Threat detection and mitigation through run-time introspection and instrumentation

What is claimed is: 1. A computer-implemented method, comprising: obtaining a measurement at a determined location of a point in a distributed computing environment; determining, based at least in part on the measurement, a relationship between a first element in the distributed computing environment and a second element in the distributed computing environment; generating, based at least in part on the relationship, a graph comprising a plurality of nodes, with a first node of the plurality of nodes associated with the first element and a second node of the plurality of nodes associated with the second element; and generating, based at least in part on the graph, a threat model that identifies potential risks to the distributed computing environment. 2. The computer-implemented method of claim 1 , wherein generating a threat model comprises: visiting at least a subset of the plurality of nodes; and determining, at a node visited, whether potential security risks exist at the node visited. 3. The computer-implemented method of claim 2 , wherein potential security risks comprise one or more of an open firewall port, an unencrypted communication, an unauthorized process, or an out-of-date software library. 4. The computer-implemented method of claim 1 , further comprising: analyzing the threat model; and implementing, based on a result of analyzing the threat model, one or more security rules to mitigate risks indicated by the threat model. 5. The computer-implemented method of claim 4 , further comprising: detecting a violation of the one or more security rules; and performing a security action, wherein the security action is an action performed by the distributed computing environment to mitigate an effect of the violation. 6. The computer-implemented method of claim 5 , wherein the security action includes rotating a cryptographic key. 7. A system, comprising: one or more processors; and memory including instructions that, as a result of execution by the one or more processors, cause the one or more processors to: obtain a representation of a plurality of resources in a computing environment, wherein the representation indicates a plurality of relationships among the plurality of resources; and generate, based at least in part on the representation, a threat model that identifies potential security risks to the computing environment as a result of a relationship of the plurality of relationships. 8. The system of claim 7 , wherein potential security risks comprise one or more of an open firewall port, an unencrypted communication, an unauthorized process, or an out-of-date software library. 9. The system of claim 7 , wherein generating a threat model comprises: analyzing at least a subset of the plurality of relationships; and determining, based on the analysis, whether potential security risks exist. 10. The system of claim 7 , wherein the instructions further cause the one or more processors to: analyze the threat model; and implement, based on the analysis of the threat model, one or more security rules to mitigate risks revealed by the threat model. 11. The system of claim 7 , wherein the instructions further cause the one or more processors to: determine, using the threat model, whether security risks exist; and implement one or more security rules to mitigate the security risks revealed by the threat model. 12. The system of claim 11 , wherein the instructions further cause the one or more processors to mitigate an effect of a violation of the one or more security rules. 13. The system of claim 11 , wherein the instructions further cause the one or more processors to update one or more security policies applicable to an entity of the system to mitigate a risk revealed by the threat model. 14. A non-transitory computer-readable storage medium comprising stored thereon executable instructions that, upon execution by one or more processors of a computer system, cause the computer system to at least: obtain a threat model that identifies potential risks to the computer system, wherein the threat model is based at least in part on a representation of at least a subset of elements in a distributed computing environment and indicates a plurality of potential security risks that exist for individual elements of the distributed computing environment; analyze the threat model to identify a risk; and implement, based on the analysis of the threat model, one or more security rules to mitigate the risk. 15. The non-transitory computer-readable storage medium of claim 14 , wherein the executable instructions include executable instructions that, upon execution by the one or more processors of the computer system, cause the computer system to perform, upon a violation of the one or more security rules, a security action, wherein the security action is an action performed by the computer system to mitigate an effect of the violation. 16. The non-transitory computer-readable storage medium of claim 15 , wherein the security action includes revoking access of an entity to a resource. 17. The non-transitory computer-readable storage medium of claim 14 , wherein the executable instructions include executable instructions that, upon execution by the one or more processors of the computer system, cause the computer system to update, based on the threat model, one or more security policies corresponding to one or more entities of the computer system. 18. The non-transitory computer-readable storage medium of claim 14 , wherein the threat model is obtained by a software agent executing within an operating system of a virtual machine being monitored on the computing system. 19. The non-transitory computer-readable storage medium of claim 14 , wherein the executable instructions include executable instructions that, upon execution by the one or more processors of the computer system, cause the computer system to generate the threat model based at least in part on data obtained from elements of a distributed computing environment. 20. The non-transitory computer-readable storage medium of claim 19 , wherein the data obtained from elements of the distributed computing environment is a graph comprising a plurality of nodes representing the elements of the distributed computing environment, and edges indicating a plurality of relationships among the plurality of nodes.