Patents by Inventor Oksana Tkachuk
Oksana Tkachuk has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11750642Abstract: This disclosure describes techniques for automating a system-level security review of a network-based service. The techniques may include generating and utilizing a machine-readable threat model to identify system-level security threats to the network-based service. The network-based service may be scanned upon being provisioned in a service-provider network, and the machine-readable threat model may be generated based on results of the scan. The machine-readable threat model may represent components of the network-based service, system-level security constraints configured to identify system-level security threats to the service, and mitigations to remedy violations to the system-level security constraints. The network-based service may be continuously, or periodically, scanned to identify changes in the network-based service.Type: GrantFiled: August 15, 2022Date of Patent: September 5, 2023Assignee: Amazon Technologies, Inc.Inventors: Michael Tautschnig, Neha Rungta, John Cook, Pauline Virginie Bolignano, Todd Granger MacDermid, Oksana Tkachuk
-
Patent number: 11418532Abstract: This disclosure describes techniques for automating a system-level security review of a network-based service. The techniques may include generating and utilizing a machine-readable threat model to identify system-level security threats to the network-based service. The network-based service may be scanned upon being provisioned in a service-provider network, and the machine-readable threat model may be generated based on results of the scan. The machine-readable threat model may represent components of the network-based service, system-level security constraints configured to identify system-level security threats to the service, and mitigations to remedy violations to the system-level security constraints. The network-based service may be continuously, or periodically, scanned to identify changes in the network-based service.Type: GrantFiled: April 7, 2020Date of Patent: August 16, 2022Assignee: Amazon Technologies, Inc.Inventors: Michael Tautschnig, Neha Rungta, John Cook, Pauline Virginie Bolignano, Todd Granger MacDermid, Oksana Tkachuk
-
Patent number: 11128653Abstract: In some embodiments, a system is provided, and computer-executable instructions cause the system to: obtain a file with instructions for provisioning resources of a service by referencing types of compute resources and including instructions for generating a customized resource of a first type; determine that the file references a first type of compute resources; retrieve threat modeling information associated with the first type of resource, including information identifying a first potential threat; generate a graph with nodes representing the first type of resource, the customized resource, and the first potential threat, and an edge connecting the first node and the second node with a predicate indicative of the relationship them; generate an ontology statement that relate the customized resource and first type of resource; and provide a plurality of ontology statements representing the graph to a reasoner to perform at least a portion of a security review without user intervention.Type: GrantFiled: December 13, 2018Date of Patent: September 21, 2021Assignee: Amazon Technologies, Inc.Inventors: Oksana Tkachuk, Claudia Cauli, Neha Rungta, Pauline Virginie Bolignano, Juan Rodriguez Hortala, Sean Maher
-
Patent number: 10652266Abstract: This disclosure describes techniques for automating a system-level security review of a network-based service. The techniques may include generating and utilizing a machine-readable threat model to identify system-level security threats to the network-based service. The network-based service may be scanned upon being provisioned in a service-provider network, and the machine-readable threat model may be generated based on results of the scan. The machine-readable threat model may represent components of the network-based service, system-level security constraints configured to identify system-level security threats to the service, and mitigations to remedy violations to the system-level security constraints. The network-based service may be continuously, or periodically, scanned to identify changes in the network-based service.Type: GrantFiled: February 28, 2018Date of Patent: May 12, 2020Assignee: Amazon Technologies, Inc.Inventors: Michael Tautschnig, Neha Rungta, John Cook, Pauline Virginie Bolignano, Todd Granger MacDermid, Oksana Tkachuk
-
Patent number: 8504997Abstract: In particular embodiments, an environment for modular software analysis is generated for a software module under analysis. Irrelevancy analysis is performed on the software module to determine that, for each input datum to the software module, whether the input datum is relevant or irrelevant with respect to branch coverage of the module code. A default concrete value is assigned to each irrelevant input datum. A set of concrete values is calculated for each relevant input datum using symbolic execution. The environment is enhanced such that default concrete values are passed to the software module for the irrelevant input data and sets of concrete values generated using symbolic execution are passed to the software module for the relevant input data. The enhanced environment enables module analysis with as much as 100% branch coverage of the module code.Type: GrantFiled: March 19, 2009Date of Patent: August 6, 2013Assignee: Fujitsu LimitedInventors: Oksana Tkachuk, Indradeep Ghosh, Sreeranga P. Rajan
-
Patent number: 8453117Abstract: In one embodiment, a method includes accessing an event-driven application input by a user, the event-driven application comprising source code, one or more use cases input by the user for the event-driven application, and one or more functional requirements input by the user for the event-driven application; parsing the use cases and the functional requirements according to the predefined syntax to construct one or more validation modules for validating the event-driven application without any modification to the source code of the event-driven application for validation purposes; formally validating the event-driven application using the validation modules without relying on assertions inserted into the source code of the event-driven application for validation purposes; and if the formal validation finds one or more defects in the event-driven application, generating output for communication to the user identifying the defects.Type: GrantFiled: March 9, 2010Date of Patent: May 28, 2013Assignee: Fujitsu LimitedInventors: Sreeranga P. Rajan, Mukul Prasad, Oksana Tkachuk, Indradeep Ghosh
