Abstract: A runtime monitoring system for a trusted computing environment is disclosed. In embodiments, the environment includes a trusted processor driven by a primary oscillator and a remote processing component driven by an auxiliary oscillator. A trusted reference hashing module hashes operating codes sent by the trusted processor for execution by the remote processing component; the received operating codes are also hashed by a trusted remote hashing module monitoring the remote processing component. A correlation module matches the remote and reference hashes and advances or delays the auxiliary oscillator to loop-lock the remote processing component to the trusted processor. The trusted processor periodically seeds the operating codes with a unique challenge having a unique hash response.

Abstract: A system can include one or more processors and computer-readable instructions that when executed by the one or more processors, cause the one or more processors to provide a first test signal to an electronic device, monitor at least one parameter of the electronic device during a time period subsequent to the test signal being provided to the electronic device, determine, based on the at least one parameter, a detected response of the electronic device to the first test signal, determine, using a response model, an expected response of the electronic device to the first test signal, and provide a second test signal based on the detected response and the expected response to the electronic device. The system can include a communications circuit that provides the test signal and receives at least some feedback indicating the parameters, and sensors that receive at least some feedback indicating the parameters.

Abstract: Systems and related methods for independent dissimilar cybersecurity monitoring of avionics and other critical control systems (CCS) incorporate security monitors with dissimilar processors to the CCS. The security monitors learn, using AI techniques, to emulate one or more target CCS by learning to predict, or generate, equivalent outputs or equivalent behaviors based on the same control inputs. The security monitors may monitor the CCS, or its individual internal and external subsystems, for cybersecurity faults by observing the control behaviors or outputs of the CCS for a given control input or comparing the control behaviors or outputs to expected normal behaviors and outputs previously learned by the security monitor. Deviance, or lack of equivalence, of observed control behaviors or outputs to the expected normal behaviors or outputs may indicate a cyberintrusion fault of the CCS or of a particular subsystem.

Abstract: A system for confirming a computing environment includes a remote computing device connected by a communication network to a computing device. The remote computing device generates a nonce, or number used once, and executes an attestation function to determine an attestation measurement value based on the contents of the memory of the remote computing device. The nonce is transmitted by the network to the computing device, which uses the nonce to execute the attestation function based on the contents of the memory of the computing device and determine an attestation measurement value. This attestation measurement value is transmitted to the remote computing device. If the attestation measurement values match, the computing device is designated as trusted. If the attestation measurement values mismatch, the computing device is designated as untrusted.

Abstract: A computing device may include a non-transitory computer-readable medium and a processor communicatively coupled to the non-transitory computer-readable medium. The processor may be configured to receive, from a vetronics computing device including a processor, data associated with messages received by the vetronics computing device, the messages having been determined to include aberrant data. Based at least on the received data, the processor may be configured to determine an occurrence of a cyber security threat. The processor may be configured to output cyber security threat data associated with the determined occurrence of the cyber security threat.

Abstract: The present disclosure is directed to a system and method for remotely initializing at least one device in communication with a local host device utilizing an asymmetric cryptographic authorization scheme. According to various embodiments, at least one remote device sends an authorization request including a random value to the local host device. The local host device returns an approval response to the remote device, where the approval response includes the random value encoded utilizing a private key. The remote device is then initialized (e.g. powered on or placed in an active state) upon verification of the encoded random value utilizing a public key that is paired with the private key.

Abstract: A method for providing dynamic security hardening of selected aircraft functions includes: a) monitoring sequences of real-time security events for at least one aircraft function; b) accessing a database storing a plurality of sequences of attack events indicative of an attack of the at least one aircraft function; c) probabilistically inferring, by at least one processor, the location and progression of an attack represented within the database by utilizing the sequences of real-time security events; and d) activating at least one countermeasure in response to an inferred location and progression of an attack.