Assured Information Security (AIS) is pleased to announce that the U.S. Patent and Trademark Office has issued the company two new patents in October 2024, expanding AIS’s intellectual property (IP) and raising its portfolio to 24 issued patents with multiple currently pending.

“Expanding our patent portfolio is central to our mission of advancing cybersecurity solutions that can adapt to evolving threats,” said Michael Sieffert, Chief Engineer at AIS. “These new patents introduce breakthrough methods in malware prevention and data modeling. One patent enhances proactive malware defense by tracking process behavior, selectively presenting ‘canary files’ to suspicious processes and terminating them based on a malice scoring system. The second patent focuses on a novel approach to data modeling, enabling more precise feature selection through an iterative process that optimizes resource allocation. Together, these patents exemplify AIS’s commitment to building technologies that address complex cybersecurity challenges with efficiency and precision.”

Patent Details:

U.S. Patent Number: 12,124,568: PREVENTION AND REMEDIATION OF MALWARE BASED ON SELECTIVE PRESENTATION OF FILES TO PROCESSES
Malware prevention and remediation is provided by monitoring actions performed by processes and maintaining indications of which processes are trusted; selectively presenting canary files to these processes, which includes presenting the canary files to processes not indicated as being trusted and hiding the canary files from processes indicated as being trusted, and where the monitoring includes monitoring for access of canary files with change privileges; scoring each of the processes based on the actions performed, including any access of canary files with change privileges, which scoring produces a malice score for each process; and automatically terminating any process for which its malice score indicates at least a threshold level of malice in the execution of the process.

Invention is credited to AIS employees Sean LaPlante and Patrick McHarris.

Patent Details:

U.S. Patent Number: 12,131,230: FEATURE EQUIVALENCE AND DOCUMENT ABNORMALITY THRESHOLD DETERMINATION
A method includes, as part of establishing a feature merging threshold (α) for determining equivalence between two features, selecting a set of candidate α values, partitioning training data into a plurality of groups, establishing a model Wα for each α value of the set of candidate α values, iteratively performing: selecting a next group of training data of the plurality of groups of training data; adding the selected next group of training data to a training set; and for each α value in the set of candidate α values: training the Wα for the α value using the training set, and evaluating a size of Wα, the size comprising a number of features included in the model, and choosing the feature merging threshold α based on the iteratively performing.

Invention is credited to former AIS employees Daniel Scofield and Craig Miles.

To view the complete list of AIS patents, click here.

U.S. Acting Secretary of Labor Julie A. Su recognized Assured Information Security (AIS) as one of the 839 recipients of the 2024 HIRE Vets Medallion Award during a virtual award ceremony presented by U.S. Department of Labor.

AIS earned the gold award after applying earlier this year. The Honoring Investments in Recruiting and Employing American Military Veterans Act (HIRE Vets Act) Medallion Program is the only federal award program that recognizes employers who successfully recruit, hire and retain veterans.

AIS joins 838 other companies from 49 states, plus the District of Columbia, who have shown a commitment to hiring veterans, but also ensuring that they have a long-term career and growth plan that uses the diverse skills they acquired through their military service.

The UAS Hack, a hands-on event dedicated to exploring the intersection of cybersecurity and drone technology was held from August 19 to 23, 2024, at the ORION NTROPEE hangar and concluded with resounding success.

This weeklong challenge brought together 15 talented university-aged participants to tackle real-world cybersecurity challenges in the realm of unmanned aerial systems (UAS) and provided a unique platform for these emerging tech enthusiasts to learn, demonstrate their skills and push the boundaries of innovation.

“UAS Hack has truly exceeded our expectations,” said Eric Thayer, Chief Engineer at AIS and UAS Hack instructor. “The 15 students demonstrated remarkable ingenuity and technical expertise, tackling complex UAS cybersecurity challenges head-on. Their ability to produce innovative solutions showcases the promising future of our industry. We are already looking forward to planning next year’s challenge.”

The event provided a unique opportunity for participants to immerse themselves in the practical application of cybersecurity principles within the rapidly evolving UAS landscape. By leveraging ORION’s hangar space and New York’s 50-mile UAS corridor as well as expert mentors and instructors, UAS Hack offered participants a collaborative and challenging environment to learn, innovate and develop crucial technical skills.

