US2017295188A1PendingUtilityA1

Automated security policy generation for controllers

57
Assignee: KARAMBA SECURITYPriority: Apr 6, 2016Filed: Apr 5, 2017Published: Oct 12, 2017
Est. expiryApr 6, 2036(~9.7 yrs left)· nominal 20-yr term from priority
H04L 63/20H04L 63/0428H04L 63/1408H04L 63/101G06F 8/40G06F 21/54H04L 9/00H04L 9/3239H04L 2209/84G06F 21/125G06F 8/30
57
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

In one implementation, a method for automatically generating a security policy for a controller includes receiving, by a security policy generation system and from a controller development environment, code for a device controller; selecting middleware that enforces a security policy; analyzing the code for the device controller; based at least in part on the analyzing, automatically generating the security policy; and providing the selected middleware along with the generated security policy.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method for automatically generating a security policy for a controller, the method comprising:
 receiving, by a security policy generation system and from a controller development environment, code for a device controller;   selecting middleware that enforces a security policy;   analyzing the code for the device controller;   based at least in part on the analyzing, automatically generating the security policy;   and providing the selected middleware along with the generated security policy.   
     
     
         2 . The method of  claim 1 , further comprising identifying an operating system kernel configured to execute the code for the device controller, wherein the middleware for enforcing the security policy is selected based on its compatibility with the identified operating system kernel. 
     
     
         3 . The method of  claim 1 , wherein the middleware for enforcing the security policy includes a process verification service, a watchdog service, and at least one anti-tampering agent configured to monitor the security policy and the watchdog service. 
     
     
         4 . The method of  claim 1 , wherein analyzing the code for the device controller includes static analysis. 
     
     
         5 . The method of  claim 1 , wherein the security policy is included in an encrypted, read-only file. 
     
     
         6 . The method of  claim 1 , wherein automatically generating the security policy includes generating a signature for each process of the code for the device controller, and adding the signature to a whitelist portion of the security policy. 
     
     
         7 . The method of  claim 1 , wherein automatically generating the security policy includes generating a process graph that identifies valid execution paths within the code for the device controller, and adding the process graph to the security policy. 
     
     
         8 . The method of  claim 1 , wherein automatically generating the security policy includes adding to the security policy, context information for at least one process of the code for the device controller. 
     
     
         9 . The method of  claim 1 , wherein the code for the device controller remains unmodified, and remains distinct from the security policy and the middleware that enforces the security policy. 
     
     
         10 . The method of  claim 1 , further comprising generating a secured device controller that includes the code for the device controller, the security policy, and the middleware that enforces the security policy. 
     
     
         11 . A method for automatically generating a security policy for an externally connected automotive controller, the method comprising:
 integrating, on a computer system, code for automatically generating a security policy into a build environment for controller software for the automotive controller;   accessing, by the code, a build of the controller software for the automotive controller;   automatically generating, by the code, the security policy based on analysis of the build for the controller software; and   patching, by the code, the build with a middleware security layer that is programmed to use the security policy when the controller software is executing on the automotive controller.   
     
     
         12 . A method for automatically generating a security policy for an externally connected automotive controller, the method comprising:
 integrating, on a computer system, code for automatically generating a security policy into a build environment for controller software for the automotive controller;   accessing, by the code, a build of the controller software for the automotive controller;   disassembling, by the code, the build to identify processes that are part of the controller software;   performing, by the code, static analysis on the processes to generate the security policy; and   patching, by the code, the build with a middleware security layer that is programmed to use the security policy when the controller software is executing on the automotive controller.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.