UPDATED 14:00 EST / JANUARY 10 2020

AI

Automated reasoning versus machine learning: How AWS provides secure access control without data

By embracing diversity, humanity finds greater strength. Our differences mean we can specialize, using our unique talents to excel in the areas to which we are most suited. This is as true for intelligence as for physical attributes. One person may solve complex algebraic equations for fun but care less about which political party is in power; another may have trouble calculating the tip on a restaurant check but can spend hours discussing the ins and outs of global foreign policy. Both are important skills, but with different applications.

Turns out, the same goes for machines. The intelligence required for facial recognition demands a very different learning base than the reasoning applied to security tasks such as access control. So, rather than approaching security from the machine-learning standpoint of ingesting masses of data, Amazon Web Services Inc. is training AI in a different style of smarts: automated reasoning.

“Machine learning and automated reasoning are subfields of AI. I would call them sister fields but on the opposite ends of the spectrum,” said Neha Rungta (pictured), principal engineer of the Automated Reasoning Group at Amazon Web Services Inc. “In machine learning you would have the computer system learn the rules by observing data, lots of data. … Automated reasoning, on the other hand, doesn’t look at data but for the things where we know there exists a definitive set of rules. We encode [those rules], and the system and the algorithms can reason about them.”

Rungta spoke with John Walls and Jeff Frick, co-hosts of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the AWS re:Invent conference in Las Vegas. They discussed the nuances of artificial intelligence and how automated reasoning can increase data security(* Disclosure below.)

This week, theCUBE spotlights Neha Rungta in its Women in Tech feature.

From model checking to cloud security

An exceptionally talented student, Rungta took her passion for computer science from high school in India to Brigham Young University in Utah, where she gained the triad of bachelor’s, master’s and doctorate degrees in computer science. Numerous academic awards and scholarships marked her studies, including the prestigious Google Anita Borg Memorial Scholarship. As a graduate student, Rungta attended the Google School of Code, developing a test framework for the Java Pathfinder model checker for concurrent programs.

After being awarded a Ph.D. for her thesis on “Guided Testing for Automatic Error Discovery in Concurrent Software,” Rungta moved to California where she continued to pursue her passion for intelligent model verification. As a research scientist in the NASA Ames Research Center Robust Software Engineering, Intelligent Systems Division, Rungta published numerous papers on topics such as symbolic execution, automated program analysis, and airspace modeling.

IAM simplifies access control

In 2017, Rungta left NASA and joined Amazon’s Automated Reasoning Group to delve into the possibilities of using automated reasoning to improve cloud security. She is a key member of the team that created the AWS Identity and Access Management Access Analyzer, which was announced at re:Invent 2019.

IAM is an automated reasoning tool that seeks out misconfigurations that could lead to data vulnerabilities, providing what AWS calls “provable security.”

“It empowers the customers to make decisions about what access is intentional versus not,” Rungta said. “You don’t have to be a security expert, or even know how access control works, or be like a mathematician or a logician. It’s just simple declarative statements.”

The accepted idea of AI is the machine-learning algorithm that ingests vast quantities of data, allowing it to identify one object from another. That would be great if identifying a security threat was as easy as, say, telling the difference between a chihuahua and a breakfast taco. But who should, or should not, have access to resources within a business is an extremely complicated matter.

“I don’t think most people understand how complex access control can be,” Wall stated. “Between different rules, different projects, different resources, it gets to be a pretty nasty, hairy mess.”

Automated reasoning is the opposite of machine learning

This is where automated reasoning excels. Instead of ingesting data and attempting to make a decision on whether access is good or bad, IAM uses existing definitive rule sets and simply provides the security team with notifications of who has access to resources.

“It doesn’t need data, or logs, or who has accessed things in the past. It just looks at your configurations [and] your policies. Because of the rules we’ve encoded, it can very quickly tell you who outside your account has access,” Rungta explained.

An easy-to-read report shows questionable access rights — for example, if a marketing employee has access to restricted financial data. This is not necessarily a misconfiguration … but it could be.

“It’s not passing judgment; it’s not saying this is good or bad. Because what may be good or bad for a business can be different,” Rungta said.

IAM acknowledges the complexities of security access and allows the company to retain control. While the high level of visibility means less chance of errors that leave the door open to security breaches.

“Empowering [businesses] to make that choice and decision of what is intentional, what is not, and do it in a way that’s easy,” said Rungta. “One-click, I think, changes the game for security.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of AWS re:Invent. (* Disclosure: AWS sponsored this segment of theCUBE. Neither AWS nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU