Software assurance for heterogeneous distributed computing systems
Saved in:
| Title: | Software assurance for heterogeneous distributed computing systems |
|---|---|
| Patent Number: | 10540,502 |
| Publication Date: | January 21, 2020 |
| Appl. No: | 15/622434 |
| Application Filed: | June 14, 2017 |
| Abstract: | A risk model for a distributed computing system comprises a plurality of tree nodes organized as a tree. For each tree node of the risk model, the tree node corresponds to a respective event that may befall a distributed computing system. An analysis computing system generates data associating a test agent with a target and also generates data associating the test agent with a tree node in the risk model. The test agent performs a data gathering routine that gathers data from the target associated with the test agent. The gathered data may indicate whether the event corresponding to the tree node is occurring. Furthermore, the analysis computing system may perform the data gathering routine according to a recurrence pattern of the data gathering routine. The analysis computing system may output a graphical representation of the data indicating whether the event corresponding to the tree node is occurring. |
| Inventors: | Architecture Technology Corporation (Minneapolis, MN, US) |
| Assignees: | ARCHITECTURE TECHNOLOGY CORPORATION (Minneapolis, MN, US) |
| Claim: | 1. A method comprising: generating, by an analysis computing system comprising processing circuitry, data representing a risk model for a distributed computing system, wherein: the risk model comprises a plurality of tree nodes organized as a tree, for each respective tree node of the risk model, the respective tree node corresponds to a respective event that may befall the distributed computing system, for each respective non-leaf tree node of the risk model, the events corresponding to child tree nodes of the respective non-leaf tree node are preconditions of the event corresponding to the respective non-leaf tree node, and the tree nodes of the risk model include a first inspected tree node and a second inspected tree node; generating, by the processing circuitry of the analysis computing system, data associating a first test agent with a first target, the first test agent configured to perform a data gathering routine that gathers data from the first target associated with the first test agent, the first target associated with the first test agent comprising a first set of one or more system nodes in the distributed computing system; generating, by the processing circuitry, data associating the first inspected tree node of the risk model with the first test agent, the data gathered by the data gathering routine of the first test agent comprising data indicating whether the event corresponding to the inspected tree node is occurring or has occurred; generating, by the processing circuitry of the analysis computing system, data associating a second test agent with a second target, the second test agent being different from the first test agent, the second test agent configured to perform a data gathering routine that gathers data from the second target associated with the second test agent, the second target associated with the second test agent comprising a second set of one or more system nodes in the distributed computing system; generating, by the processing circuitry, data associating the second inspected tree node of the risk model with the second test agent, the data gathered by the data gathering routine of the second test agent comprising data indicating whether the event corresponding to the inspected tree node is occurring or has occurred; performing, by the processing circuitry, according to a first predefined schedule that specifies a recurrence pattern of the data gathering routine of the first test agent, the data gathering routine of the first test agent; performing, by the processing circuitry, according to a second predefined schedule that specifies a recurrence pattern of the data gathering routine of the second test agent, the data gathering routine of the second test agent; outputting, by the processing circuitry, a graphical representation of the data indicating whether the event corresponding to the first inspected tree node is occurring or has occurred; and outputting, by the processing circuitry, a graphical representation of the data indicating whether the event corresponding to the second inspected tree node is occurring or has occurred. |
| Claim: | 2. The method of claim 1 , further comprising: outputting, by the processing circuitry, for display on the display device, a target configuration interface; receiving, by the processing circuitry, via the target configuration interface, indications of user input to define the first target such that the first target comprises the first set of one or more system nodes in the distributed computing system; and in response to receiving the indications of the user input to define the first target such that the first target comprises the first set of one or more system nodes in the distributed computing system, defining, by the processing circuitry, the first target such that the first target comprises the first set of one or more system nodes in the distributed computing system. |
| Claim: | 3. The method of claim 2 , wherein receiving the indications of user input to define the first target such that the first target comprises the one or more system nodes in the distributed computing system comprises receiving, by the processing circuitry, the indications of user input to define the first target such that the first target comprises a plurality of system nodes in the distributed computing system and an indication of user input to define a name of the first target. |
