公开(公告)号：US09081911B2

公开(公告)日：2015-07-14

申请号：US14339390

申请日：2014-07-23

Applicant: Architecture Technology Corporation

Inventor： Judson Powers ,  Matthew P. Donovan

IPC: G06F21/57 ,  G06F13/40 ,  G06F13/42 ,  G06F9/455 ,  G06F21/85

CPC classification number: G06F13/4072 ,  G06F9/45558 ,  G06F13/42 ,  G06F13/4252 ,  G06F21/57 ,  G06F21/85 ,  G06F2009/45579

Abstract: In an example, an apparatus includes a memory storing a hypervisor, where the hypervisor is configured to determine whether one or more universal serial bus (USB) devices in communication with the hypervisor are authorized to communicate with a guest operating system of the hypervisor and, after determining that the one or more USB devices are authorized to communicate with the guest, virtualize the one or more USB devices at the guest operating system and transfer messages between the one or more USB devices and the virtualized USB device.

Abstract translation: 在一个示例中，设备包括存储管理程序的存储器，其中管理程序被配置为确定与管理程序通信的一个或多个通用串行总线（USB）设备是否被授权与管理程序的客户操作系统通信， 在确定一个或多个USB设备被授权与访客通信之后，虚拟化客户操作系统处的一个或多个USB设备，并在一个或多个USB设备与虚拟化USB设备之间传送消息。

公开(公告)号：US20140337558A1

公开(公告)日：2014-11-13

申请号：US14339390

申请日：2014-07-23

Applicant: ARCHITECTURE TECHNOLOGY CORPORATION

Inventor： Judson Powers ,  Matthew P. Donovan

IPC: G06F13/40 ,  G06F9/455 ,  G06F13/42

CPC classification number: G06F13/4072 ,  G06F9/45558 ,  G06F13/42 ,  G06F13/4252 ,  G06F21/57 ,  G06F21/85 ,  G06F2009/45579

Abstract: In an example, an apparatus includes a memory storing a hypervisor, where the hypervisor is configured to determine whether one or more universal serial bus (USB) devices in communication with the hypervisor are authorized to communicate with a guest operating system of the hypervisor and, after determining that the one or more USB devices are authorized to communicate with the guest, virtualize the one or more USB devices at the guest operating system and transfer messages between the one or more USB devices and the virtualized USB device.

Abstract translation: 在一个示例中，设备包括存储管理程序的存储器，其中管理程序被配置为确定与管理程序通信的一个或多个通用串行总线（USB）设备是否被授权与管理程序的客户操作系统通信， 在确定一个或多个USB设备被授权与访客通信之后，虚拟化客户操作系统处的一个或多个USB设备，并在一个或多个USB设备与虚拟化USB设备之间传送消息。

公开(公告)号：US11057438B1

公开(公告)日：2021-07-06

申请号：US15999568

申请日：2018-08-20

Applicant: Architecture Technology Corporation

Inventor： Derek P. Bronner ,  Robert A. Joyce ,  Matthew P. Donovan ,  Julia A. Baker

IPC: H04L29/06

Abstract: This disclosure provides example techniques to invoke one or more tools, with an investigative tool. The investigative tool provides a common framework that allows investigators to invoke their own trusted tools or third-party generated tools. The investigative tool described herein seamlessly and transparently invokes the tools in accordance with an investigative profile created by the investigator.

公开(公告)号：US10909244B1

公开(公告)日：2021-02-02

申请号：US16502629

申请日：2019-07-03

Applicant: Architecture Technology Corporation

Inventor： Matthew P. Donovan ,  Robert A. Joyce ,  Judson Powers ,  Dahyun Hollister

IPC: G06F21/56 ,  G06F21/55

Abstract: An example method includes storing a scenario event list that defines one or more events associated with a training exercise, and configuring, based on the events defined in the scenario event list, one or more software agents to emulate one or more cyber-attacks against a host computing system during the training exercise, which includes configuring the software agents to save a state of one or more resources of the host computing system prior to emulating the cyber-attacks and to restore the state of the resources upon conclusion of the cyber-attacks. The example method further includes deploying the software agents for execution on the host computing system during the training exercise to emulate the cyber-attacks against the host computing system using one or more operational networks.

