Scanning machine images to identify potential risks

US 9,756,070 B1
Filed: 11/10/2014
Issued: 09/05/2017
Est. Priority Date: 11/10/2014
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable storage medium having computer-executable instructions stored thereupon which, when executed by a computer, cause the computer to:

receive a request at a scanning service to scan machine images stored within a service provider network, wherein the scanning service is implemented within the service provider network, wherein the request does not explicitly identify which machine images to scan but the request includes a criteria used to identify machine images to scan based at least in part on machine image content;

determine content of the machine images;

identify a machine image to be scanned from the machine images based at least in part on the criteria and the machine image content;

identify scans to perform on the machine image based, at least in part, on the machine image content, wherein the scans include a first scan and a second scan;

cause the machine image to be scanned using the first scan and the second scan utilizing one or more computing devices provided by the scanning service;

record scan data associated with the first scan of the machine image and the second scan of the machine image; and

provide, from the scanning service, scan results based, at least in part, on the scan data in response to the request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Technologies are described herein for scanning machine images using a scanning service to identify potential risks. The scanning service may be associated with a service provider network. A scan request is received at the scanning service that requests machine images to be scanned. One or more scans may be performed on each of the machine images. An execution environment may host a machine image during a scan of the machine image. Scan result data associated with the scans is stored. The scan result data may be used to provide scan results to the requestor.

34 Citations

View as Search Results

20 Claims

1. A non-transitory computer-readable storage medium having computer-executable instructions stored thereupon which, when executed by a computer, cause the computer to:
- receive a request at a scanning service to scan machine images stored within a service provider network, wherein the scanning service is implemented within the service provider network, wherein the request does not explicitly identify which machine images to scan but the request includes a criteria used to identify machine images to scan based at least in part on machine image content;
  
  determine content of the machine images;
  
  identify a machine image to be scanned from the machine images based at least in part on the criteria and the machine image content;
  
  identify scans to perform on the machine image based, at least in part, on the machine image content, wherein the scans include a first scan and a second scan;
  
  cause the machine image to be scanned using the first scan and the second scan utilizing one or more computing devices provided by the scanning service;
  
  record scan data associated with the first scan of the machine image and the second scan of the machine image; and
  
  provide, from the scanning service, scan results based, at least in part, on the scan data in response to the request.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The non-transitory computer-readable storage medium of claim 1, wherein causing the machine image to be scanned comprises performing two or more of a network scan, a file scan, and a memory scan.
  - 3. The non-transitory computer-readable storage medium of claim 1, wherein causing the machine image to be scanned comprises using the one or more machine images to create an execution environment on the one or more computing devices.
  - 4. The non-transitory computer-readable storage medium of claim 1, wherein causing the machine image to be scanned comprises performing at least one scan utilizing an execution environment operating in a virtual private cloud.
  - 5. The non-transitory computer-readable storage medium of claim 1, wherein causing the machine image to be scanned comprises examining file data of the machine image without launching the machine image.
  - 6. The non-transitory computer-readable storage medium of claim 1, wherein the machine image is launched as a virtual machine instance.

7. A system for scanning machine images, the system comprising:
- one or more computing devices within a service provider network that are configured to provide a scanning service, the scanning service configured toreceive a scan request to scan a plurality of machine images, wherein the scan request does not explicitly identify which of the plurality of machine images to scan but the scan request includes a criteria used to identify one or more machine images to scan based at least in part on machine image content;
  
  identify a machine image of the plurality of machine images to scan based, at least in part, on the machine image content and a search of an index comprising information about the plurality of machine images;
  
  identify scans to perform on the machine image based, at least in part, on the machine image content, wherein the scans include a first scan and a second scan;
  
  cause the machine image to be scanned using the first scan and the second scan based, at least in part, on content of the machine image;
  
  obtain scan result data associated with the scanning of the machine image; and
  
  store the scan result data in response to the request.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
- - 8. The system of claim 7, wherein at least one of the computing devices of the scanning service is further configured to provide scan results, based, at least in part, on the scan data in response to the request.
  - 9. The system of claim 7, wherein the scanning service is further configured to identify scans to be performed based, at least in part, on content of the machine image.
  - 10. The system of claim 7, wherein the scanning of the machine image comprises performing a network scan that identifies potential network vulnerabilities and a file scan that identifies potential file vulnerabilities, wherein the network scan and the file scan are performed substantially contemporaneously.
  - 11. The system of claim 7, wherein the scan request identifies one or more scans to perform on the machine image and identifies one or more times to perform the one or more scans.
  - 12. The system of claim 7, wherein at least one of the computing devices of the scanning service is further configured to instantiate an execution environment using the machine image.
  - 13. The system of claim 7, wherein at least one of the computing devices of the scanning service is further configured to perform at least a portion of scanning of the machine images in a virtual private cloud created within the scanning service.
  - 14. The system of claim 7, wherein the index identifies information about the machine images based, at least in part, on at least a portion of scan data generated from one or more previous scans.
  - 15. The system of claim 7, wherein the index includes a version indicating a scan that generated the index.

16. A computer-implemented method, comprising:
- receiving a scan request at a scanning service that is implemented within a service provider network, wherein the scan request does not explicitly identify machine images to scan but the scan request includes a criteria used to identify one or more machine images to scan based at least in part on machine image content;
  
  identifying a first machine image to be scanned from the machine images based at least in part on the criteria and the machine image content;
  
  identifying a first scan to perform on the first machine image and a second scan to perform on the first machine image based, at least in part, on the machine image content;
  
  causing the first scan to be performed by the scanning service on the first machine image;
  
  causing the second scan to be performed by the scanning service on the first machine image, wherein the first scan is performed substantially contemporaneously with the second scan;
  
  obtaining scan data associated with the first scan of the first machine image and the second scan of the first machine image; and
  
  storing the scan data in response to the request.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer-implemented method of claim 16, wherein the first scan is a file scan and wherein the second scan is a network scan, and wherein the scan request specifies at least one time when to perform the first scan and the second scan.
  - 18. The computer-implemented method of claim 16, wherein causing the first scan to be performed comprises utilizing the first machine image to create one or more execution environments utilized during the first scan.
  - 19. The computer-implemented method of claim 16, further comprising generating a first index based, at least in part, on the scan data at a first time and generating a second index based, at least in part, on other scan data that is associated with a subsequent first scan and subsequent second scan of the first machine image.
  - 20. The computer-implemented method of claim 16, wherein causing the second scan comprises performing the second scan on data associated with the first machine image without launching the first machine image.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Crowell, Zachary Thomas, Ellie, Julien Jacques, Gupta, Divij, Jain, Nishant, Mayo, Michael Sean, Mikula, John Christopher, Newman, Benjamin David
Primary Examiner(s)
Korsak, Oleg

Application Number

US14/537,795
Time in Patent Office

1,030 Days
Field of Search
US Class Current
CPC Class Codes

G06F 2009/45587   Isolation or security of vi...

G06F 21/56   Computer malware detection ...

G06F 21/577   Assessing vulnerabilities a...

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/45558   Hypervisor-specific managem...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

Scanning machine images to identify potential risks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

34 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Scanning machine images to identify potential risks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links