| Claim: | 4. The method of claim 2 , wherein receiving the indications of user input to define the first target such that the first target comprises the one or more system nodes in the distributed computing system comprises: receiving, by the processing circuitry, indications of user input specifying identifiers of the first set of one or more system nodes in the distributed computing system. |
| Claim: | 5. The method of claim 1 , wherein: the method further comprises receiving, by the processing circuitry, an indication of user input to associate the first test agent with the first target; and generating the data associating the first test agent with the first target comprises, in response to receiving the indication of user input to associate the first test agent with the first target, generating, by the processing circuitry, the data associating the first test agent with the first target. |
| Claim: | 6. The method of claim 1 , wherein outputting the graphical representation of the data comprises: outputting, by the processing circuitry, a multi-dimensional chart comprising a plurality of data points, each respective data point of the plurality of data points corresponding to a measurement gathered as part of a respective performance of the data gathering routine of the first test agent. |
| Claim: | 7. The method of claim 1 , further comprising: receiving, by the processing circuitry, an indication of user input to associate the first test agent with the first inspected tree node; and in response to receiving the indication of user input to associate the first test agent with the first inspected tree node, generating, by the processing circuitry, the data associating the first test agent with the first inspected tree node. |
| Claim: | 8. The method of claim 1 , wherein the event corresponding to the first inspected tree node corresponds to a cyberattack on an individual system node or group of system nodes in distributed computing system. |
| Claim: | 9. The method of claim 1 , wherein generating the data representing the risk model comprises: receiving, by the processing circuitry, data identifying system nodes in the distributed computing system that perform the same roles in the distributed computing system; and for each respective system node of the identified system nodes, automatically generating, by the processing circuitry, in the risk model, a respective sub-tree for the respective system node based on a predefined template sub-tree. |
| Claim: | 10. The method of claim 1 , further comprising, determining, by the processing circuitry, based on the data gathered by the data gathering routine of the first test agent, one or more metrics, wherein the graphical representation includes the one or more metrics. |
| Claim: | 11. A system comprising: a data storage system; and processing circuitry configured to: generate, in the data storage system, data representing a risk model for a distributed computing system, wherein: the risk model comprises a plurality of tree nodes organized as a tree, for each respective tree node of the risk model, the respective tree node corresponds to a respective event that may befall the distributed computing system, for each respective non-leaf tree node of the risk model, the events corresponding to child tree nodes of the respective non-leaf tree node are preconditions of the event corresponding to the respective non-leaf tree node, and the tree nodes of the risk model include a first inspected tree node and a second inspected tree node, generate, in the data storage system, data associating a first test agent with a first target, the first test agent configured to perform a data gathering routine that gathers data from the first target associated with the first test agent, the first target associated with the first test agent comprising a first set of one or more system nodes in the distributed computing system; generate, in the data storage system, data associating the first inspected tree node of the risk model with the first test agent, the data gathered by the data gathering routine of the first test agent comprising data indicating whether the event corresponding to the first inspected tree node is occurring or has occurred; generate, in the data storage system, data associating a second test agent with a second target, the second test agent being different from the first test agent, the second test agent configured to perform a data gathering routine that gathers data from the second target associated with the second test agent, the second target associated with the second test agent comprising a second set of one or more system nodes in the distributed computing system; generate, in the data storage system, data associating the second inspected tree node of the risk model with the second test agent, the data gathered by the data gathering routine of the second test agent comprising data indicating whether the event corresponding to the inspected tree node is occurring or has occurred; perform, according to a predefined schedule that specifies a recurrence pattern of the data gathering routine of the first test agent, the data gathering routine of the first test agent; perform, according to a second predefined schedule that specifies a recurrence pattern of the data gathering routine of the second test agent, the data gathering routine of the second test agent; output a graphical representation of the data indicating whether the event corresponding to the inspected tree node is occurring or has occurred; and output a graphical representation of the data indicating whether the event corresponding to the second inspected tree node is occurring or has occurred. |
