公开(公告)号：US20190312908A1

公开(公告)日：2019-10-10

申请号：US16379154

申请日：2019-04-09

Applicant: Raytheon Company

Inventor： Holger M. Jaenisch ,  James W. Handley ,  Michael J. Lambert ,  Brandon Woolley ,  William L. Cram ,  Ross MacKinnon ,  Mark A. Bradbury ,  Guy G. Swope

IPC: H04L29/06 ,  G06F21/56 ,  G06F21/78

Abstract: A method of generating cyber chaff can include determining a cell of a grid of cells to which a first feature and a second feature of user data maps, identifying a cell type of the cell, the cell type indicating whether the cell is an active cell, an inactive cell, or a sub-process cell, and providing cyber chaff based on cyber chaff data associated with either (a) one or more cells of the inactive cell type or (b) one or more cells of the sub-process cell type.

公开(公告)号：US11381599B2

公开(公告)日：2022-07-05

申请号：US16379154

申请日：2019-04-09

Applicant: Raytheon Company

Inventor： Holger M. Jaenisch ,  James W. Handley ,  Michael J. Lambert ,  Brandon Woolley ,  William L. Cram ,  Ross MacKinnon ,  Mark A. Bradbury ,  Guy G. Swope

IPC: H04L9/40 ,  G06F21/78 ,  G06F21/56 ,  G06N3/00

Abstract: A method of generating cyber chaff can include determining a cell of a grid of cells to which a first feature and a second feature of user data maps, identifying a cell type of the cell, the cell type indicating whether the cell is an active cell, an inactive cell, or a sub-process cell, and providing cyber chaff based on cyber chaff data associated with either (a) one or more cells of the inactive cell type or (b) one or more cells of the sub-process cell type.

公开(公告)号：US20170083707A1

公开(公告)日：2017-03-23

申请号：US15369299

申请日：2016-12-05

Applicant: Raytheon Company

Inventor： Brandon Woolley ,  Norman Cramer ,  Brian McFarland ,  Matthew Hammond

IPC: G06F21/57 ,  G06F1/24 ,  G06F9/44

CPC classification number: G06F21/572 ,  G06F1/24 ,  G06F9/4401 ,  G06F9/4405 ,  G06F9/4418 ,  G06F9/44505 ,  G06F15/177 ,  G06F21/57 ,  G06F21/575

Abstract: A system and methods are disclosed for securely booting a processing system using a three step secure booting process. Several embodiments are presented, wherein upon power-on-reset, the first boot step uses a secure boot device comprising of a programmable device or an FPGA which boots up first, validates its configuration file and then validates the processor(s) configuration data before presenting the configuration data to the processor(s). This enables validation of ‘pre-boot’ information, such as the Reset Control Word and pre-boot processor configuration data. The second and third boot steps validate the internal secure boot code and external boot code respectively using one or more of secure validation techniques, such as encryption/decryption, Key mechanisms, privilege checking, pointer hashing or signature correlation schemes. This results in an end-to-end secure boot process for a variety of architectures, such as single processor systems, synchronous and asynchronous multiprocessing systems, single core systems and multi-core processing systems.

公开(公告)号：US10121006B2

公开(公告)日：2018-11-06

申请号：US15369299

申请日：2016-12-05

Applicant: Raytheon Company

Inventor： Brandon Woolley ,  Norman Cramer ,  Brian McFarland ,  Matthew Hammond

IPC: G06F21/57 ,  G06F9/4401 ,  G06F9/445 ,  G06F1/24 ,  G06F15/177

Abstract: A system and methods are disclosed for securely booting a processing system using a three step secure booting process. Several embodiments are presented, wherein upon power-on-reset, the first boot step uses a secure boot device comprising of a programmable device or an FPGA which boots up first, validates its configuration file and then validates the processor(s) configuration data before presenting the configuration data to the processor(s). This enables validation of ‘pre-boot’ information, such as the Reset Control Word and pre-boot processor configuration data. The second and third boot steps validate the internal secure boot code and external boot code respectively using one or more of secure validation techniques, such as encryption/decryption, Key mechanisms, privilege checking, pointer hashing or signature correlation schemes. This results in an end-to-end secure boot process for a variety of architectures, such as single processor systems, synchronous and asynchronous multiprocessing systems, single core systems and multi-core processing systems.

