-
公开(公告)号:US12058265B2
公开(公告)日:2024-08-06
申请号:US18138399
申请日:2023-04-24
IPC分类号: H04L9/32
CPC分类号: H04L9/3218
摘要: Techniques for verifiable computation for cross-domain information sharing are disclosed. An untrusted node in a distributed cross-domain solution (CDS) system is configured to: receive a first data item and a first cryptographic proof associated with the first data item; perform a computation on the first data item including one or more of filtering, sanitizing, or validating the first data item, to obtain a second data item; generate, using a proof-carrying data (PCD) computation, a second cryptographic proof that indicates (a) validity of the first cryptographic proof and (b) integrity of the first computation on the first data item; and transmits the second data item and the second cryptographic proof to a recipient node in the distributed CDS system. Alternatively or additionally, the untrusted node may be configured to transmit a cryptographic proof to a trusted aggregator in the CDS system.
-
公开(公告)号:US20240069990A1
公开(公告)日:2024-02-29
申请号:US17822628
申请日:2022-08-26
发明人: Stéphane Yannick Blais , Michael Hassan Atighetchi , Samuel Cunningham Nelson , Christopher Lawerence Willig
IPC分类号: G06F9/54
CPC分类号: G06F9/546
摘要: Techniques are described herein for a messaging system to allow publishers that are aware of the identities of their respective subscribers to target content at those subscribers directly. This may be accomplished by allowing users and other targets (e.g., groups) to register their identities at particular computing nodes of a system. Then publishers (e.g., applications) may send out messages targeted at particular identities, and a publishing system may forward messages to appropriate nodes based on which identities are registered at those nodes. Legacy applications that are not able to target particular identities may instead connect to application adapters that are configured to learn which identities should be targeted by each application. In addition, anonymized identities may be used for application messages that need to cross between domains having differing security levels.
-
公开(公告)号:US11651079B2
公开(公告)日:2023-05-16
申请号:US16683185
申请日:2019-11-13
CPC分类号: G06F21/577 , G06F8/10 , G06F2221/034
摘要: Techniques for automated system requirements analysis are disclosed. A system requirements analysis (SRA) service generates a system model that includes system requirements, at least by performing natural-language processing on a natural-language representation of the system requirements. Based at least on the system model, the SRA service performs an analysis of the system requirements against codified system requirements rules. The SRA service determines, based at least on the analysis of the system requirements against the codified system requirements rules, that the system requirements include a violation of a system requirements rule. The SRA service generates a report that identifies at least (a) the violation of the system requirements rule and (b) a suggested action to remediate the violation of the system requirements rule.
-
4.发明授权公开(公告)号:US11297081B2
公开(公告)日:2022-04-05
申请号:US16444630
申请日:2019-06-18
IPC分类号: H04L29/06
摘要: A method of performing a security assessment of a system includes analyzing a static structure of the system; storing, in a semantic system model, structure information about the static structure of the system; observing the system during a plurality of discrete temporal system states; storing, in the semantic system model, dynamic information about the system during the plurality of discrete temporal system states; performing a semantic composition analysis on the structure information to identify at least one vulnerability of the system; performing a flow analysis on the dynamic information to identify at least one anomalous behavior of the system during at least one of the plurality of discrete temporal system states; and generating, based on the at least one vulnerability of the system and the at least one anomalous behavior of the system, a vulnerability assessment of the system.
-
公开(公告)号:US11637702B2
公开(公告)日:2023-04-25
申请号:US17172825
申请日:2021-02-10
IPC分类号: H04L9/32
摘要: Techniques for verifiable computation for cross-domain information sharing are disclosed. An untrusted node in a distributed cross-domain solution (CDS) system is configured to: receive a first data item and a first cryptographic proof associated with the first data item; perform a computation on the first data item including one or more of filtering, sanitizing, or validating the first data item, to obtain a second data item; generate, using a proof-carrying data (PCD) computation, a second cryptographic proof that indicates (a) validity of the first cryptographic proof and (b) integrity of the first computation on the first data item; and transmits the second data item and the second cryptographic proof to a recipient node in the distributed CDS system. Alternatively or additionally, the untrusted node may be configured to transmit a cryptographic proof to a trusted aggregator in the CDS system.