| Claim: | 12. The system of claim 11 , wherein the processing circuitry is configured to: output, for display on the display device, a target configuration interface; receive, via the target configuration interface, indications of user input to define the first target such that the first target comprises the first set of one or more system nodes in the distributed computing system; and in response to receiving the indications of the user input to define the first target such that the first target comprises the first set of one or more system nodes in the distributed computing system, define the first target such that the first target comprises the first set of one or more system nodes in the distributed computing system. |
| Claim: | 13. The system of claim 12 , wherein the processing circuitry is configured to receive the indications of user input to define the first target such that the first target comprises a plurality of system nodes in the distributed computing system and an indication of user input to define a name of the first target. |
| Claim: | 14. The system of claim 12 , wherein the processing circuitry is configured such that, as part of receiving the indications of user input to define the first target such that the first target comprises the first set of one or more system nodes in the distributed computing system, the processing circuitry: receives indications of user input specifying identifiers of the first set of one or more system nodes in the distributed computing system. |
| Claim: | 15. The system of claim 11 , wherein: the processing circuitry is further configured to receive an indication of user input to associate the first test agent with the first target; and the processing circuitry is configured such that, as part of generating the data associating the first test agent with the first target, the processing circuitry, in response to receiving the indication of user input to associate the first test agent with the first target, generates the data associating the first test agent with the first target. |
| Claim: | 16. The system of claim 11 , wherein the processing circuitry is configured such that, as part of outputting the graphical representation of the data, the processing circuitry: outputs a multi-dimensional chart comprising a plurality of data points, each respective data point of the plurality of data points corresponding to a measurement gathered as part of a respective performance of the data gathering routine of the first test agent. |
| Claim: | 17. The system of claim 11 , wherein the processing circuitry is configured to: receive an indication of user input to associate the first test agent with the first inspected tree node; and in response to receiving the indication of user input to associate the first test agent with the first inspected tree node, generate the data associating the first test agent with the first inspected tree node. |
| Claim: | 18. The system of claim 10 , wherein the processing circuitry is configured such that, as part of generating the data representing the risk model, the processing circuitry: receives data identifying system nodes in the distributed computing system that perform the same roles in the distributed computing system; and for each respective system node of the identified system nodes, automatically generates, in the risk model, a respective sub-tree for the respective system node based on a predefined template sub-tree. |
| Claim: | 19. A non-transitory computer-readable storage medium having instructions stored thereon that, when executed, configure an analysis computing system to: generate data representing a risk model for a distributed computing system, wherein: the risk model comprises a plurality of tree nodes organized as a tree, for each respective tree node of the risk model, the respective tree node corresponds to a respective event that may befall the distributed computing system, for each respective non-leaf tree node of the risk model, the events corresponding to child tree nodes of the respective non-leaf tree node are preconditions of the event corresponding to the respective non-leaf tree node, the tree nodes of the risk model include a first inspected tree node and a second inspected tree node, generate data associating a first test agent with a first target, the first test agent configured to perform a data gathering routine that gathers data from the first target associated with the first test agent, the first target associated with the first test agent comprising a first set of one or more system nodes in the distributed computing system; generate data associating the first inspected tree node of the risk model with the first test agent, the data gathered by the data gathering routine of the first test agent comprising data indicating whether the event corresponding to the first inspected tree node is occurring or has occurred; generate data associating a second test agent with a second target, the second test agent being different from the first test agent, the second test agent configured to perform a data gathering routine that gathers data from the second target associated with the second test agent, the second target associated with the second test agent comprising a second set of one or more system nodes in the distributed computing system; generate data associating the second inspected tree node of the risk model with the second test agent, the data gathered by the data gathering routine of the second test agent comprising data indicating whether the event corresponding to the inspected tree node is occurring or has occurred; perform, according to a first predefined schedule that specifies a recurrence pattern of the data gathering routine of the first test agent, the data gathering routine of the first test agent; perform according to a second predefined schedule that specifies a recurrence pattern of the data gathering routine of the second test agent, the data gathering routine of the second test agent; output a graphical representation of the data indicating whether the event corresponding to the first inspected tree node is occurring or has occurred; and output, by the processing circuitry, a graphical representation of the data indicating whether the event corresponding to the second inspected tree node is occurring or has occurred. |
