DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This office action is in response to the application filed on 07/01/2020. Claims 1-23 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

EXAMINER’S AMENDMENT
An examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner's amendment was given via phone and email with Aileen Mo (Reg. No. 53338) on 08/22/2022. 
 The application has been amended as follows:
Please replace claim 1 with:
1.  (Currently Amended) A computer-implemented method,
comprising:
constructing a multi-layer graph for a system with a plurality of
components, wherein the multi-layer graph comprises a configuration subgraph, a
vulnerability subgraph, and a dependency subgraph, and
wherein constructing the multi-layer graph comprises:
generating nodes in the configuration subgraph, including:
nodes in a first class which encode information associated
with a configuration parameter for a respective component,
wherein the encoded information includes a name, a default value,
a range of values, and a data type; and
nodes in a second class which encode value assignments
for configuration parameters and relationships between
configuration parameters; 
generating nodes in the vulnerability subgraph based on known
vulnerabilities associated with a component, bad security practices, and
best security practices,
wherein the vulnerability subgraph includes directed edges
between pairs of vulnerability subgraph nodes,
wherein a vulnerability subgraph node represents a known
vulnerability or a security condition, and
wherein a directed edge from a first vulnerability subgraph
node to a second vulnerability subgraph node indicates that
exploiting the first vulnerability subgraph node creates
preconditions for exploiting the second vulnerability subgraph
node; and
generating nodes in the dependency subgraph,
wherein the dependency subgraph includes directed edges
between pairs of dependency subgraph nodes,
wherein a dependency subgraph node represents a
respective component of the system and is labeled with a
dependency type and a number representing a value associated
with the respective component, and
wherein a directed edge from a first dependency subgraph
node to a second dependency subgraph node indicates that the first
dependency subgraph node depends upon the second dependency
subgraph node.

Please replace claim 5 with:
5.   (Currently Amended) The method of claim 1,








wherein a respective directed edge in the vulnerability subgraph is
associated with a probability value.

Please cancel claim 7.

Please replace claim 8 with:
8.   (Currently Amended) The method of claim 1,
wherein the value associated with the respective component indicates an
importance to the system of the respective component or the dependency
subgraph node,
wherein the dependency type labeled on the dependency subgraph node
indicates a category of dependency relationships and includes one or more of:
a redundancy type, wherein the respective component depends on
a redundant pool of resources;
a strict dependence type, wherein the respective component strictly
depends on a first pool of other components, and wherein if a single
component of the first pool of other components fails, the respective
component fails to deliver any value; and
a graceful degradation type, wherein the respective component
depends on a second pool of other components, and wherein if a single
component of the second pool of other components fails, the system
continues to operate with a degraded performance.

             Please replace claim 15 with:

15.  (Currently Amended) A computer system, the system comprising:
a processor; and
a storage device storing instructions that when executed by the processor
cause the processor to perform a method, the method comprising:
constructing a multi-layer graph for a system with a plurality of
components, wherein the multi-layer graph comprises a configuration subgraph, a
vulnerability subgraph, and a dependency subgraph, and
wherein constructing the multi-layer graph comprises:
generating nodes in the configuration subgraph, including:
nodes in a first class which encode information associated
with a configuration parameter for a respective component,
wherein the encoded information includes a name, a default value,
a range of values, and a data type; and
nodes in a second class which encode value assignments
for configuration parameters and relationships between
configuration parameters; 
generating nodes in the vulnerability subgraph based on known
vulnerabilities associated with a component, bad security practices, and
best security practices,
wherein the vulnerability subgraph includes directed edges
between pairs of vulnerability subgraph nodes,
wherein a vulnerability subgraph node represents a known
vulnerability or a security condition, and
wherein a directed edge from a first vulnerability subgraph

node to a second vulnerability subgraph node indicates that exploiting the 

first vulnerability subgraph node creates preconditions for exploiting the second vulnerability subgraph
node; and
generating nodes in the dependency subgraph,
wherein the dependency subgraph includes directed edges
between pairs of dependency subgraph nodes,
wherein a dependency subgraph node represents a
respective component of the system and is labeled with a
dependency type and a number representing a value associated
with the respective component, and
wherein a directed edge from a first dependency subgraph
node to a second dependency subgraph node indicates that the first
dependency subgraph node depends upon the second dependency
subgraph node.

                 Please replace claim 17 with:

17.  (Currently Amended) The computer system of claim 15, wherein
generating the nodes for the vulnerability subgraph further comprises:
identifying and encoding a negation of the known vulnerabilities
associated with a component as a first set of known vulnerabilities, wherein the
first set of known vulnerabilities are obtained from a public or a proprietary
database;
identifying the bad security practices and encoding the bad security
practices as a second set of known vulnerabilities; and

identifying the best security practices and encoding a negation of the best
security practices as a third set of known vulnerabilities,








wherein a respective directed edge is associated with a probability value
which indicates a likelihood that the respective directed edge will be traversed in
an attack or by an attacker. 

