Patent · US Active

Identifying serverless functions with over-permissive roles

US12003541B2 · kind B2 · utility

6Cited by

2References

20Claims

0Family size

Assignee

Twistlock Ltd. · IL

Inventors

Avraham Shulman · Tel Aviv-Yafo, IL
Ory Segal · Nes Ziona, IL
Shaked Yosef Zin · Tel Aviv-Yafo, IL

Key dates

Filing date	Jul 1, 2018
Grant date	Jun 4, 2024
Priority date	—
Expiry date	Aug 10, 2039

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/107
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Based on analyzing a serverless function associated with a first role, a set of security permissions granted to the serverless function is identified based on the first role and a first attribute of the serverless function. A least privilege role indicating a set of least privilege security permissions for the serverless function is generated based, at least in part, on the first attribute. Based on comparing the least privilege role with the first role, it is determined if the set of security permissions granted to the serverless function is more permissive than the set of least privilege security permissions. Based on determining that the set of security permissions granted to the serverless function is more permissive than the set of least privilege security permissions, the first role is reported as over-permissive.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.