-
公开(公告)号:US11595410B2
公开(公告)日:2023-02-28
申请号:US16809041
申请日:2020-03-04
IPC分类号: H04L9/40
摘要: Techniques for cross-domain routing using a fractionated cross-domain solution (F-CDS) are disclosed. A first intermediate node operating in a first physical device in an assured pipeline of the F-CDS receives a data item originating at a source node in a first security domain. The first intermediate node applies a first data filter to determine that the data item complies with a data security requirement of the F-CDS. The first intermediate node transmits the data item to a second intermediate node operating in a second physical device in the assured pipeline of the F-CDS. The second intermediate node applies a second data filter to redundantly determine that first data item complies with the data security requirement of the F-CDS. The second intermediate node transmits the data item to a recipient node in a second security domain via the assured pipeline.
-
公开(公告)号:US20220103572A1
公开(公告)日:2022-03-31
申请号:US17548068
申请日:2021-12-10
发明人: William Timothy Strayer , Brandon Doherty Kalashian , Michael Hassan Atighetchi , Stephane Yannick Blais , Samuel Cunningham Nelson
IPC分类号: H04L67/561
摘要: Techniques for enforcing trust policies for payload data transmitted through a data provisioning layer include: receiving, by a node in the data provisioning layer, payload data to be delivered to a recipient; obtaining, by the node, a trust policy indicating multiple attributes used to determine trustworthiness of payloads; determining, by the node, a set of values of the attributes associated with the payload data; generating, by the node, a trustworthiness opinion based at least on the trust policy and the set of values of the attributes; transmitting, by the node, the payload data and the trustworthiness opinion via the data provisioning layer toward the recipient; computing, by the recipient, a trustworthiness metric associated with the payload data based at least on the trustworthiness opinion; and determining, by the recipient, an action to take with respect to the payload data based at least on the trustworthiness metric.
-
公开(公告)号:US20200267175A1
公开(公告)日:2020-08-20
申请号:US16692749
申请日:2019-11-22
IPC分类号: H04L29/06
摘要: Techniques for evaluating cyber assets are disclosed. A system obtains, from data sources in an experimental environment, raw data generated in response to execution of a cyber asset. The system generates, from the raw data, at least one instance model corresponding to the data sources. The at least one instance model includes instances of concepts represented in a cyber impact ontology.
-
公开(公告)号:US12079671B2
公开(公告)日:2024-09-03
申请号:US17822628
申请日:2022-08-26
发明人: Stéphane Yannick Blais , Michael Hassan Atighetchi , Samuel Cunningham Nelson , Christopher Lawrence Willig
IPC分类号: G06F9/54
CPC分类号: G06F9/546
摘要: Techniques are described herein for a messaging system to allow publishers that are aware of the identities of their respective subscribers to target content at those subscribers directly. This may be accomplished by allowing users and other targets (e.g., groups) to register their identities at particular computing nodes of a system. Then publishers (e.g., applications) may send out messages targeted at particular identities, and a publishing system may forward messages to appropriate nodes based on which identities are registered at those nodes. Legacy applications that are not able to target particular identities may instead connect to application adapters that are configured to learn which identities should be targeted by each application. In addition, anonymized identities may be used for application messages that need to cross between domains having differing security levels.
-
公开(公告)号:US11831669B2
公开(公告)日:2023-11-28
申请号:US16692749
申请日:2019-11-22
CPC分类号: H04L63/1433 , H04L63/20
摘要: Techniques for evaluating cyber assets are disclosed. A system obtains, from data sources in an experimental environment, raw data generated in response to execution of a cyber asset. The system generates, from the raw data, at least one instance model corresponding to the data sources. The at least one instance model includes instances of concepts represented in a cyber impact ontology.
-
-
-
-
-
-
-
-
-
搜索结果
20 条记录 (耗时 0.017 秒)