        Please replace claim 18 with:

18.  (Currently Amended) The computer system of claim 15, further
comprising:






wherein the value associated with the respective component
indicates an importance to the system of the respective component or the
dependency subgraph node, and
wherein the dependency type labeled on the dependency subgraph
node indicates a category of dependency relationships and includes one or
more of:
a redundancy type, wherein the respective component
depends on a redundant pool of resources;
a strict dependence type, wherein the respective component
strictly depends on a first pool of other components, and wherein if
a single component of the first pool of other components fails, the
respective component fails to deliver any value; and
a graceful degradation type, wherein the respective
component depends on a second pool of other components, and
wherein if a single component of the second pool of other
components fails, the system continues to operate with a degraded
performance




Please replace claim 23 with:
23.  (Currently Amended) A non-transitory computer-readable storage
medium storing instructions that when executed by a computer cause the
computer to perform a method, the method comprising.:
constructing a multi-layer graph for a system with a plurality of
components, wherein the multi-layer graph comprises a configuration subgraph, a
vulnerability subgraph, and a dependency subgraph, and
wherein constructing the multi-layer graph comprises:
generating nodes in the configuration subgraph, including:
nodes in a first class which encode information associated
with a configuration parameter for a respective component,
wherein the encoded information includes a name, a default value,
a range of values, and a data type; and

nodes in a second class which encode value assignments
for configuration parameters and relationships between
configuration parameters; 
generating nodes in the vulnerability subgraph based on known
vulnerabilities associated with a component, bad security practices, and
best security practices,
wherein the vulnerability subgraph includes directed edges
between pairs of vulnerability subgraph nodes,
wherein a vulnerability subgraph node represents a known
vulnerability or a security condition, and
wherein a directed edge from a first vulnerability subgraph
node to a second vulnerability subgraph node indicates that
exploiting the first vulnerability subgraph node creates
preconditions for exploiting the second vulnerability subgraph
node; and
generating nodes in the dependency subgraph,
wherein the dependency subgraph includes directed edges
between pairs of dependency subgraph nodes,
wherein a dependency subgraph node represents a
respective component of the system and is labeled with a
dependency type and a number representing a value associated
with the respective component, and
wherein a directed edge from a first dependency subgraph
node to a second dependency subgraph node indicates that the first
dependency subgraph node depends upon the second dependency
subgraph node.

Allowable Subject Matter
Claims 1-6, and 8-23 are allowed.
The following is an examiner’s statement of reasons for allowance:
The invention relates to embodiments which provide a system and method for constructing a graph-based model for optimizing the security posture of a composed system. During operation, the system constructs a multi-layer graph for a system with a plurality of components, wherein the multi-layer graph comprises a configuration subgraph, a vulnerability subgraph, and a dependency subgraph. The system constructs the multi-layer graph by the following. The system generates nodes in the configuration subgraph, including: nodes in a first class which encode information associated with a configuration parameter for a respective component, wherein the encoded information includes a name, a default value, a range of values, and a data type; and nodes in a second class which encode value assignments for configuration parameters and relationships between configuration parameters. The system generates nodes in the vulnerability subgraph based on known vulnerabilities associated with a component, bad security practices, and best security practices.


The closest relevant prior art made of record are:
(WO 2019186722 A1) teaches this security evaluation system is provided with: a first graph generation unit that generates a first evaluation graph indicating a connection relationship between resources subjected to security evaluation; a second graph generation unit that generates a second evaluation graph indicating a connection relationship between areas to which the resources are allocated; and a display unit that displays the first evaluation graph and the second evaluation graph in association with each other.

Adogla (US9215158) teaches embodiments of the present disclosure are directed to, among other things, determining whether some or all portions of an application stack implemented on a distributed system are vulnerable to availability issues. In some examples, a web service may utilize or otherwise control a client instance to control, access, or otherwise manage resources of a distributed system. Based at least in part on comparing one or more customer graphs with one or more model, curated, or best practice graphs of a distributed system, availability risks and/or deployment recommendations may be provided. Additionally, in some examples, one or more remediation and/or migration operations may be performed automatically or provided as recommendations.
Crabtree(US20220263860) teaches a system for cyber threat hunting employing an advanced cyber decision platform comprising a time series data store, a directed computational graph module, an automated planning service module, and observation and state estimation module, wherein the state of a network is monitored and used to predict network resources that may be vulnerable to a future cyber threat and to produce a cyber-physical graph representing the vulnerable network resources, a human operator is provided with the cyber-physical graph to analyze the data contained therein to initiate an investigation of network resources, and the results of the threat investigation and their effects are analyzed to produce security recommendations.
Abaya (US2017/0177740) teaches the method involves forming a graph interface for a set of components by forming an interface element of a graph interface and configuring properties of the interface element such that a port of a component is consistent with the properties of the interface element. Implementation of the graph interface including the set of components is formed by forming a correspondence between the interface element and the port of the component of the set of components. The implementation of the graph interface is stored in a data storage system.
Muddu (US10904270) teaches the composite graph enables the security platform to perform analytics on entity behaviors, which can be a sequence of activities, a certain volume of activities, or can be custom defined by the administrator (e.g., through a machine learning model). By having an explicit recordation of relationships among the events, the relationship graph generator 810 can enable the analytics engines introduced here (e.g., the complex processing engine) to employ various machine learning models, which may focus on different portions or aspects of the discovered relationships between all the events in the environment, in order to detect anomalies or threats.

