• What is

Learn&Be Curious?

• Why we are here

• What we’ll talk about

Le a r n a n d

be c u r io u s

Be there, Join us

romania.amazon.com

Why attend classes? We’ll share a few practical examples that will make you

understand why.

Join this talk and learn about the relevance of your studies in your

future career

Place and date: During the Algorithm Design courses

Monday, April 2, 10:00, Room C112

Tuesday, April 3, 10:00, Room C2

• What is

Learn&Earn

• Why award prizes?

Small or world changing,

at the heart of any software is engineering.

Online retail

What is ?

Online Retail

Robotics

What is ?

Online Retail

Robotics

Prime Air Delivery

What is ?

Online Retail

Robotics

Prime Air Delivery

AWS

What is ?

Online Retail

Robotics

Prime Air Delivery

AWS

Kindle

What is ?

Online Retail

Robotics

Prime Air Delivery

AWS

Kindle

Echo

What is ?

Online Retail

Robotics

Prime Air Delivery

AWS

Kindle

Echo

Amazon Go

What is ?

Online Retail

Robotics

Prime Air Delivery

AWS

Kindle

Amazon Go

Echo

Internet of Things

What is ?

“Put the customer first. Invent. And be patient.”

Optimizing Amazon.com

• How can we

understand what

the user’s journey

is on a page?

• In-page analytics.

Everyone does it!

Optimizing Amazon.com

• Measure, measure,

measure!

• In the wild, not in

the lab.

• Improve on the

basis of real data.

Analytics hooks

• A web page is composed of web elements.

• A user interacts with web elements.

• Interaction triggers one or more units of

work to be run.

Analytics hooks

Analytics hooks

Can we decouple the analytics from the actual add to cart invocation?

Behavioral patterns

In software engineering, behavioral design patterns are

design patterns that identify common communication

patterns between objects and realize these patterns. By

doing so, these patterns increase flexibility in carrying out

this communication.

Observer

• Problem: A large monolithic design does not scale well as new requirements are added.

• Definition: Define a one-to-many dependency between objects so that when one object changes state, all its dependents are notified and updated automatically.

• Web apps writing many event handlers.

• Event handlers = functions that will be notified when a certain event fires.

http://www.dofactory.com/javascript/observer-design-pattern

Observer

Observer

Observer

Observer - benefits

• Decoupling of subject and observers: the subject

doesn’t need to know about how many or which

observers will be interested in changes.

• Open-closed software: we only need to write

new observer code, not modify existing one.

Shopping engagement

• How are these

recommendations

served?

• What if we want new

types of

recommendations to be

displayed?

Shopping engagement

Shopping engagement

Template method• Problem: two different

components have significant similarities. A change common to both components implies duplicate effort.

• Definition: Define the skeleton of an algorithm in an operation, deferring some steps to client subclasses.

• Template Method lets subclasses redefine certain steps of an algorithm without changing the algorithm's structure.

https://sourcemaking.com/design_patterns/template_method

Template method

Template method

Template method

Template method - benefits• All widgets know what they have to define in

order to return recommendations.

• They don’t reinvent the wheel.

• They don’t duplicate async calls and results

synchronization code.

SDKs

• Amazon Web Services run in the Cloud

• You access them via the HTTPS protocol

• As a developer, what do you have to do in order to establish a

connection and implement your business logic?

SDKs

• AWS Step Functions: coordinate distributed applications.

• Part of the AWS Serverless Platform, and makes it simple to orchestrate AWS

Lambda functions, amongst other things, for serverless applications.

(1) Define a state machine -> (2) Start its execution -> (3) Make $$$

SDKs

• StartExecution: starts a state machine execution.

• Request Syntax

• Response Syntax

AWS SDKs

AWS SDKs – drawbacks

• HTTPS connections are heavy-weight

(Certificates retrieval, Encrypting, TPC hand-

shake, DNS lookups)

• One connection cannot be shared by concurrent

threads

Creational patterns

• In software engineering, creational design patterns

are design patterns that deal with object creation

mechanisms, trying to create objects in a manner

suitable to the situation.

• The basic form of object creation could result in

design problems or added complexity to the design.

Creational design patterns solve this problem by

somehow controlling this object creation.

Object Pool

Problem: It is necessary to work with a

large number of objects that are

expensive to instantiate and each object

is only needed for a short period of time.

Definition: a set of initialized objects

kept ready to use rather than allocating

and destroying them on demand.

