DYNAMIC OPERATIONAL WATERMARKING FOR SOFTWARE AND HARDWARE ASSURANCE

US 20140223554A1
Filed: 02/07/2013
Published: 08/07/2014
Est. Priority Date: 02/07/2013
Status: Active Grant

First Claim

Patent Images

1. A dynamic watermarking method comprising:

receiving, at a monitor device, a physical watermark and a logical watermark of a defended apparatus;

setting a baseline for the defended apparatus at the monitor device, the baseline including the physical watermark and the logical watermark;

monitoring, by a processor of the monitor device, the defended apparatus for a change in the physical watermark or the logical watermark; and

based on the change, updating the baseline to include the change, or performing a defensive action in response to the change that indicates an anomaly.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This disclosure addresses systems and methods for the protection of proprietary information by monitoring operational watermarks of an apparatus. A monitoring device may receive logical or physical watermark data from a defended apparatus. Watermark data may include any operational or environmental variable related to the defended apparatus. The monitoring device may maintain a baseline profile for the defended apparatus that includes watermark data. During monitoring of the defended apparatus by the monitor device, changes in the watermark data may be analyzed to determine if the baseline should be dynamically updated, or if the change indicates an anomaly. Anomalies may indicate an attempt to tamper with the defended apparatus. In response to the change that indicates an anomaly, the monitoring device may scrub the contents of the defended apparatus. In an embodiment, the monitoring device may also scrub its own memory in response to an anomaly.

22 Citations

View as Search Results

22 Claims

1. A dynamic watermarking method comprising:
- receiving, at a monitor device, a physical watermark and a logical watermark of a defended apparatus;
  
  setting a baseline for the defended apparatus at the monitor device, the baseline including the physical watermark and the logical watermark;
  
  monitoring, by a processor of the monitor device, the defended apparatus for a change in the physical watermark or the logical watermark; and
  
  based on the change, updating the baseline to include the change, or performing a defensive action in response to the change that indicates an anomaly.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the monitor device and the defended apparatus are co-located.
  - 3. The method of claim 2, further comprising:
    - receiving, by the processor of the monitor device, the physical watermark and the logical watermark, wherein the setting of the baseline is performed in response to an initial reception of the physical watermark and the logical watermark.
  - 4. The method of claim 3, wherein the anomaly includes a deviation from the baseline of the physical watermark or the logical watermark, the deviation indicating an attack on the defended apparatus.
  - 5. The method of claim 4, wherein the logical watermark includes at least one of:
    - execution timing, execution sequencing, data transaction, input activity, output activity, or function periodicity; and
      
      wherein the physical watermark includes a temperature of the defended apparatus or a power-consumption rate of the defended apparatus.
  - 6. The method of claim 2, wherein monitoring the defended apparatus for the change in the physical watermark or the logical watermark includes continuously receiving environmental data and execution data from the defended apparatus.
  - 7. The method of claim 6, wherein performing the defensive action includes scrubbing the defended apparatus and the monitor device, and transmitting a notification of the anomaly.
  - 8. The method of claim 7, wherein scrubbing the defended apparatus includes erasing an erasable memory coupled to a processor of the defended apparatus.

9. At least one machine-readable storage medium comprising a plurality of instructions that in response to being executed on a computing device, cause the computing device to:
- receive a physical watermark and a logical watermark of a defended apparatus;
  
  set a baseline for the defended apparatus, the baseline including the physical watermark and the logical watermark;
  
  monitor the defended apparatus for a change in the physical watermark or the logical watermark; and
  
  based on the change, update the baseline to include the change, or perform a defensive action in response to the change that indicates an anomaly.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The machine-readable storage medium of claim 9, wherein the monitor device and the defended apparatus are co-located in a single device.
  - 11. The machine-readable storage medium of claim 10, wherein the plurality of instructions further cause the computing device to:
    - receive the physical watermark and the logical watermark, wherein the setting of the baseline is performed in response to an initial reception of the physical watermark and the logical watermark.
  - 12. The machine-readable storage medium of claim 10, wherein the logical watermark includes at least one of:
    - execution timing, execution sequencing, data transaction, input activity, output activity, or function periodicity; and
      
      wherein the physical watermark includes a temperature of the defended apparatus and a power consumption rate of the defended apparatus.
  - 13. The machine-readable storage medium of claim 12, wherein monitoring the defended apparatus for the change in the physical watermark or the logical watermark includes continuously receiving environmental data and execution data from the defended apparatus.
  - 14. The machine-readable storage medium of claim 10, wherein performing the defensive action includes scrubbing the defended apparatus and the monitor device.
  - 15. The machine-readable storage medium of claim 14, wherein scrubbing the defended apparatus and the monitor device includes erasing the machine-readable medium.

16. A system comprising:
- a defended apparatus including a processor, one or more sensors, and a first erasable memory coupled to the processor; and
  
  a shadow monitor including a processor coupled to the defended apparatus, a second erasable memory coupled to the processor of the shadow monitor, the shadow monitor being configured to receive a physical watermark and a logical watermark from the defended apparatus, establish a baseline for the physical watermark and the logical watermark, store the baseline in the second erasable memory, and monitor the defended apparatus for data indicating a change in the physical watermark or the logical watermark and, based on the change, update the baseline in response to the change, or perform a defensive action in response to the change where an anomaly is indicated;
  
  wherein the physical watermark includes data from the one or more sensors of the defended apparatus, and the anomaly includes a deviation from the baseline, the deviation indicating an attack on the defended apparatus.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The system of claim 16, wherein the shadow monitor and the defended apparatus are coupled by a network.
  - 18. The system of claim 16, including:
    - a wireless transceiver coupled to the shadow monitor and the defended apparatus;
      
      wherein the shadow monitor and the defended apparatus are co-located.
  - 19. The system of claim 18, wherein the defended apparatus includes a real-time operating system executing on the processor of the defended apparatus.
  - 20. The system of claim 19, wherein the processor of the shadow monitor and the processor of the defended apparatus are implemented in a single device.
  - 21. The system of claim 19, wherein the defensive action includes:
    - transmitting a notification of the anomaly via the wireless transceiver; and
      
      overwriting the first erasable memory and the second erasable memory.
  - 22. The system of claim 19, wherein the logical watermark includes at least one of:
    - execution timing, execution sequencing, data transaction, input activity, output activity, or function periodicity; and
      
      the physical watermark includes at least one of;
      
      a temperature of the defended apparatus or a power consumption rate of the defended apparatus.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Raytheon BBN Technlogies Corp. (Rtx Corporation)
Original Assignee
Thomas Gilbert Iii Roden
Inventors
Roden, Thomas Gilbert III

Granted Patent

US 9,081,957 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/552 involving long-term monitor...

G06F 21/577 Assessing vulnerabilities a...

DYNAMIC OPERATIONAL WATERMARKING FOR SOFTWARE AND HARDWARE ASSURANCE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

22 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

DYNAMIC OPERATIONAL WATERMARKING FOR SOFTWARE AND HARDWARE ASSURANCE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links