公开(公告)号：US11128653B1

公开(公告)日：2021-09-21

申请号：US16219622

申请日：2018-12-13

Applicant: Amazon Technologies, Inc.

Inventor： Oksana Tkachuk ,  Claudia Cauli ,  Neha Rungta ,  Pauline Virginie Bolignano ,  Juan Rodriguez Hortala ,  Sean Maher

IPC: H04L29/06 ,  H04L12/26 ,  H04L12/24 ,  G06F16/901 ,  G06F9/50 ,  G06F16/36 ,  G06F16/335

Abstract: In some embodiments, a system is provided, and computer-executable instructions cause the system to: obtain a file with instructions for provisioning resources of a service by referencing types of compute resources and including instructions for generating a customized resource of a first type; determine that the file references a first type of compute resources; retrieve threat modeling information associated with the first type of resource, including information identifying a first potential threat; generate a graph with nodes representing the first type of resource, the customized resource, and the first potential threat, and an edge connecting the first node and the second node with a predicate indicative of the relationship them; generate an ontology statement that relate the customized resource and first type of resource; and provide a plurality of ontology statements representing the graph to a reasoner to perform at least a portion of a security review without user intervention.