Software assurance for heterogeneous distributed computing systems

US 10,540,502 B1
Filed: 06/14/2017
Issued: 01/21/2020
Est. Priority Date: 06/14/2017
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

generating, by an analysis computing system comprising processing circuitry, data representing a risk model for a distributed computing system, wherein;

the risk model comprises a plurality of tree nodes organized as a tree,for each respective tree node of the risk model, the respective tree node corresponds to a respective event that may befall the distributed computing system,for each respective non-leaf tree node of the risk model, the events corresponding to child tree nodes of the respective non-leaf tree node are preconditions of the event corresponding to the respective non-leaf tree node, andthe tree nodes of the risk model include a first inspected tree node and a second inspected tree node;

generating, by the processing circuitry of the analysis computing system, data associating a first test agent with a first target, the first test agent configured to perform a data gathering routine that gathers data from the first target associated with the first test agent, the first target associated with the first test agent comprising a first set of one or more system nodes in the distributed computing system;

generating, by the processing circuitry, data associating the first inspected tree node of the risk model with the first test agent, the data gathered by the data gathering routine of the first test agent comprising data indicating whether the event corresponding to the inspected tree node is occurring or has occurred;

generating, by the processing circuitry of the analysis computing system, data associating a second test agent with a second target, the second test agent being different from the first test agent, the second test agent configured to perform a data gathering routine that gathers data from the second target associated with the second test agent, the second target associated with the second test agent comprising a second set of one or more system nodes in the distributed computing system;

generating, by the processing circuitry, data associating the second inspected tree node of the risk model with the second test agent, the data gathered by the data gathering routine of the second test agent comprising data indicating whether the event corresponding to the inspected tree node is occurring or has occurred;

performing, by the processing circuitry, according to a first predefined schedule that specifies a recurrence pattern of the data gathering routine of the first test agent, the data gathering routine of the first test agent;

performing, by the processing circuitry, according to a second predefined schedule that specifies a recurrence pattern of the data gathering routine of the second test agent, the data gathering routine of the second test agent;

outputting, by the processing circuitry, a graphical representation of the data indicating whether the event corresponding to the first inspected tree node is occurring or has occurred; and

outputting, by the processing circuitry, a graphical representation of the data indicating whether the event corresponding to the second inspected tree node is occurring or has occurred.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A risk model for a distributed computing system comprises a plurality of tree nodes organized as a tree. For each tree node of the risk model, the tree node corresponds to a respective event that may befall a distributed computing system. An analysis computing system generates data associating a test agent with a target and also generates data associating the test agent with a tree node in the risk model. The test agent performs a data gathering routine that gathers data from the target associated with the test agent. The gathered data may indicate whether the event corresponding to the tree node is occurring. Furthermore, the analysis computing system may perform the data gathering routine according to a recurrence pattern of the data gathering routine. The analysis computing system may output a graphical representation of the data indicating whether the event corresponding to the tree node is occurring.

35 Citations

View as Search Results

19 Claims

1. A method comprising:
- generating, by an analysis computing system comprising processing circuitry, data representing a risk model for a distributed computing system, wherein;
  
  the risk model comprises a plurality of tree nodes organized as a tree,for each respective tree node of the risk model, the respective tree node corresponds to a respective event that may befall the distributed computing system,for each respective non-leaf tree node of the risk model, the events corresponding to child tree nodes of the respective non-leaf tree node are preconditions of the event corresponding to the respective non-leaf tree node, andthe tree nodes of the risk model include a first inspected tree node and a second inspected tree node;
  
  generating, by the processing circuitry of the analysis computing system, data associating a first test agent with a first target, the first test agent configured to perform a data gathering routine that gathers data from the first target associated with the first test agent, the first target associated with the first test agent comprising a first set of one or more system nodes in the distributed computing system;
  
  generating, by the processing circuitry, data associating the first inspected tree node of the risk model with the first test agent, the data gathered by the data gathering routine of the first test agent comprising data indicating whether the event corresponding to the inspected tree node is occurring or has occurred;
  
  generating, by the processing circuitry of the analysis computing system, data associating a second test agent with a second target, the second test agent being different from the first test agent, the second test agent configured to perform a data gathering routine that gathers data from the second target associated with the second test agent, the second target associated with the second test agent comprising a second set of one or more system nodes in the distributed computing system;
  
  generating, by the processing circuitry, data associating the second inspected tree node of the risk model with the second test agent, the data gathered by the data gathering routine of the second test agent comprising data indicating whether the event corresponding to the inspected tree node is occurring or has occurred;
  
  performing, by the processing circuitry, according to a first predefined schedule that specifies a recurrence pattern of the data gathering routine of the first test agent, the data gathering routine of the first test agent;
  
  performing, by the processing circuitry, according to a second predefined schedule that specifies a recurrence pattern of the data gathering routine of the second test agent, the data gathering routine of the second test agent;
  
