Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture

US 9,092,631 B2
Filed: 10/16/2013
Issued: 07/28/2015
Est. Priority Date: 10/16/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented security evaluation method comprising:

accessing information regarding a physical architecture and a cyber architecture of a facility;

building a model of the facility comprising a plurality of physical areas of the physical architecture, a plurality of cyber areas of the cyber architecture, and a plurality of pathways between the physical areas and the cyber areas;

identifying a target within the facility;

executing the model a plurality of times to simulate a plurality of attacks against the target by at least one adversary traversing at least one of the physical areas and at least one of the cyber areas;

using results of the executing, providing information regarding a security risk of the facility with respect to the target;

wherein individual executions of the model comprise initiating counting of a timer once the at least one adversary is detected; and

wherein the providing comprises providing information indicating whether the at least one adversary reached the target during the executions of the model using information of the timer.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture are described. According to one aspect, a computer-implemented security evaluation method includes accessing information regarding a physical architecture and a cyber architecture of a facility, building a model of the facility comprising a plurality of physical areas of the physical architecture, a plurality of cyber areas of the cyber architecture, and a plurality of pathways between the physical areas and the cyber areas, identifying a target within the facility, executing the model a plurality of times to simulate a plurality of attacks against the target by an adversary traversing at least one of the areas in the physical domain and at least one of the areas in the cyber domain, and using results of the executing, providing information regarding a security risk of the facility with respect to the target.

20 Citations

View as Search Results

21 Claims

1. A computer-implemented security evaluation method comprising:
- accessing information regarding a physical architecture and a cyber architecture of a facility;
  
  building a model of the facility comprising a plurality of physical areas of the physical architecture, a plurality of cyber areas of the cyber architecture, and a plurality of pathways between the physical areas and the cyber areas;
  
  identifying a target within the facility;
  
  executing the model a plurality of times to simulate a plurality of attacks against the target by at least one adversary traversing at least one of the physical areas and at least one of the cyber areas;
  
  using results of the executing, providing information regarding a security risk of the facility with respect to the target;
  
  wherein individual executions of the model comprise initiating counting of a timer once the at least one adversary is detected; and
  
  wherein the providing comprises providing information indicating whether the at least one adversary reached the target during the executions of the model using information of the timer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1 wherein the target comprises one of the physical and cyber areas.
  - 3. The method of claim 1 wherein the building comprises building the model to comprise the pathways between different ones of the physical areas, between different ones of the physical areas and different ones of the cyber areas, and between different ones of the cyber areas.
  - 4. The method of claim 1 further comprising specifying a route to the target, and wherein the executing comprises executing the model to simulate the attacks against the target by the at least one adversary traversing the route.
  - 5. The method of claim 1 wherein the executing comprises executing the model to simulate the attacks against the target by the at least one adversary traversing different random routes to the target.
  - 6. The method of claim 1 wherein the providing information comprises identifying a previously-unidentified route of attack through one of the physical areas and one of the cyber areas to the target.
  - 7. The method of claim 1 further comprising, using the information regarding the security risk, generating a plurality of revised versions of the model, and wherein the executing comprises executing each of the revised versions of the model a plurality of times to simulate a plurality of additional attacks against the target by at least one adversary traversing a plurality of the physical and cyber areas.
  - 8. The method of claim 7 further comprising, using the results of the executing, identifying one of the revised versions of the model for use in revising the facility.
  - 9. The method of claim 1 wherein the pathways individually comprise at least one safeguard configured to at least one of detect and impede the at least one adversary.
  - 10. The method of claim 1 wherein the providing information for one of the executions of the model comprises providing information indicating whether the at least one adversary reached the target before the timer counts a predetermined length of time.
  - 11. The method of claim 10 wherein the at least one adversary is successful if the at least one adversary reaches the target before the timer counts the predetermined length of time and the at least one adversary is neutralized if the at least one adversary fails to reach the target before the timer counts the predetermined length of time.
  - 12. The method of claim 1, after the executing, further comprising:
    - changing at least one variable of the model; and
      
      after the changing, re-executing the model a plurality of times to simulate a plurality of additional attacks against the target by the at least one adversary traversing at least one of the physical areas and at least one of the cyber areas.
  - 13. The method of claim 1 wherein the providing information comprises providing information regarding the number of executions of the model where the at least one adversary was successful in reaching the target.
  - 14. The method of claim 1 wherein the different executions of the model provide different results due to different variables in the model.

15. A security evaluation system comprising:
- an interface configured to receive information regarding a physical architecture and a cyber architecture of a facility; and
  
  processing circuitry coupled with the interface and configured to;
  
  build a model of the facility comprising a plurality of physical areas of the physical architecture and a plurality of cyber areas of the cyber architecture;
  
  execute the model a plurality of times to simulate a plurality of attacks against the facility by at least one adversary traversing at least one of the physical areas and at least one of the cyber areas;
  
  after the execution, revise the model a plurality of times generating a plurality of revised versions of the model; and
  
  after the revision, execute each of the revised versions of the model a plurality of additional times to simulate a plurality of additional attacks against the facility by at least one adversary traversing at least one of the physical areas and at least one of the cyber areas.
- View Dependent Claims (16, 17, 18)
- - 16. The system of claim 15 wherein the model comprises a plurality of pathways intermediate the physical and cyber areas, and the pathways individually comprise at least one safeguard configured to at least one of detect and impede the at least one adversary, and wherein the revision of the model comprises changing the at least one safeguard of at least one of the pathways.
  - 17. The system of claim 15 wherein the processing circuitry is configured to provide information regarding a security risk of the facility using the results of the executions of the model before and after the revision of the model.
  - 18. The system of claim 17 wherein the information regarding the security risk of the facility compares the security risk of the facility with and without the revision.

19. An article of manufacture comprising:
- non-transitory computer-readable storage medium comprising programming which causes processing circuitry to perform processing comprising;
  
  accessing information regarding a physical architecture and a cyber architecture of a facility;
  
  building a model of the facility comprising a plurality of physical areas of the physical architecture, a plurality of cyber areas of the cyber architecture, and a plurality of pathways between the physical areas and the cyber areas;
  
  executing the model comprising;
  
  identifying a target within the facility;
  
  defining a route of attack by an adversary traversing at least one of the physical areas and at least one of the cyber areas to the target;
  
  detecting the adversary on the route of attack;
  
  as a result of the detecting, initiating a timer which counts a predetermined length of time; and
  
  determining whether the at least one adversary reached the target before the predetermined length of time has been counted.
- View Dependent Claims (20, 21)
- - 20. The article of manufacture of claim 19 wherein the route of attack is a user-specified route of attack.
  - 21. The article of manufacture of claim 19 wherein the route of attack is a randomly determined route of attack.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Battelle Memorial Institute
Original Assignee
Battelle Memorial Institute
Inventors
Muller, George, Perkins, Casey J., Lancaster, Mary J., MacDonald, Douglas G., Clements, Samuel L., Hutton, William J., Patrick, Scott W., Key, Bradley Robert
Primary Examiner(s)
Mehedi, Morshed

Application Number

US14/055,776
Publication Number

US 20150106941A1
Time in Patent Office

650 Days
Field of Search

726/25
US Class Current

1/1
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

H04L 63/1433 Vulnerability analysis

Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others