公开(公告)号：US11233707B2

公开(公告)日：2022-01-25

申请号：US16832039

申请日：2020-03-27

Applicant: Raytheon BBN Technologies Corp.

Inventor： Michael Hassan Atighetchi ,  Stephane Yannick Blais ,  Samuel Cunningham Nelson

IPC: H04L12/24 ,  H04L29/06 ,  G06F16/907 ,  H04L29/08

Abstract: Techniques for metadata-based information provenance are disclosed. A node in a data provisioning layer receives encrypted payload data to be delivered to a recipient. The node generates provenance metadata that describes at least one action taken by the node with respect to the encrypted payload data. The node transmits the encrypted payload data and the provenance metadata via the data provisioning layer toward the recipient.

公开(公告)号：US20210306227A1

公开(公告)日：2021-09-30

申请号：US16832039

申请日：2020-03-27

Applicant: Raytheon BBN Technologies Corp.

Inventor： Michael Hassan Atighetchi ,  Stephane Yannick Blais ,  Samuel Cunningham Nelson

IPC: H04L12/24 ,  H04L29/06 ,  H04L29/08 ,  G06F16/907

Abstract: Techniques for metadata-based information provenance are disclosed. A node in a data provisioning layer receives encrypted payload data to be delivered to a recipient. The node generates provenance metadata that describes at least one action taken by the node with respect to the encrypted payload data. The node transmits the encrypted payload data and the provenance metadata via the data provisioning layer toward the recipient.

公开(公告)号：US20210281581A1

公开(公告)日：2021-09-09

申请号：US16809041

申请日：2020-03-04

Applicant: Raytheon BBN Technologies Corp.

Inventor： Michael Hassan Atighetchi ,  Joud Khoury

IPC: H04L29/06

Abstract: Techniques for cross-domain routing using a fractionated cross-domain solution (F-CDS) are disclosed. A first intermediate node operating in a first physical device in an assured pipeline of the F-CDS receives a data item originating at a source node in a first security domain. The first intermediate node applies a first data filter to determine that the data item complies with a data security requirement of the F-CDS. The first intermediate node transmits the data item to a second intermediate node operating in a second physical device in the assured pipeline of the F-CDS. The second intermediate node applies a second data filter to redundantly determine that first data item complies with the data security requirement of the F-CDS. The second intermediate node transmits the data item to a recipient node in a second security domain via the assured pipeline.

公开(公告)号：US20210281412A1

公开(公告)日：2021-09-09

申请号：US17172825

申请日：2021-02-10

Applicant: Raytheon BBN Technologies Corp.

Inventor： Joud Khoury ,  Michael Hassan Atighetchi ,  Zachary Ratliff

IPC: H04L9/32

Abstract: Techniques for verifiable computation for cross-domain information sharing are disclosed. An untrusted node in a distributed cross-domain solution (CDS) system is configured to: receive a first data item and a first cryptographic proof associated with the first data item; perform a computation on the first data item including one or more of filtering, sanitizing, or validating the first data item, to obtain a second data item; generate, using a proof-carrying data (PCD) computation, a second cryptographic proof that indicates (a) validity of the first cryptographic proof and (b) integrity of the first computation on the first data item; and transmits the second data item and the second cryptographic proof to a recipient node in the distributed CDS system. Alternatively or additionally, the untrusted node may be configured to transmit a cryptographic proof to a trusted aggregator in the CDS system.

公开(公告)号：US20240406189A1

公开(公告)日：2024-12-05

申请号：US18519238

申请日：2023-11-27

Applicant: Raytheon BBN Technologies Corp.

Inventor： William Timothy Strayer ,  Brandon Doherty Kalashian ,  Michael Hassan Atighetchi ,  Stephane Yannick Blais ,  Samuel Cunningham Nelson

IPC: H04L9/40

Abstract: Techniques for enforcing trust policies for payload data transmitted through a data provisioning layer include: receiving, by a node in the data provisioning layer, payload data to be delivered to a recipient; obtaining, by the node, a trust policy indicating multiple attributes used to determine trustworthiness of payloads; determining, by the node, a set of values of the attributes associated with the payload data; generating, by the node, a trustworthiness opinion based at least on the trust policy and the set of values of the attributes; transmitting, by the node, the payload data and the trustworthiness opinion via the data provisioning layer toward the recipient; computing, by the recipient, a trustworthiness metric associated with the payload data based at least on the trustworthiness opinion; and determining, by the recipient, an action to take with respect to the payload data based at least on the trustworthiness metric.

公开(公告)号：US12079671B2

公开(公告)日：2024-09-03

申请号：US17822628

申请日：2022-08-26

Applicant: Raytheon BBN Technologies Corp.

