US2017295188A1PendingUtilityA1
Automated security policy generation for controllers
Est. expiryApr 6, 2036(~9.7 yrs left)· nominal 20-yr term from priority
H04L 63/20H04L 63/0428H04L 63/1408H04L 63/101G06F 8/40G06F 21/54H04L 9/00H04L 9/3239H04L 2209/84G06F 21/125G06F 8/30
57
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
In one implementation, a method for automatically generating a security policy for a controller includes receiving, by a security policy generation system and from a controller development environment, code for a device controller; selecting middleware that enforces a security policy; analyzing the code for the device controller; based at least in part on the analyzing, automatically generating the security policy; and providing the selected middleware along with the generated security policy.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method for automatically generating a security policy for a controller, the method comprising:
receiving, by a security policy generation system and from a controller development environment, code for a device controller; selecting middleware that enforces a security policy; analyzing the code for the device controller; based at least in part on the analyzing, automatically generating the security policy; and providing the selected middleware along with the generated security policy.
2 . The method of claim 1 , further comprising identifying an operating system kernel configured to execute the code for the device controller, wherein the middleware for enforcing the security policy is selected based on its compatibility with the identified operating system kernel.
3 . The method of claim 1 , wherein the middleware for enforcing the security policy includes a process verification service, a watchdog service, and at least one anti-tampering agent configured to monitor the security policy and the watchdog service.
4 . The method of claim 1 , wherein analyzing the code for the device controller includes static analysis.
5 . The method of claim 1 , wherein the security policy is included in an encrypted, read-only file.
6 . The method of claim 1 , wherein automatically generating the security policy includes generating a signature for each process of the code for the device controller, and adding the signature to a whitelist portion of the security policy.
7 . The method of claim 1 , wherein automatically generating the security policy includes generating a process graph that identifies valid execution paths within the code for the device controller, and adding the process graph to the security policy.
8 . The method of claim 1 , wherein automatically generating the security policy includes adding to the security policy, context information for at least one process of the code for the device controller.
9 . The method of claim 1 , wherein the code for the device controller remains unmodified, and remains distinct from the security policy and the middleware that enforces the security policy.
10 . The method of claim 1 , further comprising generating a secured device controller that includes the code for the device controller, the security policy, and the middleware that enforces the security policy.
11 . A method for automatically generating a security policy for an externally connected automotive controller, the method comprising:
integrating, on a computer system, code for automatically generating a security policy into a build environment for controller software for the automotive controller; accessing, by the code, a build of the controller software for the automotive controller; automatically generating, by the code, the security policy based on analysis of the build for the controller software; and patching, by the code, the build with a middleware security layer that is programmed to use the security policy when the controller software is executing on the automotive controller.
12 . A method for automatically generating a security policy for an externally connected automotive controller, the method comprising:
integrating, on a computer system, code for automatically generating a security policy into a build environment for controller software for the automotive controller; accessing, by the code, a build of the controller software for the automotive controller; disassembling, by the code, the build to identify processes that are part of the controller software; performing, by the code, static analysis on the processes to generate the security policy; and patching, by the code, the build with a middleware security layer that is programmed to use the security policy when the controller software is executing on the automotive controller.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.