-
Patent number: 8402319Abstract: In one embodiment, a method includes automated extraction of the Page Transition Graph (PTG) model for model-based analysis of web applications.Type: GrantFiled: September 30, 2010Date of Patent: March 19, 2013Assignee: Fujitsu LimitedInventors: Oksana Tkachuk, Sreeranga P. Rajan
-
Patent number: 8347320Abstract: In one embodiment, a method includes specifying an application-specific navigation model of an event-driven application; analyzing the navigation model with respect to one or more navigation requirements of the event-driven application to determine whether the event-driven application satisfies the navigation requirements; generating one or more drivers for the event-driven application based on the navigation model; and traversing the navigation model with the application-independent event drivers to analyze the event-driven application with respect to one or more business-logic requirements of the event-driven application to determine whether the event-driven application satisfies the business-logic requirements.Type: GrantFiled: March 31, 2010Date of Patent: January 1, 2013Assignee: Fujitsu LimitedInventors: Oksana Tkachuk, Sreeranga P. Rajan
-
Publication number: 20120084609Abstract: In one embodiment, a method includes automated extraction of the Page Transition Graph (PTG) model for model-based analysis of web applications.Type: ApplicationFiled: September 30, 2010Publication date: April 5, 2012Applicant: FUJITSU LIMITEDInventors: Oksana Tkachuk, Sreeranga P. Rajan
-
Publication number: 20110225568Abstract: In one embodiment, a method includes accessing an event-driven application input by a user, the event-driven application comprising source code, one or more use cases input by the user for the event-driven application, and one or more functional requirements input by the user for the event-driven application; parsing the use cases and the functional requirements according to the predefined syntax to construct one or more validation modules for validating the event-driven application without any modification to the source code of the event-driven application for validation purposes; formally validating the event-driven application using the validation modules without relying on assertions inserted into the source code of the event-driven application for validation purposes; and if the formal validation finds one or more defects in the event-driven application, generating output for communication to the user identifying the defects.Type: ApplicationFiled: March 9, 2010Publication date: September 15, 2011Applicant: FUJITSU LIMITEDInventors: Sreeranga P. Rajan, Mukul Prasad, Oksana Tkachuk, Indradeep Ghosh
-
Publication number: 20100293557Abstract: In one embodiment, a method includes specifying an application-specific navigation model of an event-driven application; analyzing the navigation model with respect to one or more navigation requirements of the event-driven application to determine whether the event-driven application satisfies the navigation requirements; generating one or more drivers for the event-driven application based on the navigation model; and traversing the navigation model with the application-independent event drivers to analyze the event-driven application with respect to one or more business-logic requirements of the event-driven application to determine whether the event-driven application satisfies the business-logic requirements.Type: ApplicationFiled: March 31, 2010Publication date: November 18, 2010Applicant: FUJITSU LIMITEDInventors: Oksana Tkachuk, Sreeranga P. Rajan
-
Publication number: 20100242029Abstract: In particular embodiments, an environment for modular software analysis is generated for a software module under analysis. Irrelevancy analysis is performed on the software module to determine that, for each input datum to the software module, whether the input datum is relevant or irrelevant with respect to branch coverage of the module code. A default concrete value is assigned to each irrelevant input datum. A set of concrete values is calculated for each relevant input datum using symbolic execution. The environment is enhanced such that default concrete values are passed to the software module for the irrelevant input data and sets of concrete values generated using symbolic execution are passed to the software module for the relevant input data. The enhanced environment enables module analysis with as much as 100% branch coverage of the module code.Type: ApplicationFiled: March 19, 2009Publication date: September 23, 2010Applicant: Fujitsu LimitedInventors: Oksana Tkachuk, Indradeep Ghosh, Sreeranga P. Rajan
-
Patent number: 7685471Abstract: A method for detecting software defects includes selecting from a target program comprising a plurality of modules a first module for evaluation and isolating the first module. The method also includes iteratively performing the following steps until the first module has been reduced such that a validation program is able to determine whether the first module contains a defect: generating an environment surrounding the first module, the generated environment preserving at least one external constraint on the first module; reducing the size of the first module; and reducing the number of program states associated with the first module.Type: GrantFiled: February 1, 2007Date of Patent: March 23, 2010Assignee: Fujitsu LimitedInventors: Sreeranga P. Rajan, Oksana Tkachuk, Mukul R. Prasad, Indradeep Ghosh
-
Publication number: 20080189686Abstract: A method for detecting software defects includes selecting from a target program comprising a plurality of modules a first module for evaluation and isolating the first module. The method also includes iteratively performing the following steps until the first module has been reduced such that a validation program is able to determine whether the first module contains a defect: generating an environment surrounding the first module, the generated environment preserving at least one external constraint on the first module; reducing the size of the first module; and reducing the number of program states associated with the first module.Type: ApplicationFiled: February 1, 2007Publication date: August 7, 2008Applicant: Fujitsu LimitedInventors: Sreeranga P. Rajan, Oksana Tkachuk, Mukul R. Prasad, Indradeep Ghosh