公开(公告)号：US09536094B2

公开(公告)日：2017-01-03

申请号：US14154015

申请日：2014-01-13

Applicant: Raytheon Company

Inventor： Brandon Woolley ,  Norman Cramer ,  Brian Mcfarland ,  Matthew Hammond

IPC: G06F9/24 ,  G06F15/177 ,  G06F1/24 ,  G06F11/00 ,  G06F12/14 ,  G06F21/57 ,  G06F9/445 ,  G06F9/44

CPC classification number: G06F21/572 ,  G06F1/24 ,  G06F9/4401 ,  G06F9/4405 ,  G06F9/4418 ,  G06F9/44505 ,  G06F15/177 ,  G06F21/57 ,  G06F21/575

Abstract: A system and methods are disclosed for securely booting a processing system using a three step secure booting process. Several embodiments are presented, wherein upon power-on-reset, the first boot step uses a secure boot device comprising of a programmable device or an FPGA which boots up first, validates its configuration file and then validates the processor(s) configuration data before presenting the configuration data to the processor(s). This enables validation of ‘pre-boot’ information, such as the Reset Control Word and pre-boot processor configuration data. The second and third boot steps validate the internal secure boot code and external boot code respectively using one or more of secure validation techniques, such as encryption/decryption, Key mechanisms, privilege checking, pointer hashing or signature correlation schemes. This results in an end-to-end secure boot process for a variety of architectures, such as single processor systems, synchronous and asynchronous multiprocessing systems, single core systems and multi-core processing systems.

Abstract translation: 公开了一种使用三步安全启动过程安全地引导处理系统的系统和方法。 提出了几个实施例，其中在上电复位时，第一启动步骤使用包括可编程设备或FPGA的安全引导设备，其首先启动，验证其配置文件，然后在之前验证处理器配置数据 将配置数据呈现给处理器。 这样可以验证“预引导”信息，例如复位控制字和预引导处理器配置数据。 第二和第三启动步骤分别使用一种或多种安全验证技术来验证内部安全引导代码和外部引导代码，例如加密/解密，密钥机制，特权检查，指针散列或签名相关方案。 这导致用于各种架构的端到端安全引导过程，例如单处理器系统，同步和异步多处理系统，单核系统和多核处理系统。

公开(公告)号：US20160070658A1

公开(公告)日：2016-03-10

申请号：US14480456

申请日：2014-09-08

Applicant: Raytheon Company

Inventor： Brandon Woolley

IPC: G06F12/14 ,  G06F3/06 ,  G06F12/08

CPC classification number: G06F12/1458 ,  G06F3/0622 ,  G06F3/0665 ,  G06F3/0673 ,  G06F9/45533 ,  G06F9/46 ,  G06F9/468 ,  G06F9/547 ,  G06F12/0806 ,  G06F12/084 ,  G06F12/0842 ,  G06F12/1009 ,  G06F12/1081 ,  G06F2212/1052 ,  G06F2212/281 ,  G06F2212/62

Abstract: A separation kernel isolating memory domains within a shared system memory is executed on the cores of a multicore processor having hardware security enforcement for static virtual address mappings, to implement an efficient embedded multi-level security system. Shared caches are either disabled or constrained by the same static virtual address mappings using the hardware security enforcement available, to isolate domains accessible to select cores and reduce security risks from data co-mingling.

Abstract translation: 在具有用于静态虚拟地址映射的硬件安全强制的多核处理器的核心上执行分离共享系统存储器中的存储器域的分离内核，以实现高效的嵌入式多级安全系统。 共享缓存被禁用或受到可用硬件安全强制的相同静态虚拟地址映射的限制，以隔离可选择内核的域，并降低数据共享的安全风险。

公开(公告)号：US20150199520A1

公开(公告)日：2015-07-16

申请号：US14154015

申请日：2014-01-13

Applicant: Raytheon Company

Inventor： Brandon Woolley ,  Norman Cramer ,  Brian Mcfarland ,  Matthew Hammond

IPC: G06F21/57

CPC classification number: G06F21/572 ,  G06F1/24 ,  G06F9/4401 ,  G06F9/4405 ,  G06F9/4418 ,  G06F9/44505 ,  G06F15/177 ,  G06F21/57 ,  G06F21/575

