Patents by Inventor Pauline Virginie BOLIGNANO
Pauline Virginie BOLIGNANO has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11750642Abstract: This disclosure describes techniques for automating a system-level security review of a network-based service. The techniques may include generating and utilizing a machine-readable threat model to identify system-level security threats to the network-based service. The network-based service may be scanned upon being provisioned in a service-provider network, and the machine-readable threat model may be generated based on results of the scan. The machine-readable threat model may represent components of the network-based service, system-level security constraints configured to identify system-level security threats to the service, and mitigations to remedy violations to the system-level security constraints. The network-based service may be continuously, or periodically, scanned to identify changes in the network-based service.Type: GrantFiled: August 15, 2022Date of Patent: September 5, 2023Assignee: Amazon Technologies, Inc.Inventors: Michael Tautschnig, Neha Rungta, John Cook, Pauline Virginie Bolignano, Todd Granger MacDermid, Oksana Tkachuk
-
Patent number: 11483350Abstract: Techniques for intent-based governance are described. For example, in some instances a method of receiving an indication of a change involving of one or more of code, a policy, a network configuration, or a governance requirement rule impacting a resource in a provider network for an account that is to be analyzed using one or more governance requirement rules; determining one or more governance requirement rules to evaluate for compliance after the update; evaluating the determined one or more governance requirement rules for compliance using one or more reasoning engines according to one or more policies; and making a result of the evaluating available to a user provides such governance.Type: GrantFiled: March 29, 2019Date of Patent: October 25, 2022Assignee: Amazon Technologies, Inc.Inventors: Pauline Virginie Bolignano, Tyler Bray, John Byron Cook, Andrew Jude Gacek, Kasper Søe Luckow, Andrea Nedic, Neha Rungta, Cole Schlesinger, Carsten Varming
-
Patent number: 11483317Abstract: A policy auditing service can be implemented, in accordance with at least one embodiment that obtains a set of parameters that indicates a snapshot of a policy configuration for an account, a query, and a security policy. The security policy may encode a security requirement or invariant. The policy auditing system may determine states that can be reached via mutative operations (e.g., role assumption) and use a policy analyzer service to determine whether assuming a role results in a grant of access that is at least as permissive as the security policy of the set of parameters.Type: GrantFiled: November 30, 2018Date of Patent: October 25, 2022Assignee: Amazon Technologies, Inc.Inventors: Pauline Virginie Bolignano, John Byron Cook, Andrew Jude Gacek, Kasper Luckow, Neha Rungta, Cole Schlesinger, Ian Sweet, Carsten Varming
-
Patent number: 11418532Abstract: This disclosure describes techniques for automating a system-level security review of a network-based service. The techniques may include generating and utilizing a machine-readable threat model to identify system-level security threats to the network-based service. The network-based service may be scanned upon being provisioned in a service-provider network, and the machine-readable threat model may be generated based on results of the scan. The machine-readable threat model may represent components of the network-based service, system-level security constraints configured to identify system-level security threats to the service, and mitigations to remedy violations to the system-level security constraints. The network-based service may be continuously, or periodically, scanned to identify changes in the network-based service.Type: GrantFiled: April 7, 2020Date of Patent: August 16, 2022Assignee: Amazon Technologies, Inc.Inventors: Michael Tautschnig, Neha Rungta, John Cook, Pauline Virginie Bolignano, Todd Granger MacDermid, Oksana Tkachuk
-
Patent number: 11128653Abstract: In some embodiments, a system is provided, and computer-executable instructions cause the system to: obtain a file with instructions for provisioning resources of a service by referencing types of compute resources and including instructions for generating a customized resource of a first type; determine that the file references a first type of compute resources; retrieve threat modeling information associated with the first type of resource, including information identifying a first potential threat; generate a graph with nodes representing the first type of resource, the customized resource, and the first potential threat, and an edge connecting the first node and the second node with a predicate indicative of the relationship them; generate an ontology statement that relate the customized resource and first type of resource; and provide a plurality of ontology statements representing the graph to a reasoner to perform at least a portion of a security review without user intervention.Type: GrantFiled: December 13, 2018Date of Patent: September 21, 2021Assignee: Amazon Technologies, Inc.Inventors: Oksana Tkachuk, Claudia Cauli, Neha Rungta, Pauline Virginie Bolignano, Juan Rodriguez Hortala, Sean Maher
-
Patent number: 11017107Abstract: A security assessment system of a computing resource service provider performs security analyses of virtual resource instances, such as virtual machine instances and virtual data store instances, to verify that certain invariable security requirements are satisfied by the instances' corresponding configurations; these analyses are performed before the instances are provisioned and deployed. If the security checks, which can be selected by the administrator of the resources, fail, the requested resources are denied deployment. Notifications identifying the faulty configuration(s) may be send to the administrative user. A template for launching virtual resource instances may be transformed into an optimized template for performing the pre-deployment security checks, such as by storing information needed to perform the checks within the optimized template itself.Type: GrantFiled: March 6, 2018Date of Patent: May 25, 2021Assignee: Amazon Technologies, Inc.Inventors: Neha Rungta, Pauline Virginie Bolignano, Catherine Dodge, Carsten Varming, John Cook, Rajesh Viswanathan, Daryl Stephen Cooke, Santosh Kalyankrishnan
