In-memory protection for controller security
Abstract
In one implementation, a method for providing security on controllers includes detecting computer-readable code running on a controller, the computer-readable code including code portions that each include instructions to be performed by the controller; identifying a current code portion of the computer-readable code; accessing an in-memory graph that models an operational flow of the computer-readable code, wherein the in-memory graph includes a plurality of nodes, each of the nodes corresponding to one of the code portions and each of the nodes having a risk value for the associated code portion that is a measure of security risk for the associated code portion; identifying the risk value for the current code portion; selecting, from a plurality of available flow control integrity (IMV) schemes, an IMV scheme based on the identified risk value; and applying, to the code portion as the code portion is running on the controller, the selected IMV scheme.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 - 18 . (canceled)
19 . A method for hardening network-accessible controllers through integrating a customized security layer, the method comprising:
identifying computer-readable code configured to be run on a particular controller, wherein the computer-readable code is configured to be stored in a memory in a plurality of code portions, each code portion comprising one or more instructions to be performed by the particular controller; identifying contextual information associated with the particular controller; identifying a specific code portion from the plurality of code portions that is configured to be run on the particular controller; selecting, from a plurality of available flow control integrity (IMV) schemes, an IMV scheme based on the identified contextual information, wherein the selected IMV scheme specifies instructions for at least one of:
function validation, or
memory address verification;
applying the selected IMV scheme to the identified specific code portion; and hardening the particular controller by enabling the specific code portion to run on the particular controller with the applied IMV scheme.
20 . The method of claim 19 , wherein the identified contextual information identifies an operating system of the particular controller.
21 . The method of claim 19 , wherein the identified contextual information identifies a processor associated with the particular controller.
22 . The method of claim 19 , wherein applying the selected IMV scheme to the identified specific code portion comprises accessing an in-memory graph that models an operational flow of the specific code portion.
23 . The method of claim 22 , wherein the in-memory graph includes elements identifying a risk level associated with the specific code portion.
24 . The method of claim 23 , wherein the risk level is based on at least one of:
a memory modification operation; a memory allocation operation; a memory jump; a function call; or a function call jump.
25 . The method of claim 23 , wherein the risk level is elevated in response to a security threat associated with the particular controller.
26 . The method of claim 19 , wherein hardening the particular controller further comprises generating one or more signatures for the specific code portion.
27 . The method of claim 19 , wherein the identified contextual information includes a security policy associated with the particular controller.
28 . The method of claim 19 , wherein the specific code portion is a first specific code portion, and the method further comprising:
identifying a second specific code portion from the plurality of code portions that is configured to be run on the particular controller; and determining that no IMV scheme should be applied to the second specific code portion.
29 . A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for hardening network-accessible controllers through integrating a customized security layer, comprising:
identifying computer-readable code configured to be run on a particular controller, wherein the computer-readable code is configured to be stored in a memory in a plurality of code portions, each code portion comprising one or more instructions to be performed by the particular controller; identifying contextual information associated with the particular controller; identifying a specific code portion from the plurality of code portions that is configured to be run on the particular controller; selecting, from a plurality of available flow control integrity (IMV) schemes, an IMV scheme based on the identified contextual information, wherein the selected IMV scheme specifies instructions for at least one of:
function validation, or
memory address verification;
applying the selected IMV scheme to the identified specific code portion; and hardening the particular controller by enabling the specific code portion to run on the particular controller with the applied IMV scheme.
30 . The computer readable medium of claim 29 , wherein applying the selected IMV scheme to the identified specific code portion comprises accessing an in-memory graph that models an operational flow of the specific code portion.
31 . The computer readable medium of claim 30 , wherein the in-memory graph includes elements identifying a risk level associated with the specific code portion.
32 . The computer readable medium of claim 29 , wherein the risk level is based on at least one of:
a memory modification operation; a memory allocation operation; a memory jump; a function call; or a function call jump.
33 . The computer readable medium of claim 29 , wherein applying the selected IMV scheme to the identified specific code portion comprises determining whether a call contained in the identified specific code portion accesses a memory address outside a predefined set of memory addresses.
34 . The computer readable medium of claim 29 , wherein enabling the specific code portion to run on the particular controller with the applied IMV scheme comprises combining binary code from the particular controller with runtime IMV code.
35 . The computer readable medium of claim 29 , wherein enabling the specific code portion to run on the particular controller with the applied IMV scheme comprises configuring the specific code portion to dynamically set at least one watchpoint of the particular controller.
36 . The computer readable medium of claim 29 , wherein applying the selected IMV scheme to the identified specific code portion comprises at least one of:
dropping a system call; modifying a system call; changing a memory address parameter; logging a system call; or generating an alert.
37 . The computer readable medium of claim 29 , wherein:
the particular controller is a first controller; and the identified contextual information includes a context from a second controller.
38 . The computer readable medium of claim 29 , wherein:
the particular controller is associated with a system; and the identified contextual information includes a physical location or an operational state of the system.Join the waitlist — get patent alerts
Track US2019197234A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.