Patents by Inventor John David Backes
John David Backes has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12335149Abstract: Techniques implemented by a network-access analysis system to analyze network access controls for networks, identify traffic flows that are unobserved and unrequired, and determine proposed changes to the network access controls that restrict access from unobserved traffic flows. The system may analyze the network access controls, and determine whether unrequired traffic flows are allowed to be communicated in the network. For instance, the system may analyze network flow logs and identify observed traffic flows that are required by applications in the network, and also identify unobserved traffic flows that are permitted access to, but are not observed in, the network. The system may propose changes to the network access controls to restrict network access by these unobserved traffic flows. A network administrator can receive recommendations from the system regarding the proposed changes, and determine whether they would like to implement the proposed changes to their network access controls.Type: GrantFiled: September 15, 2022Date of Patent: June 17, 2025Assignee: AMAZON TECHNOLOGIES, INC.Inventors: Samuel Bayless, John David Backes, Vaibhav Katkade, Daniel William Dacosta, Syed Mubashir Iqbal, Nadia Labai, Patrick Trentin, Nikolaos Giannarakis, Nathan Launchbury, Divya Raghunathan
-
Publication number: 20250175479Abstract: Network management systems and associated methods are described for providing intent-driven management of networks. A transaction journal of intents for a network may be maintained to define intended behavior of the network. A proposed intent may be received and verified, and the transaction journal may selectively be updated to include the proposed intent based on the verification. Changes for network devices and/or services may be propagated to control the network to adhere to the intents of the journal, including the proposed intent when verified. The network may be monitored to identify and mitigate violations of the intents of the journal or other issues.Type: ApplicationFiled: November 24, 2023Publication date: May 29, 2025Applicant: Amazon Technologies, Inc.Inventors: Stephen Callaghan, Michael Rayhelson, John David Backes, Partha Pratim Roy, Sean Flinn, Viktor Heorhiadi, Dominic Casanova Grande, Vandana Saha, John Veizades, David Ee Kwung Lapsley, James Paul Rivers, Giacomo Bernardi
-
Publication number: 20250175387Abstract: Network management systems and associated methods are described for providing intent-driven management of networks using one or more compilers. An intent identifying an expectation for behavior in a network and entity associations for the intent may be received at a compiler. The compiler may determine one or more artifacts for the respective entities based on the intent. The compiler may output instructions based on the artifacts for the consumers. The instructions may be in a language and/or format corresponding to the consumers.Type: ApplicationFiled: October 28, 2024Publication date: May 29, 2025Applicant: Amazon Technologies, Inc.Inventors: John David Backes, Giacomo Bernardi, Nikolaos Giannarakis, Viktor Heorhiadi, Stephen Callaghan
-
Patent number: 12155530Abstract: Network management systems and associated methods are described for providing intent-driven management of networks using one or more compilers. An intent identifying an expectation for behavior in a network and entity associations for the intent may be received at a compiler. The compiler may determine one or more artifacts for the respective entities based on the intent. The compiler may output instructions based on the artifacts for the consumers. The instructions may be in a language and/or format corresponding to the consumers.Type: GrantFiled: November 24, 2023Date of Patent: November 26, 2024Assignee: Amazon Technologies, Inc.Inventors: John David Backes, Giacomo Bernardi, Nikolaos Giannarakis, Viktor Heorhiadi, Stephen Callaghan
-
Patent number: 11803766Abstract: An automated security assessment service of a service provider network may identify, and notify a customer of, misconfigured VM instances that can be access (e.g., via the Internet). A scanner tool may call an automated reasoning service to identify any VM instances of a customer that can be accessed, and may receive information from the automated reasoning service that is usable to exchange packets with those identified instances. The scanner tool can use the information to send requests to the identified instances. After receiving responses from the identified instances, the scanner tool can store, in storage of a network-based storage service, and in association with a customer account of the customer, encrypted data about the results of the scan (e.g., any VM instances that are vulnerable to attackers), and this encrypted data is thereby accessible to the customer with proper decrypt permissions.Type: GrantFiled: December 12, 2019Date of Patent: October 31, 2023Assignee: Amazon Technologies, Inc.Inventors: Preethi Srinivasan, Sreekanth Reddy Polaka, Christopher Wooram Yi, John David Backes, Everett Richard Anthony, Aparna Nagargadde, Mark Edward Stalzer
-
Patent number: 11743122Abstract: A network change verification (NCV) system is disclosed for checking whether a proposed configuration change on a network alters the way that the network controls recently observed network flows. In embodiments, the system builds an observed flow control model (OFCM) from logs of recent flows observed in the network. The OFCM, which may be periodically updated based on newly observed flows, provides a compact representation of how individual network flows were ostensibly controlled by the network. When a proposed configuration change is received, the system analyzes the change against the OFCM to check whether the change will alter how the network controls recently observed flows. If so, the proposed change is blocked, and an alert is generated identifying flows that are affected by the change. The NCV system thus prevents network operators from accidentally making changes on the network that will materially alter the behavior of the network.Type: GrantFiled: March 30, 2022Date of Patent: August 29, 2023Assignee: Amazon Technologies, Inc.Inventors: Samuel Bayless, John David Backes, Daniel William Dacosta, Vaibhav Katkade, Sagar Chintamani Joshi, Nadia Labai, Syed Mubashir Iqbal, Patrick Trentin, Nathan Launchbury, Nikolaos Giannarakis, Victor Heorhiadi, Nick Matthews
-
Patent number: 11245614Abstract: Features are disclosed for managing routing rules stored by a routing device and used to manage network traffic in a network. A computing device can receive multiple routing rules corresponding to multiple routing devices in the network. The computing device can use a formal specification and a snapshot to generate a model of the network. The computing device may use the model in order to statically determine the set of possible paths without causing the transmission of data between a routing device and a destination. the computing device may compare the identified routing rules and the possible paths in order to determine excess routing rules. The computing device may remove the excess routing rules from the routing rules for each routing device such that each routing device routes subsequent network traffic based on the updated routing rules.Type: GrantFiled: December 7, 2020Date of Patent: February 8, 2022Assignee: Amazon Technologies, Inc.Inventors: John David Backes, Samuel Bayless, Daniel William Dacosta, Ao Li
-
Patent number: 11206175Abstract: This disclosure describes techniques for identifying blocked paths and network configuration settings that block paths in networks, such as network paths in a virtual private cloud (VPC). The configuration of virtual networks depends on the correct configuration of many networking resources, such as firewalls, security groups, routing lists, access control lists (ACLs), and the like. In some cases, an analysis that uses formal methods can be performed to determine a network configuration of a virtual network. Using the network configuration information, network paths that are blocked and network configuration settings that may be blocking one or more of the network paths can be determined. The PAS can provide an explanation of what is blocking the network paths. For example, the PAS may identify that a configuration setting of a firewall, router, network gateway, an access control list (ACL), and the like may be blocking a network path.Type: GrantFiled: December 10, 2020Date of Patent: December 21, 2021Assignee: Amazon Technologies, Inc.Inventors: Samuel Bayless, John David Backes, Daniel William Dacosta, Benjamin F Jones, Patrick Trentin, Nathan Launchbury, Sagar Chintamani Joshi, Nandita Mathews