Automated threat modeling using machine-readable threat models
First Claim
1. A system comprising:
- one or more processors; and
one or more computer-readable media storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising;
receiving a request to provision a network-based service from a computing device;
provisioning the network-based service in a network-based service environment of a service provider, wherein the network-based service includes;
a first component configured to perform first functionality of the network-based service; and
a second component configured to perform second functionality of the network-based service;
analyzing the network-based service to identify system-level security threats to the network-based service;
generating a first machine-readable threat model that represents system-level security constraints for the network-based service and that is to detect the system-level security threats;
detecting a change to the network-based service to the first component;
determining that the change violates a local-level security constraint associated with the first component;
updating, based on the change, the first machine-readable threat model to generate a second machine-readable threat model;
utilizing the second machine-readable threat model to determine that a system-level security constraint of the system-level security constraints has been violated; and
providing, to a security computing device associated with the service provider, a notification that the system-level security constraint has been violated.
1 Assignment
0 Petitions
Accused Products
Abstract
This disclosure describes techniques for automating a system-level security review of a network-based service. The techniques may include generating and utilizing a machine-readable threat model to identify system-level security threats to the network-based service. The network-based service may be scanned upon being provisioned in a service-provider network, and the machine-readable threat model may be generated based on results of the scan. The machine-readable threat model may represent components of the network-based service, system-level security constraints configured to identify system-level security threats to the service, and mitigations to remedy violations to the system-level security constraints. The network-based service may be continuously, or periodically, scanned to identify changes in the network-based service. The techniques further include updating the machine-readable threat model to account for the detected changes to the network-based service, and analyzing the updated machine-readable threat model to determine whether the changes to the network-based service violate a system-level security constraint.
-
Citations
21 Claims
-
1. A system comprising:
-
one or more processors; and one or more computer-readable media storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising; receiving a request to provision a network-based service from a computing device; provisioning the network-based service in a network-based service environment of a service provider, wherein the network-based service includes; a first component configured to perform first functionality of the network-based service; and a second component configured to perform second functionality of the network-based service; analyzing the network-based service to identify system-level security threats to the network-based service; generating a first machine-readable threat model that represents system-level security constraints for the network-based service and that is to detect the system-level security threats; detecting a change to the network-based service to the first component; determining that the change violates a local-level security constraint associated with the first component; updating, based on the change, the first machine-readable threat model to generate a second machine-readable threat model; utilizing the second machine-readable threat model to determine that a system-level security constraint of the system-level security constraints has been violated; and providing, to a security computing device associated with the service provider, a notification that the system-level security constraint has been violated. - View Dependent Claims (2, 3, 4)
-
-
5. A computer-implemented method comprising:
-
analyzing a network-based service provisioned in a network-based service environment of a service provider, the network-based service including; a first component configured to perform first functionality of the network-based service, wherein the first component is associated with a first local-level security constraint to identify a first local-level threat; and a second component configured to perform second functionality of the network-based service, wherein the second component is associated with a second local-level security constraint to identify a second local-level threat; identifying a first machine-readable threat model associated with the network-based service, the first machine-readable threat model comprising a system-level security constraint to identify a system-level threat to the network-based service; detecting, based at least in part on the analyzing the network-based service, a change to the network-based service; updating, based at least in part on the change, the first machine-readable threat model to generate a second machine-readable threat model; and utilizing the second machine-readable threat model to determine that the change to the network-based service violated the system-level security constraint. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
-
-
13. A system comprising:
-
one or more processors; and one or more computer-readable media storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising; provisioning a network-based service in a network-based service environment of a service provider, the network-based service comprising at least one component associated with at least one local-level security constraint to identify at least one local-level threat to the at least one component; identifying a first machine-readable threat model associated with the network-based service, the first machine-readable threat model a system-level security constraint to identify a system-level threat to the network-based service; scanning, multiple times during a period of time, the network-based service; detecting, at a first time from the multiple times at which the network-based service was scanned, a change to the network-based service; and updating, based at least in part on the change, the first machine-readable threat model to generate a second machine-readable threat model. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
Specification