“UAS Hack was an incredible learning opportunity,” said Zack Kornreich, UAS Hack participant and current master’s student at Binghamton University. “The hands-on experience with UAS cybersecurity gave me practical skills that will undoubtedly add value to my career. The event pushed me to think critically and creatively, and I’m excited to apply what I’ve learned in my future endeavors.”

As the industry continues to evolve, events like UAS Hack play a critical role in ensuring that emerging talent is well-equipped to meet the cybersecurity challenges of tomorrow. The collaborative efforts between the 15 students, industry experts and sponsors have laid the groundwork for continued innovation and progress in the field of UAS cybersecurity.

Stalwart is a task order that is part of the larger AWARE effort, a $150 million, Indefinite Delivery/Indefinite Quantity (IDIQ) contract focused on researching novel and innovative anti-fragility concepts and integrating proven anti-fragility tools, techniques and processes into operational and emerging cyber platforms. AWARE is focused on delivering systems characterized by greater cyber resiliency and fewer vulnerabilities throughout the development life cycle, thereby reducing risk to mission systems and ensuring mission demands are met under an array of conditions.

“Stalwart is an exciting effort because it provides AIS the opportunity to continue its anti-fragility research, but now with a focus on cyber embedded systems,” said Salvatore Paladino, Director of Cyber Operations Research and Development at AIS. “Embedded systems are those that comprise the Internet of Things (IoT) and include devices from routers, to drones, to wearable sensors. There are profound opportunities to leverage these complex, interconnected systems to achieve military objectives, improve communications and operations and better connect military and civilian systems with the physical environment to improve quality of life, automation and safety on military facilities both at home and abroad.”

Work will be performed in Rome, New York, and is expected to be completed by July 19, 2029. The Air Force Research Laboratory Information Directorate in Rome, New York, is the contracting activity.

The SBA Mentor-Protégé Program is designed to encourage large businesses to provide various forms of assistance to eligible small businesses, promoting economic growth and ensuring a more dynamic and inclusive marketplace. Through this partnership, PAS will benefit from AIS’s guidance in areas such as business development, technical knowledge and contracting.

AIS, a recognized, local leader in the field of cyber and information security, will provide PAS with mentoring that encompasses a wide range of business and technical disciplines. This collaboration is expected to improve PAS’s operational processes and open new avenues for growth and innovation.

AIS is proud to announce its role in ORION: a technology accelerator and innovation ecosystem in Rome, NY, aimed at transforming military and cyber capabilities within the Internet of Things (IoT). ORION is a collaboration between industry-leading partners including AIS, the Air Force Research Laboratory (AFRL) Information Directorate, Quanterion Solutions, Griffiss Institute, NYSTEC and Cisco.

AIS is thrilled to announce the launch of its new online store: a one-stop shop where employees, customers, family and friends can easily stock up on an array of AIS swag. The store has merchandise featuring a variety of logos including:

The first ever UAS Hack, a hands-on event dedicated to exploring the intersection of cybersecurity and drone technology, will take place from August 19 to 23, 2024, in Rome, New York.

Over the course of five days, university-aged students and industry experts will revolutionize the Unmanned Aerial Systems (UAS) landscape by fostering collaboration, creativity and critical thinking while addressing pressing cybersecurity challenges. AIS subject matter experts will be providing instruction and curriculum for this event.

“UAS Hack is designed to put students in front of industry professionals and industry-relevant platforms to give them an opportunity to grow their skills and learn more about what a security-related career would be like,” said Eric Thayer, Chief Engineer at AIS. “During the event, students will be mentored and trained on how to evaluate the security of UAS, identify potential threats and provide feedback to vendors and manufacturers.”

Assured Information Security (AIS) is pleased to announce that the U.S. Patent and Trademark Office has issued the company a new patent in 2024, expanding AIS’s intellectual property (IP) and raising its portfolio to 22 issued patents with multiple currently pending.

“Expanding our patent portfolio is pivotal in our mission to introduce groundbreaking technologies to the market,” said Scott Robidoux, Chief Operating Officer at AIS. “This patent introduces an innovative method for determining the location of radio frequency (RF) ’emitters’, including WiFi routers, wireless laptops, walkie-talkies, garage door openers and more. While this may not be a routine concern for the average individual, it poses a significant challenge for law enforcement and investigative agencies. Existing methods for locating emitters require extensive computational resources, often leading to compromises in accuracy due to impractical computing demands. This patent addresses this issue by enhancing emitter localization with optimized resource utilization, facilitating more precise results.”