-
Patent number: 10977111Abstract: A constraint solver service of a computing resource service provider performs evaluations of logic problems provided by the service provider's users and/or services by deploying a plurality of constraint solvers to concurrently evaluate the logic problem. Each deployed solver has, or is configured with, different characteristics and/or capabilities than the other solvers; thus, the solvers can have varying execution times and ways of finding a solution. The service may control execution of the solvers using virtual computing resources, such as by installing and configuring a solver to execute in a software container instance. The service receives solver results and delivers them according to a solution strategy such as “first received” to reduce latency or “check for agreement” to validate the solution. An interface allows the provider of the logic problem to select and configure solvers, issue commands and modifications during solver execution, select the solution strategy, and receive the solution.Type: GrantFiled: August 28, 2018Date of Patent: April 13, 2021Assignee: Amazon Technologies, Inc.Inventors: Neha Rungta, Temesghen Kahsai Azene, Pauline Virginie Bolignano, Kasper Soe Luckow, Sean McLaughlin, Catherine Dodge, Andrew Jude Gacek, Carsten Varming, John Byron Cook, Daniel Schwartz-Narbonne, Juan Rodriguez Hortala
-
Publication number: 20200314145Abstract: Techniques for intent-based governance are described. For example, in some instances a method of receiving an indication of a change involving of one or more of code, a policy, a network configuration, or a governance requirement rule impacting a resource in a provider network for an account that is to be analyzed using one or more governance requirement rules; determining one or more governance requirement rules to evaluate for compliance after the update; evaluating the determined one or more governance requirement rules for compliance using one or more reasoning engines according to one or more policies; and making a result of the evaluating available to a user provides such governance.Type: ApplicationFiled: March 29, 2019Publication date: October 1, 2020Inventors: Pauline Virginie BOLIGNANO, Tyler BRAY, John Byron COOK, Andrew Jude GACEK, Kasper Søe LUCKOW, Andrea NEDIC, Neha RUNGTA, Cole SCHLESINGER, Carsten VARMING
-
Patent number: 10652266Abstract: This disclosure describes techniques for automating a system-level security review of a network-based service. The techniques may include generating and utilizing a machine-readable threat model to identify system-level security threats to the network-based service. The network-based service may be scanned upon being provisioned in a service-provider network, and the machine-readable threat model may be generated based on results of the scan. The machine-readable threat model may represent components of the network-based service, system-level security constraints configured to identify system-level security threats to the service, and mitigations to remedy violations to the system-level security constraints. The network-based service may be continuously, or periodically, scanned to identify changes in the network-based service.Type: GrantFiled: February 28, 2018Date of Patent: May 12, 2020Assignee: Amazon Technologies, Inc.Inventors: Michael Tautschnig, Neha Rungta, John Cook, Pauline Virginie Bolignano, Todd Granger MacDermid, Oksana Tkachuk
-
Publication number: 20200073739Abstract: A constraint solver service of a computing resource service provider performs evaluations of logic problems provided by the service provider's users and/or services by deploying a plurality of constraint solvers to concurrently evaluate the logic problem. Each deployed solver has, or is configured with, different characteristics and/or capabilities than the other solvers; thus, the solvers can have varying execution times and ways of finding a solution. The service may control execution of the solvers using virtual computing resources, such as by installing and configuring a solver to execute in a software container instance. The service receives solver results and delivers them according to a solution strategy such as “first received” to reduce latency or “check for agreement” to validate the solution. An interface allows the provider of the logic problem to select and configure solvers, issue commands and modifications during solver execution, select the solution strategy, and receive the solution.Type: ApplicationFiled: August 28, 2018Publication date: March 5, 2020Inventors: Neha RUNGTA, Temesghen KAHSAI AZENE, Pauline Virginie BOLIGNANO, Kasper Soe LUCKOW, Sean McLAUGHLIN, Catherine DODGE, Andrew Jude GACEK, Carsten VARMING, John Byron COOK, Daniel SCHWARTZ-NARBONNE, Juan Rodriguez HORTALA
-
Publication number: 20190278928Abstract: A security assessment system of a computing resource service provider performs security analyses of virtual resource instances, such as virtual machine instances and virtual data store instances, to verify that certain invariable security requirements are satisfied by the instances' corresponding configurations; these analyses are performed before the instances are provisioned and deployed. If the security checks, which can be selected by the administrator of the resources, fail, the requested resources are denied deployment. Notifications identifying the faulty configuration(s) may be send to the administrative user. A template for launching virtual resource instances may be transformed into an optimized template for performing the pre-deployment security checks, such as by storing information needed to perform the checks within the optimized template itself.Type: ApplicationFiled: March 6, 2018Publication date: September 12, 2019Inventors: Neha RUNGTA, Pauline Virginie BOLIGNANO, Catherine DODGE, Carsten VARMING, John COOK, Rajesh VISWANATHAN, Daryl Stephen COOKE, Santosh KALYANKRISHNAN