Inventor： Stéphane Yannick Blais ,  Michael Hassan Atighetchi ,  Samuel Cunningham Nelson ,  Christopher Lawrence Willig

IPC: G06F9/54

CPC classification number: G06F9/546

Abstract: Techniques are described herein for a messaging system to allow publishers that are aware of the identities of their respective subscribers to target content at those subscribers directly. This may be accomplished by allowing users and other targets (e.g., groups) to register their identities at particular computing nodes of a system. Then publishers (e.g., applications) may send out messages targeted at particular identities, and a publishing system may forward messages to appropriate nodes based on which identities are registered at those nodes. Legacy applications that are not able to target particular identities may instead connect to application adapters that are configured to learn which identities should be targeted by each application. In addition, anonymized identities may be used for application messages that need to cross between domains having differing security levels.

公开(公告)号：US11831669B2

公开(公告)日：2023-11-28

申请号：US16692749

申请日：2019-11-22

Applicant: Raytheon BBN Technologies Corp.

Inventor： Michael Hassan Atighetchi ,  Stephane Yannick Blais ,  Katarzyna Lucja Olejnik

IPC: H04L29/06 ,  H04L9/40

CPC classification number: H04L63/1433 ,  H04L63/20

Abstract: Techniques for evaluating cyber assets are disclosed. A system obtains, from data sources in an experimental environment, raw data generated in response to execution of a cyber asset. The system generates, from the raw data, at least one instance model corresponding to the data sources. The at least one instance model includes instances of concepts represented in a cyber impact ontology.

公开(公告)号：US11831657B2

公开(公告)日：2023-11-28

申请号：US17548068

申请日：2021-12-10

Applicant: Raytheon BBN Technologies Corp.

Inventor： William Timothy Strayer ,  Brandon Doherty Kalashian ,  Michael Hassan Atighetchi ,  Stephane Yannick Blais ,  Samuel Cunningham Nelson

IPC: H04L29/06 ,  H04L9/40

CPC classification number: H04L63/126 ,  H04L63/123 ,  H04L63/1408

Abstract: Techniques for enforcing trust policies for payload data transmitted through a data provisioning layer include: receiving, by a node in the data provisioning layer, payload data to be delivered to a recipient; obtaining, by the node, a trust policy indicating multiple attributes used to determine trustworthiness of payloads; determining, by the node, a set of values of the attributes associated with the payload data; generating, by the node, a trustworthiness opinion based at least on the trust policy and the set of values of the attributes; transmitting, by the node, the payload data and the trustworthiness opinion via the data provisioning layer toward the recipient; computing, by the recipient, a trustworthiness metric associated with the payload data based at least on the trustworthiness opinion; and determining, by the recipient, an action to take with respect to the payload data based at least on the trustworthiness metric.

公开(公告)号：US20230376609A1

公开(公告)日：2023-11-23

申请号：US18132783

申请日：2023-04-10

Applicant: Raytheon BBN Technologies Corp.

Inventor： Michael Hassan Atighetchi ,  Borislava Ivanova Simidchieva

IPC: G06F21/57 ,  G06F8/10

CPC classification number: G06F21/577 ,  G06F8/10 ,  G06F2221/034

Abstract: Techniques for automated system requirements analysis are disclosed. A system requirements analysis (SRA) service generates a system model that includes system requirements, at least by performing natural-language processing on a natural-language representation of the system requirements. Based at least on the system model, the SRA service performs an analysis of the system requirements against codified system requirements rules. The SRA service determines, based at least on the analysis of the system requirements against the codified system requirements rules, that the system requirements include a violation of a system requirements rule. The SRA service generates a report that identifies at least (a) the violation of the system requirements rule and (b) a suggested action to remediate the violation of the system requirements rule.

公开(公告)号：US20230261873A1

公开(公告)日：2023-08-17

申请号：US18138399

申请日：2023-04-24

Applicant: Raytheon BBN Technologies Corp.

Inventor： Joud Khoury ,  Michael Hassan Atighetchi ,  Zachary Ratliff

IPC: H04L9/32

CPC classification number: H04L9/3218

Abstract: Techniques for verifiable computation for cross-domain information sharing are disclosed. An untrusted node in a distributed cross-domain solution (CDS) system is configured to: receive a first data item and a first cryptographic proof associated with the first data item; perform a computation on the first data item including one or more of filtering, sanitizing, or validating the first data item, to obtain a second data item; generate, using a proof-carrying data (PCD) computation, a second cryptographic proof that indicates (a) validity of the first cryptographic proof and (b) integrity of the first computation on the first data item; and transmits the second data item and the second cryptographic proof to a recipient node in the distributed CDS system. Alternatively or additionally, the untrusted node may be configured to transmit a cryptographic proof to a trusted aggregator in the CDS system.