  outputting, by the processing circuitry, a graphical representation of the data indicating whether the event corresponding to the first inspected tree node is occurring or has occurred; and
  
  outputting, by the processing circuitry, a graphical representation of the data indicating whether the event corresponding to the second inspected tree node is occurring or has occurred.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 18)
- - 2. The method of claim 1, further comprising:
    - outputting, by the processing circuitry, for display on the display device, a target configuration interface;
      
      receiving, by the processing circuitry, via the target configuration interface, indications of user input to define the first target such that the first target comprises the first set of one or more system nodes in the distributed computing system; and
      
      in response to receiving the indications of the user input to define the first target such that the first target comprises the first set of one or more system nodes in the distributed computing system, defining, by the processing circuitry, the first target such that the first target comprises the first set of one or more system nodes in the distributed computing system.
  - 3. The method of claim 2, wherein receiving the indications of user input to define the first target such that the first target comprises the one or more system nodes in the distributed computing system comprises receiving, by the processing circuitry, the indications of user input to define the first target such that the first target comprises a plurality of system nodes in the distributed computing system and an indication of user input to define a name of the first target.
  - 4. The method of claim 2, wherein receiving the indications of user input to define the first target such that the first target comprises the one or more system nodes in the distributed computing system comprises:
    - receiving, by the processing circuitry, indications of user input specifying identifiers of the first set of one or more system nodes in the distributed computing system.
  - 5. The method of claim 1, wherein:
    - the method further comprises receiving, by the processing circuitry, an indication of user input to associate the first test agent with the first target; and
      
      generating the data associating the first test agent with the first target comprises, in response to receiving the indication of user input to associate the first test agent with the first target, generating, by the processing circuitry, the data associating the first test agent with the first target.
  - 6. The method of claim 1, wherein outputting the graphical representation of the data comprises:
    - outputting, by the processing circuitry, a multi-dimensional chart comprising a plurality of data points, each respective data point of the plurality of data points corresponding to a measurement gathered as part of a respective performance of the data gathering routine of the first test agent.
  - 7. The method of claim 1, further comprising:
    - receiving, by the processing circuitry, an indication of user input to associate the first test agent with the first inspected tree node; and
      
      in response to receiving the indication of user input to associate the first test agent with the first inspected tree node, generating, by the processing circuitry, the data associating the first test agent with the first inspected tree node.
  - 8. The method of claim 1, wherein the event corresponding to the first inspected tree node corresponds to a cyberattack on an individual system node or group of system nodes in distributed computing system.
  - 9. The method of claim 1, wherein generating the data representing the risk model comprises:
    - receiving, by the processing circuitry, data identifying system nodes in the distributed computing system that perform the same roles in the distributed computing system; and
      
      for each respective system node of the identified system nodes, automatically generating, by the processing circuitry, in the risk model, a respective sub-tree for the respective system node based on a predefined template sub-tree.
  - 10. The method of claim 1, further comprising, determining, by the processing circuitry, based on the data gathered by the data gathering routine of the first test agent, one or more metrics, wherein the graphical representation includes the one or more metrics.
  - 18. The system of claim 10, wherein the processing circuitry is configured such that, as part of generating the data representing the risk model, the processing circuitry:
    - receives data identifying system nodes in the distributed computing system that perform the same roles in the distributed computing system; and
      
      for each respective system node of the identified system nodes, automatically generates, in the risk model, a respective sub-tree for the respective system node based on a predefined template sub-tree.

11. A system comprising:
- a data storage system; and
  
  processing circuitry configured to;
  
  generate, in the data storage system, data representing a risk model for a distributed computing system, wherein;
  
  the risk model comprises a plurality of tree nodes organized as a tree,for each respective tree node of the risk model, the respective tree node corresponds to a respective event that may befall the distributed computing system,for each respective non-leaf tree node of the risk model, the events corresponding to child tree nodes of the respective non-leaf tree node are preconditions of the event corresponding to the respective non-leaf tree node, andthe tree nodes of the risk model include a first inspected tree node and a second inspected tree node,generate, in the data storage system, data associating a first test agent with a first target, the first test agent configured to perform a data gathering routine that gathers data from the first target associated with the first test agent, the first target associated with the first test agent comprising a first set of one or more system nodes in the distributed computing system;
  
  generate, in the data storage system, data associating the first inspected tree node of the risk model with the first test agent, the data gathered by the data gathering routine of the first test agent comprising data indicating whether the event corresponding to the first inspected tree node is occurring or has occurred;
  
  generate, in the data storage system, data associating a second test agent with a second target, the second test agent being different from the first test agent, the second test agent configured to perform a data gathering routine that gathers data from the second target associated with the second test agent, the second target associated with the second test agent comprising a second set of one or more system nodes in the distributed computing system;
  
  generate, in the data storage system, data associating the second inspected tree node of the risk model with the second test agent, the data gathered by the data gathering routine of the second test agent comprising data indicating whether the event corresponding to the inspected tree node is occurring or has occurred;
  