Abstract: A system and methods are disclosed for securely booting a processing system using a three step secure booting process. Several embodiments are presented, wherein upon power-on-reset, the first boot step uses a secure boot device comprising of a programmable device or an FPGA which boots up first, validates its configuration file and then validates the processor(s) configuration data before presenting the configuration data to the processor(s). This enables validation of ‘pre-boot’ information, such as the Reset Control Word and pre-boot processor configuration data. The second and third boot steps validate the internal secure boot code and external boot code respectively using one or more of secure validation techniques, such as encryption/decryption, Key mechanisms, privilege checking, pointer hashing or signature correlation schemes. This results in an end-to-end secure boot process for a variety of architectures, such as single processor systems, synchronous and asynchronous multiprocessing systems, single core systems and multi-core processing systems.

Abstract translation: 公开了一种使用三步安全启动过程安全地引导处理系统的系统和方法。 提出了几个实施例，其中在上电复位时，第一启动步骤使用包括可编程设备或FPGA的安全引导设备，其首先启动，验证其配置文件，然后在之前验证处理器配置数据 将配置数据呈现给处理器。 这样可以验证“预引导”信息，例如复位控制字和预引导处理器配置数据。 第二和第三启动步骤分别使用一种或多种安全验证技术（例如加密/解密，密钥机制，特权检查，指针散列或签名相关方案）来验证内部安全引导代码和外部引导代码。 这导致用于各种架构的端到端安全引导过程，例如单处理器系统，同步和异步多处理系统，单核系统和多核处理系统。

公开(公告)号：US11868470B2

公开(公告)日：2024-01-09

申请号：US17147367

申请日：2021-01-12

Applicant: Raytheon Company

Inventor： Ryan Howard Thomson ,  Ross Mackinnon ,  Brandon Woolley

IPC: G06F21/56 ,  G06N5/04 ,  G06N20/00

CPC classification number: G06F21/562 ,  G06N5/04 ,  G06N20/00 ,  G06F2221/033

Abstract: A system and method for detecting embedded malware from a device including a receiver for receiving embedded binary image; a memory for encoding and storing the received embedded binary image; and one or more processors coupled to the receiver. The method includes extracting statistical features from the encoded embedded binary image; producing gridded data from the statistical features, using SV; inputting the gridded data to a machine learning (ML) trained to detect embedded malware from the gridded data; and determining whether the embedded binary image is benign or malware.

公开(公告)号：US20220222341A1

公开(公告)日：2022-07-14

申请号：US17147367

申请日：2021-01-12

Applicant: Raytheon Company

Inventor： Ryan Howard Thomson ,  Ross Mackinnon ,  Brandon Woolley

IPC: G06F21/56 ,  G06N20/00 ,  G06N5/04

Abstract: A system and method for detecting embedded malware from a device including a receiver for receiving embedded binary image; a memory for encoding and storing the received embedded binary image; and one or more processors coupled to the receiver. The method includes extracting statistical features from the encoded embedded binary image; producing gridded data from the statistical features, using SV; inputting the gridded data to a machine learning (ML) trained to detect embedded malware from the gridded data; and determining whether the embedded binary image is benign or malware.

公开(公告)号：US11115430B2

公开(公告)日：2021-09-07

申请号：US15619164

申请日：2017-06-09

Applicant: RAYTHEON COMPANY

Inventor： Brandon Woolley ,  Ross MacKinnon ,  Eric Rammelsberg

IPC: H04L29/06 ,  H04L12/26 ,  H04L12/40 ,  H04L12/413

Abstract: A method, apparatus and computer-readable medium for testing a target device. A fuzzer and a monitor are connected to the target device via a tactical bus. The fuzzer records messages sent from a source device to the target device over the tactical bus, creates a first fuzzed message having a data structure of the recorded message, and sends the first fuzzed message to the target device over the tactical bus. A fuzzer monitor monitors the target device for an anomalous response to the first fuzzed message, and determines a vulnerability of the target device from the response to the first fuzzed message.