| Patent References Cited: | 7496959 February 2009 Adelstein et al. 7818804 October 2010 Marceau 8458805 June 2013 Adelstein et al. 8499354 July 2013 Satish et al. 8862803 October 2014 Powers et al. 9081911 July 2015 Powers et al. 9083741 July 2015 Powers 2012/0210427 August 2012 Bronner et al. 2014/0337971 November 2014 Casassa Mont et al. 2015/0339477 November 2015 Abrams 2016/0099953 April 2016 Hebert 2016/0234242 August 2016 Knapp et al. 2018/0048534 February 2018 Banga 2018/0121657 May 2018 Hay et al. 2018/0191770 July 2018 Nachenberg 2018/0367563 December 2018 Pfleger de Aguiar 2019/0014153 January 2019 Lang 2019/0102564 April 2019 Li 2019/0164015 May 2019 Jones, Jr. 2019/0188615 June 2019 Liu 2019/0258953 August 2019 Lang WO 2017/105383 June 2017 |
| Other References: | Ana Paula Henriques de Gusmao et al, “Cybersecurity risk analysis model using fault tree analysis and fuzzy decision theory”, 2018 , International Journal of Information Management, p. 1-3. cited by examiner “Cybersecurity,” US. Department of Defense Instruction, No. 8500.01, Mar. 14, 2014, 59 pp, accessible via https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/850001_2014.pdf. cited by applicant “Cyberspace Operations,” U.S. Air Force, Air Force Policy Directive 10-17, Jul. 31, 2012, 9 pp, accessible via https://fas.org/irp/doddir/usaf/afpd10-17.pdf. cited by applicant Becker et al., “Applying Game Theory to Analyze Attacks and Defenses in Virtual Coordinate Systems,” 41st International Conference on Dependable Systems & Networks (DSN), Jun. 2011, 12 pp. cited by applicant Fisher, “Developing Software in a Multicore & Multiprocessor World,” Klocwork.com., white paper, Sep. 2010, 9 pp. cited by applicant Joyce et al., “MEGA: A Tool for Mac OS X Operating System and Application Forensics,” Proceedings of the Digital Forensic Research Conference, Aug. 11-13, 2008, 9 pp. cited by applicant Libicki, “Cyberdeterrence and Cyberwar,” Rand Corporation, 2009, 238 pp. cited by applicant Porche III et al., “A Cyberworm that Knows no Boundaries,” RAND Corporation, 2011, 6 pp. cited by applicant Quinlan et al., “ROSE User Manual: A Tool for Building Source-to-Source Translators,” Draft User Manual, Version 0.9.6a, Lawrence Livermore National Laboratory, Dec. 16, 2015, 339 pp. cited by applicant Shiva et al., “Game Theory for Cyber Security,” Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research, Article No. 34, Apr. 2010, 5 pp. cited by applicant Snyder et al., “Ensuring U.S. Air Force Operations During Cyber Attacks Against Combat Support Systems Guidance Where to Focus Mitigation Efforts,” RAND Corporation, 2015, 36 pp. cited by applicant U.S. Appl. No. 16/131,669, filed Sep. 14, 2018 by Christopher Dominessy et al. cited by applicant Atighetchi et al., “Metrinome-Continuous Monitoring and Security Validation of Distributed Systems”, Journal of Cyber Security and Information Systems vol. II, No. 1: Knowledge Management, Mar. 2014, 8 pgs. cited by applicant Sironi et al., “Metronome” Operating System Level Performance Management via Self-Adaptive Computing, DAC 2012, Jun. 3-7, 2012, 10 pgs. cited by applicant Vasiliadis et al., “GPU-asssisted malware”, Int. J. Inf. Secur. (2015), Published Aug. 28, 2014, 9 pgs. cited by applicant Balzarotti et al., “The impact of GPU-assisted malware on memory forensics: A case study”, DFRWS 2015, 9 pgs. Applicant points out, in accordance with MPEP 609.04(a), that the year of publication, 2015, is sufficiently earlier than the effective U.S. filing date of the present application, so that the particular month of publication is not in issue. cited by applicant Baloch et al., “Comparative Study of Risk Management in Centralized and Distributed Software Development Environment”, Sci.Int.(Lahore),26(4),1523-1528, 2014, 6 pgs. Applicant points out, in accordance with MPEP 609.04(a), that the year of publication, 2014, is sufficiently earlier than the effective U.S. filing date of the present application, so that the particular month of publication is not in issue. cited by applicant PR Newswire, “ATCorp Releases CSAS—Cloud Security Analysis Suite for Applications in the Cloud” Feb. 26, 2016, 2 pgs. cited by applicant Wikipedia-OpenCL, Mar. 29, 2017, Retrieved from https://en.wikipedia.org/wiki/OpenCL, 15 pgs. cited by applicant ROSE: Main Page, Mar. 29, 2017, Retrieved from http://rosecompiler.org/ROSE_HTML_Reference/, 3 pgs. cited by applicant Schneier, “Attack Trees—Schneier on Security”, Dr. Dobb's Journal, Dec. 1999, Retrieved from https://www.schneier.com/academic/archives/1999/12/attack_trees.html, 9 pgs. cited by applicant Richard, “Memory Analysis, meet GPU Malware”, Oct. 22, 2014, CERIAS, Retrieved from http://www.cerias.purdue.edu/news_and_events/events/security_seminar/details/index/popenihmencsf2v5mggg5ulfd4, 2 pgs. cited by applicant 2015 DFRWS Forensics Challenge—Submitted Solutions and Source Code Released, Retrieved from http://www.cs.uno.edu/˜golden/gpu-malware-research.html, 5 pgs. Applicant points out, in accordance with MPEP 609.04(a), that the year of publication, 2015, is sufficiently earlier than the effective U.S. filing date of the present application, so that the particular month of publication is not in issue. cited by applicant U.S. Appl. No. 15/485,784, filed Apr. 12, 2017 by Robert A. Joyce et al. cited by applicant |
| Primary Examiner: | Revak, Christopher A |
| Attorney, Agent or Firm: | Shumaker & Sieffert, P.A. |
| Accession Number: | edspgr.10540502 |
| Database: | USPTO Patent Grants |
Be the first to leave a comment!