.Type: ApplicationFiled: August 28, 2018Publication date: March 5, 2020Inventors: Neha RUNGTA, Temesghen KAHSAI AZENE, Pauline Virginie BOLIGNANO, Kasper Soe LUCKOW, Sean McLAUGHLIN, Catherine DODGE, Andrew Jude GACEK, Carsten VARMING, John Byron COOK, Daniel SCHWARTZ-NARBONNE, Juan Rodriguez HORTALA
-
Publication number: 20200067785Abstract: A virtual network verification service for provider networks that leverages a declarative logic programming language to allow clients to pose queries about their virtual networks as constraint problems; the queries may be resolved using a constraint solver engine. Semantics and logic for networking primitives of virtual networks in the provider network environment may be encoded as a set of rules according to the logic programming language; networking security standards and/or client-defined rules may also be encoded in the rules. A description of a virtual network may be obtained and encoded. A constraint problem expressed by a query may then be resolved for the encoded description according to the encoded rules using the constraint solver engine; the results may be provided to the client.Type: ApplicationFiled: November 1, 2019Publication date: February 27, 2020Applicant: Amazon Technologies, Inc.Inventors: John Cook, Catherine Dodge, Sean McLaughlin
-
Publication number: 20200007569Abstract: Methods, systems, and computer-readable media for automated packetless network reachability analysis are disclosed. An analysis is performed of network configuration data for a network comprising a host computer. Based at least in part on the analysis, one or more ports at the host computer that are reachable from another computer are determined. Based at least in part on the analysis, one or more routes to the one or more ports are determined. A report is generated that is descriptive of the one or more ports and the one or more routes.Type: ApplicationFiled: June 27, 2018Publication date: January 2, 2020Applicant: Amazon Technologies, Inc.Inventors: Catherine Dodge, Nikhil Reddy Cheruku, John Byron Cook, Temesghen Kahsai Azene, William Jo Kocik, Sean McLaughlin, Mark Edward Stalzer, Blake Whaley, Yiwen Wu
-
Patent number: 10469324Abstract: A virtual network verification service for provider networks that leverages a declarative logic programming language to allow clients to pose queries about their virtual networks as constraint problems; the queries may be resolved using a constraint solver engine. Semantics and logic for networking primitives of virtual networks in the provider network environment may be encoded as a set of rules according to the logic programming language; networking security standards and/or client-defined rules may also be encoded in the rules. A description of a virtual network may be obtained and encoded. A constraint problem expressed by a query may then be resolved for the encoded description according to the encoded rules using the constraint solver engine; the results may be provided to the client.Type: GrantFiled: November 22, 2016Date of Patent: November 5, 2019Assignee: Amazon Technologies, Inc.Inventors: John Cook, Catherine Dodge, Sean McLaughlin
-
Publication number: 20190278928Abstract: A security assessment system of a computing resource service provider performs security analyses of virtual resource instances, such as virtual machine instances and virtual data store instances, to verify that certain invariable security requirements are satisfied by the instances' corresponding configurations; these analyses are performed before the instances are provisioned and deployed. If the security checks, which can be selected by the administrator of the resources, fail, the requested resources are denied deployment. Notifications identifying the faulty configuration(s) may be send to the administrative user. A template for launching virtual resource instances may be transformed into an optimized template for performing the pre-deployment security checks, such as by storing information needed to perform the checks within the optimized template itself.Type: ApplicationFiled: March 6, 2018Publication date: September 12, 2019Inventors: Neha RUNGTA, Pauline Virginie BOLIGNANO, Catherine DODGE, Carsten VARMING, John COOK, Rajesh VISWANATHAN, Daryl Stephen COOKE, Santosh KALYANKRISHNAN
-
Publication number: 20190007443Abstract: Security policies may be utilized to grant or deny permissions related to the access of computing resources. Two or more security policies may be compared to determine whether the policies are equivalent, whether one security is more permissive than another, and more. In some cases, it may be possible to identify whether there exists a security permission that is sufficient to determine two security policies lack equivalency. Propositional logics may be utilized in the evaluation of security policies.Type: ApplicationFiled: June 29, 2017Publication date: January 3, 2019Inventors: John Cook, Neha Rungta, Catherine Dodge, Jeff Puchalski, Carsten Varming
-
Publication number: 20190007418Abstract: Requests of a computing system may be monitored. A request associated with the application of a policy may be identified and a policy verification routine may be invoked. The policy verification routine may detect whether the policy of the request is more permissive than a reference policy and perform a mitigation routine in response to determining that the policy of the request is more permissive than the reference policy. Propositional logics may be utilized in the evaluation of policies.Type: ApplicationFiled: June 29, 2017Publication date: January 3, 2019Inventors: John Cook, Neha Rungta, Catherine Dodge, Jeff Puchalski, Carsten Varming
-
Publication number: 20180145879Abstract: A virtual network verification service for provider networks that leverages a declarative logic programming language to allow clients to pose queries about their virtual networks as constraint problems; the queries may be resolved using a constraint solver engine. Semantics and logic for networking primitives of virtual networks in the provider network environment may be encoded as a set of rules according to the logic programming language; networking security standards and/or client-defined rules may also be encoded in the rules. A description of a virtual network may be obtained and encoded. A constraint problem expressed by a query may then be resolved for the encoded description according to the encoded rules using the constraint solver engine; the results may be provided to the client.Type: ApplicationFiled: November 22, 2016Publication date: May 24, 2018Applicant: Amazon Technologies, Inc.Inventors: John Cook, Catherine Dodge, Sean McLaughlin