公开(公告)号：US10346612B1

公开(公告)日：2019-07-09

申请号：US15627293

申请日：2017-06-19

Applicant: Architecture Technology Corporation

Inventor： Matthew P. Donovan ,  Robert A. Joyce ,  Judson Powers ,  Dahyun Hollister

IPC: G06F21/55 ,  G06F21/56

Abstract: An example method includes storing a scenario event list that defines one or more events associated with a training exercise, and configuring, based on the events defined in the scenario event list, one or more software agents to emulate one or more cyber-attacks against a host computing system during the training exercise, which includes configuring the software agents to save a state of one or more resources of the host computing system prior to emulating the cyber-attacks and to restore the state of the resources upon conclusion of the cyber-attacks. The example method further includes deploying the software agents for execution on the host computing system during the training exercise to emulate the cyber-attacks against the host computing system using one or more operational networks.

公开(公告)号：US10083624B2

公开(公告)日：2018-09-25

申请号：US14811403

申请日：2015-07-28

Applicant: Architecture Technology Corporation

Inventor： Stephen K. Brueckner ,  Matthew P. Donovan

IPC: G09B19/00 ,  G09B5/02

CPC classification number: G09B19/0053 ,  G09B5/02

Abstract: An example method includes outputting a graphical dashboard that includes one or more learning objective nodes and one or more skill nodes, selecting one or more software agents that are associated with the one or more skill nodes, providing, to at least one host computing system, an indication of the one or more software agents that are configured to collect parameter data from the at least one host computing system while a trainee performs actions, receiving the parameter data collected by the one or more software agents during execution, determining, based on the parameter data, that the one or more skills represented by the one or more skill nodes have been demonstrated by the trainee, and updating the one or more skill nodes to graphically indicate that one or more represented skills have been demonstrated.

公开(公告)号：US20170032695A1

公开(公告)日：2017-02-02

申请号：US15199279

申请日：2016-06-30

Applicant: Architecture Technology Corporation

Inventor： Stephen K. Brueckner ,  Frank N. Adelstein ,  Haim Yehuda Bar ,  Matthew P. Donovan

IPC: G09B19/00

CPC classification number: G09B19/0053 ,  G09B5/00 ,  G09B7/00 ,  G09B9/00 ,  G09B19/003 ,  H04L63/029 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/1475

Abstract: This disclosure generally relates to automated execution and evaluation of computer network training exercises, such as in a virtual machine environment. An example environment includes a control and monitoring system, an attack system, and a target system. The control and monitoring system initiates a training scenario to cause the attack system to engage in an attack against the target system. The target system then performs an action in response to the attack. Monitor information associated with the attack against the target system is collected by continuously monitoring the training scenario. The attack system is then capable of sending dynamic response data to the target system, wherein the dynamic response data is generated according to the collected monitor information to adapt the training scenario to the action performed by the target system. The control and monitoring system then generates an automated evaluation based upon the collected monitor information.

Abstract translation: 本公开通常涉及计算机网络训练练习的自动执行和评估，例如在虚拟机环境中。 示例环境包括控制和监视系统，攻击系统和目标系统。 控制和监控系统启动训练场景，使攻击系统对目标系统发动攻击。 目标系统然后执行响应攻击的动作。 通过持续监控训练场景来收集与目标系统的攻击相关的信息。 攻击系统然后能够向目标系统发送动态响应数据，其中根据所收集的监视信息生成动态响应数据，以使训练场景适应于由目标系统执行的动作。 然后，控制和监视系统基于收集的监视信息生成自动评估。

公开(公告)号：US09384677B2

公开(公告)日：2016-07-05

申请号：US14683923

申请日：2015-04-10

Applicant: Architecture Technology Corporation

Inventor： Stephen K. Brueckner ,  Frank N. Adelstein ,  Haim Yehuda Bar ,  Matthew P. Donovan

IPC: G09B19/00 ,  G09B5/00 ,  G09B7/00 ,  G09B9/00

CPC classification number: G09B19/0053 ,  G09B5/00 ,  G09B7/00 ,  G09B9/00 ,  G09B19/003 ,  H04L63/029 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/1475

Abstract: This disclosure generally relates to automated execution and evaluation of computer network training exercises, such as in a virtual machine environment. An example environment includes a control and monitoring system, an attack system, and a target system. The control and monitoring system initiates a training scenario to cause the attack system to engage in an attack against the target system. The target system then performs an action in response to the attack. Monitor information associated with the attack against the target system is collected by continuously monitoring the training scenario. The attack system is then capable of sending dynamic response data to the target system, wherein the dynamic response data is generated according to the collected monitor information to adapt the training scenario to the action performed by the target system. The control and monitoring system then generates an automated evaluation based upon the collected monitor information.