Noel (US10313382) teaches a system and method for implementing a graph database to analyze and monitor a status of an enterprise computer network is provided. In one example, a plurality of sensors can be inputted into sensor interface in which all of the data associated with the sensors in converted into a common data format. The data can be parsed into a data model that contains nodes and edges in order to generate a graph database model that can allow a network analyst to analyze the real-time status of a computer network. The graph database model can include multiple layers including an infrastructure layer, a cyber threats layer, a cyber posture layer, and a mission readiness layer. The graph database model can also be queried by a user using a domain-specific query language, so as to provide a user-friendly syntax in generating queries.  
Bakalli (US2020/0175174) teaches data is received that characterizes source code requiring a security vulnerability assessment. Using this received data, an input node of a vulnerability context graph is generated. Subsequently, at least one node is resolved from the input node using at least one of a plurality of resolvers that collectively access each of a knowledge base, a source code commit database, and at least one online resource. Additionally, nodes are later iteratively resolved at different depth levels until a pre-defined threshold is met. The vulnerability context graph is then caused to be displayed in a graphical user interface such that each node has a corresponding graphical user interface element which, when activated, causes complementary information for such node to be displayed.
Leviseur (US11265292) teaches the set of nodes and edges associated with the graph may be used to derive configurations for the virtualized infrastructure components from the associated values, settings, annotations, or other metadata in the graph. In one example, a network control point at an individual virtual network interface or a firewall, may be configured using a configuration derived from the graph with the values, settings, annotations, or other metadata in the graph of a node corresponding to the network control point and one or more application dataflows that involve the corresponding node. In another example, a security group with a firewall rule may be established using a configuration derived from the graph. In yet another example, a network access control list (NACL) may be established using a configuration derived from the graph. In further examples, a configuration may be derived from the graph to set a media access control (MAC) address, an Internet Protocol (IP) address, a source or destination check flag, and the like.

Gopalakrishnan (US2018/0033017) teaches the present subject matter describes a method and a system for providing automated technical support for a product at a remote end from a Technical Assistance Center (TAC) at a technical support end. The TAC includes a cognitive TAC agent can act as substitute for technical personnel at the TAC. The cognitive TAC agent first learns about the product to which the technical support is to be provided and derives a cognitive dependency graph based on learning. Upon learning, the cognitive TAC agent can automatically provide the technical support for the product using the cognitive dependency graph, without manual intervention of the technical personnel.
Chari (US2017/0286690) teaches generating an attack graph is provided. A set of sensitive data corresponding to a regulated service is identified. A set of components corresponding to the regulated service that are authorized to perform activities associated with sensitive data is scanned for. Vulnerability and risk metrics corresponding to each component in the set of components of the regulated service is identified. The attack graph that includes nodes representing components in the set of components of the regulated service and edges between nodes representing relationships between related components in the set of components is generated based on the vulnerability and risk metrics corresponding to each component in the set of components.
Olson (US2015/0244734) teaches the registering consumer may also provide information associated with digital signatures Countermeasure rule engine 518 may obtain the rules by iterating through each vulnerability node of an intelligence graph and determining, for each vulnerability node, whether documents such as intelligence reports mention it by examining the edges joined to the vulnerability node for the presence of "mentions" or "mentioned by" edges. If so, the iteration may parse the documents to extract any existing rules, including both sub-graph templates for matching to threats, and countermeasure templates. The extracted information may then be stored in countermeasure rules engine 518.


However, none of closest prior arts mentioned above teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent claims 1, 15, and 23. For example, none of the cited prior art, alone or in combination, teaches or suggest the steps of “generating nodes in the configuration subgraph, including: nodes in a first class which encode information associated with a configuration parameter for a respective component, wherein the encoded information includes a name, a default value, a range of values, and a data type; and nodes in a second class which encode value assignments for configuration parameters and relationships between configuration parameters; wherein a directed edge from a first vulnerability subgraph node to a second vulnerability subgraph node indicates that exploiting the first vulnerability subgraph node creates preconditions for exploiting the second vulnerability subgraph; wherein a dependency subgraph node represents a respective component of the system and is labeled with a dependency type and a number representing a value  associated with the respective component ” in view of other limitations of claims 1, 15, and 23.   Therefore the claims are allowable over the cited prior arts.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207. The examiner can normally be reached Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHAHRIAR ZARRINEH/Examiner, Art Unit 2496