The object pool design pattern

creates and manages a set of objects

that may be reused.

AWS SDKs - Object Pool

AWS SDKs - Object Pool

AWS SDKs - Object Pool benefits

• Objects can frequently be reused, and each

reuse saves a significant amount of time

• The pooled object is obtained in predictable

time

Design patterns

in low level programming

Design patterns

in low level programming

• Do you trust Amazon to delegate credit card

processing?

• We work hard to protect customer data!

• Security is not about convenience!

How does access control work in

the Linux kernel?

https://upload.wikimedia.org/wikipedia/commons/4/43/Linux_API.svg

How should we restrict syscall access?

Structural patterns

In Software Engineering, Structural Design

Patterns are Design Patterns that ease the

design by identifying a simple way to realize

relationships between entities.

NSA proposes SELinux (2001)

https://upload.wikimedia.org/wikipedia/commons/4/43/Linux_API.svg

2001 SELinux2001 SELinux

NSA SELinux proposal

• High-level pseudocode:

open_syscall():…selinux_access_checks()...open_call()

NSA SELinux proposal drawbacks

• The SELinux checks were written directly in the

kernel

• Any modification to the security layer would

modify the kernel code

• Any other alternatives to SELinux not possible

• SELinux complexity was now a part of the kernel

code base

Proxy

https://upload.wikimedia.org/wikipedia/commons/thumb/7/75/Proxy_pattern_diagram.svg/800px-Proxy_pattern_diagram.svg.png

Problem: The access to an object

should be controlled or additional

functionality should be provided

when accessing it.

Definition: a class functioning as an

interface to something else, the real

subject.

The Proxy pattern uses an extra

level of indirection to support

distributed, controlled, or

intelligent access and protect the

real component from undue

complexity.

Linux Security Modules (2003)

• Different security modules:

o SELinux (NSA)

o AppArmor

o Smack

o TOMOYO

o Yama

Linux Security Modules

https://upload.wikimedia.org/wikipedia/commons/4/43/Linux_API.svg

SELinuxSELinux

AppArmorAppArmor

SmackSmack

TomoyoTomoyo

YamaYamaHooks

Linux Security Modules

• High-level pseudocode:

register_selinux_hooks()open_syscall():

...process_generic_hooks()...open_call()

Proxy Pattern Benefits

• Rejecting initial SELinux proposal was a chance

to build generic security modules

• The Proxy pattern adds an indirection layer

• Reduces the complexity of the real subject

• Adds a plus on availability since critical code is

not modified often

Managing permissions

• Default Discretionary Access Control (DAC) in Linux has: read, write and execute

• Sometimes it is not enough, you want additional granularity (heap dump, stack trace)

• Existing frameworks might be too complex with a steep learning curve

• There are multiple kinds of permissions for each resource

• Sometimes you must combine different technologies to achieve a goal

Managing permissions

Discretionary

access control

Mandatory

access control

SELinux

App Armor

Infrastructure

permissions

PROTECTED

RESOURCE

Managing permissions

• High-level pseudocode

init_mac_system()init_dac_system()init_infrastructure_permissions()... check_mac_access(user,

convert_to_mac_resource (resource), convert_to_mac_action(action))

check_dac_access(user, convert_to_infra_resource (resource), convert_to_dac_action(action))

check_dac_permissions(user, convert_to_infra_resource(resource), convert_to_infra_action(action))

Managing permissions - drawbacks

• Developers have to know all permissions

frameworks

• Actors, resources and actions are not standard,

they must follow the permission framework API

• A good portion of developers need s simplified

version of these permissions

How can we make it simpler and more uniform?

Façade

https://en.wikipedia.org/wiki/Facade_pattern#/media/File:Example_of_Facade_design_pattern_in_UML.png

Problem: A segment of the client

community needs a simplified

interface to the overall functionality

of a complex system.

Definition: wrap a complicated

subsystem with a simpler interface.

The Façade defines a higher level

interface to a more complex

system.

Managing permissions - Facade

• High-level pseudocode:

init_permission_system()...check_permissions(user, resource, action)

Managing permissions - Facade

• Transforms a complicated subsystem by using a

simpler interface

Façade

Language

PROTECTED

RESOURCE

Security work is never ending story.Follow design patterns to make it easier to

understand and maintain.

Corollary

What this course teaches is fundamental to a

professional software engineer!

Understanding design patterns sets you up for success in

continuously improving a software architecture.

Thank you!Please help us improve by filling out

the survey for the presentation.