Security monitor of system runs software simulator in parallel
First Claim
1. A method of determining the integrity of a distributed information processing system including a plurality of networked devices, each device including a finite machine (FSM), the method comprising:
- performing a primary task in each of the plurality of networked devices, the primary task having a computational requirement that varies over time;
performing a secondary task in each of the plurality of the networked devices, wherein performing the secondary task in a first one of the plurality of the networked devices includes generation, per time step, a respective numerical value that depends on a corresponding numerical value in each of the others of the plurality of networked devices at a previous time step;
receiving, at a control server, update information regarding the state of each of the plurality of networked devices;
simulating, in the control server, the secondary task of each of the plurality of the networked devices, wherein simulating the secondary task in the control server includes generating, per time step, numerical values for each of the simulated tasks, based at least upon the received update information;
receiving, at the control server, the numerical values generated by the plurality of the networked devices;
determining by the control server whether the received numerical values are equal to the simulated values; and
generating an alert if it is determined that the received numerical values are not equal to the simulated values;
wherein generating the numerical value, per time step, in each of the networked devices, further depends on a history of previous numerical values of the device performing the secondary task, the history has a length, and the length is dynamically modified in inverse relation to the computations requirements of the primary task.
2 Assignments
0 Petitions
Accused Products
Abstract
A monitoring system monitors a system that has multiple devices that perform respective primary tasks. For the purpose of the monitoring, each device has a finite state machine (FSM) with stochastic non-periodic behavior. The monitoring system simulates in software the behavior of the FSM'"'"'s. A discrepancy between the states assumed by the FSM'"'"'s after each time step and the states assumed in the simulation in each time step indicates a failure or a breach of the network'"'"'s integrity. Hacking such as primary system is practically impossible without being detected. Each device comprises computational resources. In order to reduce the computational environment available to a virus, the idle time of the resources is absorbed by dynamically increasing the complexity of the FSM'"'"'s.
21 Citations
5 Claims
-
1. A method of determining the integrity of a distributed information processing system including a plurality of networked devices, each device including a finite machine (FSM), the method comprising:
-
performing a primary task in each of the plurality of networked devices, the primary task having a computational requirement that varies over time; performing a secondary task in each of the plurality of the networked devices, wherein performing the secondary task in a first one of the plurality of the networked devices includes generation, per time step, a respective numerical value that depends on a corresponding numerical value in each of the others of the plurality of networked devices at a previous time step; receiving, at a control server, update information regarding the state of each of the plurality of networked devices; simulating, in the control server, the secondary task of each of the plurality of the networked devices, wherein simulating the secondary task in the control server includes generating, per time step, numerical values for each of the simulated tasks, based at least upon the received update information; receiving, at the control server, the numerical values generated by the plurality of the networked devices; determining by the control server whether the received numerical values are equal to the simulated values; and generating an alert if it is determined that the received numerical values are not equal to the simulated values; wherein generating the numerical value, per time step, in each of the networked devices, further depends on a history of previous numerical values of the device performing the secondary task, the history has a length, and the length is dynamically modified in inverse relation to the computations requirements of the primary task. - View Dependent Claims (2, 3, 4, 5)
-
Specification