Patent Details:

U.S. Patent Number: 11,899,122 : GEOLOCATING EMITTERS
Geolocating one or more emitters includes obtaining a set of lines of bearing (LOBs) indicative of location(s) of emitter(s), determining intersections of LOBs of the set and generating clusters informed by those intersections, assigning the LOBs of the set to cluster(s) based on proximity, identifying a cluster having the greatest number of assigned LOBs from the set; determining an emitter location area based on a best point estimate for the cluster, and indicating a location of an emitter as the emitter location area. Additional emitters can be located by removing from the set of LOBs those LOBs assigned to the identified cluster and repeating aforementioned aspects. Initially, the set of LOBs can be selected from a larger collection as a representative subset thereof.

Invention is credited to Jason Eric Smith.

To view the complete list of AIS patents, click here.

DARPA Researchers, Students and Industry Partners Demonstrate Micropatching to Secure Legacy Software

In November 2023, students from Colorado State University (CSU) and partners from Assured Information Security (AIS), Cummins Inc., NASA and GRIMM hosted a hackathon at Cummins, Inc., headquarters in Columbus, Indiana, where they challenged students and engineers from several different universities and industries. Participants used a new set of tools to improve the security and functionality of critical infrastructure systems and demonstrate the effectiveness of micropatching to government stakeholders and other industry professionals.

In continuation of the groundbreaking efforts propelled by the DARPA AMP program, another hackathon is taking place on March 6-8, 2024, at the ORION NTROPEE facility in Rome, New York, with researchers and engineers from AIS providing mentorship and support.

Enter the AMP tools, specifically tailored to address such scenarios by aiding developers and analysts in pinpointing root causes, implementing fixes, and ensuring the efficacy of those solutions.

“Traditionally, addressing such challenges would entail deploying reverse or low-level engineers with specialized skill sets,” said Salloum. “However, the AMP tools streamline this process, requiring less specialized knowledge upfront and empowering developers to enact changes directly within the source code. One of the pivotal contributions of AMP lies in providing assurance—a component often overlooked or deemed unattainable due to the absence of original components. In scenarios where the build-chain is lost, conventional software testing becomes unfeasible. Yet, AMP equips end-users with tools to identify binary modifications, assess their expectedness, and navigate rigorous certification processes with confidence. While the primary focus of the program is to support developer-centric operations, the benefits extend to low-level binary-space engineers, expediting their workflows. This collaborative effort has yielded a diverse array of tools catering to various stages of analysis, patching, and testing—a testament to the program’s versatility and efficacy.”

Students Take the Spotlight

The AMP Hackathons are a culmination of multiple years of research being applied by the next generation of engineers to address real security concerns in transportation and aerospace.

“Our goal was to patch a bug that caused rovers to miscalculate temperature messages it received, and we needed to ensure we did this in a minimally invasive way and while speeding up the patching process,” said Jake Jepson, Cybersecurity Graduate Research Assistant at CSU. “Reverse engineering in the software space is so broad that no tool is going to work every time. The tools developed through AMP are much more effective which is why our team was able to generate 16 patches in two days. We wanted to push the tools to the limit to not only see if we could develop a patch that worked, but could we develop a patch that works in different ways.”

On the last day, participants shared their experience in using AMP tools to rapidly generate and verify security patches and deploy them to the target systems with minimal impact. Their success demonstrates the potential for broader application of micropatching techniques across legacy software.

“The work, dedication, and innovation of students at the hackathon will have a ripple effect that will undoubtedly be felt in the broader landscape of national security and how we continue to make progress under the AMP program with DARPA,” said Eric Thayer, Chief Engineer at AIS. “Students were able to successfully leverage AMP tools to address real security concerns. This first hackathon marked a significant stride in fortifying critical infrastructure systems against cyber threats. Beyond the event, the broader implications of AMP tools represent a paradigm shift in how we deal with legacy software vulnerabilities, offering rapid and minimally invasive solutions. We’re eagerly anticipating the next hackathon at the ORION NTROPEE facility in Rome, New York.”

(Approved for Public Release, Distribution Unlimited)