  perform, according to a predefined schedule that specifies a recurrence pattern of the data gathering routine of the first test agent, the data gathering routine of the first test agent;
  
  perform, according to a second predefined schedule that specifies a recurrence pattern of the data gathering routine of the second test agent, the data gathering routine of the second test agent;
  
  output a graphical representation of the data indicating whether the event corresponding to the inspected tree node is occurring or has occurred; and
  
  output a graphical representation of the data indicating whether the event corresponding to the second inspected tree node is occurring or has occurred.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The system of claim 11, wherein the processing circuitry is configured to:
    - output, for display on the display device, a target configuration interface;
      
      receive, via the target configuration interface, indications of user input to define the first target such that the first target comprises the first set of one or more system nodes in the distributed computing system; and
      
      in response to receiving the indications of the user input to define the first target such that the first target comprises the first set of one or more system nodes in the distributed computing system, define the first target such that the first target comprises the first set of one or more system nodes in the distributed computing system.
  - 13. The system of claim 12, wherein the processing circuitry is configured to receive the indications of user input to define the first target such that the first target comprises a plurality of system nodes in the distributed computing system and an indication of user input to define a name of the first target.
  - 14. The system of claim 12, wherein the processing circuitry is configured such that, as part of receiving the indications of user input to define the first target such that the first target comprises the first set of one or more system nodes in the distributed computing system, the processing circuitry:
    - receives indications of user input specifying identifiers of the first set of one or more system nodes in the distributed computing system.
  - 15. The system of claim 11, wherein:
    - the processing circuitry is further configured to receive an indication of user input to associate the first test agent with the first target; and
      
      the processing circuitry is configured such that, as part of generating the data associating the first test agent with the first target, the processing circuitry, in response to receiving the indication of user input to associate the first test agent with the first target, generates the data associating the first test agent with the first target.
  - 16. The system of claim 11, wherein the processing circuitry is configured such that, as part of outputting the graphical representation of the data, the processing circuitry:
    - outputs a multi-dimensional chart comprising a plurality of data points, each respective data point of the plurality of data points corresponding to a measurement gathered as part of a respective performance of the data gathering routine of the first test agent.
  - 17. The system of claim 11, wherein the processing circuitry is configured to:
    - receive an indication of user input to associate the first test agent with the first inspected tree node; and
      
      in response to receiving the indication of user input to associate the first test agent with the first inspected tree node, generate the data associating the first test agent with the first inspected tree node.

19. A non-transitory computer-readable storage medium having instructions stored thereon that, when executed, configure an analysis computing system to:
- generate data representing a risk model for a distributed computing system, wherein;
  
  the risk model comprises a plurality of tree nodes organized as a tree,for each respective tree node of the risk model, the respective tree node corresponds to a respective event that may befall the distributed computing system,for each respective non-leaf tree node of the risk model, the events corresponding to child tree nodes of the respective non-leaf tree node are preconditions of the event corresponding to the respective non-leaf tree node,the tree nodes of the risk model include a first inspected tree node and a second inspected tree node,generate data associating a first test agent with a first target, the first test agent configured to perform a data gathering routine that gathers data from the first target associated with the first test agent, the first target associated with the first test agent comprising a first set of one or more system nodes in the distributed computing system;
  
  generate data associating the first inspected tree node of the risk model with the first test agent, the data gathered by the data gathering routine of the first test agent comprising data indicating whether the event corresponding to the first inspected tree node is occurring or has occurred;
  
  generate data associating a second test agent with a second target, the second test agent being different from the first test agent, the second test agent configured to perform a data gathering routine that gathers data from the second target associated with the second test agent, the second target associated with the second test agent comprising a second set of one or more system nodes in the distributed computing system;
  
  generate data associating the second inspected tree node of the risk model with the second test agent, the data gathered by the data gathering routine of the second test agent comprising data indicating whether the event corresponding to the inspected tree node is occurring or has occurred;
  
  perform, according to a first predefined schedule that specifies a recurrence pattern of the data gathering routine of the first test agent, the data gathering routine of the first test agent;
  
  perform according to a second predefined schedule that specifies a recurrence pattern of the data gathering routine of the second test agent, the data gathering routine of the second test agent;
  
  output a graphical representation of the data indicating whether the event corresponding to the first inspected tree node is occurring or has occurred; and
  
  output, by the processing circuitry, a graphical representation of the data indicating whether the event corresponding to the second inspected tree node is occurring or has occurred.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Architecture Technology Corporation
Original Assignee
Architecture Technology Corporation
Inventors
Joyce, Robert A., Aloisio, Scott, Powers, Judson, Dominessy, Christopher
Primary Examiner(s)
Revak, Christopher A

Application Number

US15/622,434
Time in Patent Office

951 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 16/2246   Trees, e.g. B+trees

G06F 21/552   involving long-term monitor...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

Software assurance for heterogeneous distributed computing systems

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

35 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Software assurance for heterogeneous distributed computing systems

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links