US 12,174,963 B1
Automated selection of secure design patterns
Naga Venkata Sunil Alamuri, Redmond, WA (US); Raghuveer Ketireddy, Redmond, WA (US); and Trevor Tonn, Seattle, WA (US)
Assigned to Amazon Technologies, Inc., Seattle, WA (US)
Filed by Amazon Technologies, Inc., Seattle, WA (US)
Filed on Oct. 29, 2018, as Appl. No. 16/174,092.
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/57 (2013.01); G06F 8/20 (2018.01); G06F 16/901 (2019.01)
CPC G06F 21/577 (2013.01) [G06F 8/20 (2013.01); G06F 16/9024 (2019.01); G06F 2221/033 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system, comprising:
one or more processors and a memory to store computer-executable instructions that, if executed, cause the one or more processors to:
determine one or more graphs comprising a plurality of nodes and a plurality of edges, wherein at least a portion of the nodes represent first software components and at least a portion of the edges represent relationships between the first software components, and wherein the one or more graphs comprise a plurality of sub-graphs;
categorize at least a portion of the sub-graphs into a plurality of predefined categories of software component functionality, wherein the predefined categories of software component functionality are predefined in the system, and wherein a particular sub-graph of the one or more graphs is categorized in a particular category of the plurality of predefined categories of software component functionality;
perform, by a graph analysis engine, an analysis of the sub-graphs to detect security vulnerabilities, wherein the sub-graphs represent design patterns, and wherein the design patterns are assigned respective security scores indicating relative security based at least in part on the analysis;
select a particular design pattern associated with the particular sub-graph of the one or more graphs in the particular category of software component functionality, wherein said select is based at least in part on the respective security scores of design patterns in the particular category of software component functionality;
generate a secure design template to be provided in a development environment in which a new software component is to be built using the secure design template, wherein said generate is based on at least one of the first software components in the particular design pattern and the secure design template comprises indications of one or more policy-compliant software components or one or more policy-compliant configurations; and
provide the secure design template in the development environment for building, using the secure design template, the new software component associated with the particular category of software component functionality, wherein said select the particular design pattern in the particular category of software component functionality, based at least in part on the respective security scores, causes the secure design template that is provided to the development environment for the new software component to comprise a configuration that reduces security vulnerabilities compared to use of other design patterns in the particular software component category of functionality.