Context-based secure controller operation and malware prevention
Abstract
In one implementation, a method for providing security on an externally connected controller includes launching, by the controller, a security layer that includes a whitelist of permitted processes on the controller, the whitelist including (i) signatures for processes that are authorized to be executed and (ii) context information identifying permitted controller contexts within which the processes are authorized to be executed; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the determined signature with a verified signature for the particular process from the whitelist; identifying, by the security layer, a current context for the controller; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the current context with one or more permitted controller contexts for the particular process from the whitelist.
Claims
exact text as granted — not AI-modified1 - 12 . (canceled)
13 . A method for providing security on a network-connected data processing controller, the method comprising:
launching, by the network-connected data processing controller, a kernel-level security layer that includes a whitelist of permitted processes on the network-connected data processing controller, the whitelist being part of a custom security policy for the network-connected data processing controller and including signatures for processes that are verified; identifying, at the kernel-level security layer, a request to run a particular process; determining, by the kernel-level security layer, a signature for the particular process; determining, by the kernel-level security layer, whether the particular process is permitted to be run on the network-connected data processing controller based on a comparison of the determined signature with a verified signature for the particular process from the whitelist; blocking, by the kernel-level security layer, the particular process from running on the network-connected data processing controller based on determining that the determined signature does not match the verified signature for the process; and making available, from the network-connected data processing controller to an external computer resource, information that identifies the particular process as being blocked.
14 . The method of claim 13 , further comprising logging the information that identifies the particular process as being blocked.
15 . The method of claim 13 , wherein the whitelist is generated based on static analysis of the permitted processes or an operating system for the network-connected data processing controller.
16 . The method of claim 13 , wherein the whitelist includes at least one of: a permitted program binary, process, script, network behavior, device, or function.
17 . The method of claim 13 , wherein the information that identifies the particular process as being blocked comprises at least one of: a malware source, a malware path, or a context of the network-connected data processing controller.
18 . The method of claim 13 , wherein the identified request comprises at least one of: a request to load a software library, a request to execute a script file, a request to use an operating system resource, or a request to run a process execution procedure.
19 . The method of claim 13 , wherein the information that identifies the particular process as being blocked is first information, and the method further comprises combining the first information with separate, second information to create aggregate information.
20 . The method of claim 19 , wherein the aggregate information is made available for display at a user device.
21 . The method of claim 13 , wherein the custom security policy is based on a current version of software configured to run on the network-connected data processing controller.
22 . The method of claim 13 , wherein the whitelist includes one or more permitted contexts of the network-connected data processing controller.
23 . A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for providing security on a network-connected data processing controller, comprising:
launching, by the network-connected data processing controller, a kernel-level security layer that includes a whitelist of permitted processes on the network-connected data processing controller, the whitelist being part of a custom security policy for the network-connected data processing controller and including signatures for processes that are verified; identifying, at the kernel-level security layer, a request to run a particular process; determining, by the kernel-level security layer, a signature for the particular process; determining, by the kernel-level security layer, whether the particular process is permitted to be run on the network-connected data processing controller based on a comparison of the determined signature with a verified signature for the particular process from the whitelist; blocking, by the kernel-level security layer, the particular process from running on the network-connected data processing controller based on determining that the determined signature does not match the verified signature for the process; and making available, from the network-connected data processing controller to an external computer resource, information that identifies the particular process as being blocked.
24 . The non-transitory computer readable medium of claim 23 , wherein making available the information that identifies the particular process as being blocked occurs when the network-connected data processing controller reaches a pre-determined level of processing capacity or bandwidth.
25 . The non-transitory computer readable medium of claim 23 , wherein the whitelist includes permitted contexts of the network-connected data processing controller.
26 . The non-transitory computer readable medium of claim 25 , wherein:
the network-connected data processing controller is a first network-connected data processing controller; and the permitted contexts include a use or status of a second network-connected data processing controller.
27 . The non-transitory computer readable medium of claim 25 , wherein the permitted contexts include an operational state of the network-connected data processing controller.
28 . The non-transitory computer readable medium of claim 23 , the operations further comprising logging the information that identifies the particular process as being blocked.
29 . The non-transitory computer readable medium of claim 23 , wherein the whitelist is generated based on static analysis of the permitted processes or an operating system for the network-connected data processing controller.
30 . The non-transitory computer readable medium of claim 23 , wherein the whitelist includes at least one of: a permitted program binary, process, script, network behavior, device, or function.
31 . The non-transitory computer readable medium of claim 23 , wherein the information that identifies the particular process as being blocked comprises at least one of: a malware source, a malware path, or a context of the network-connected data processing controller.
32 . The non-transitory computer readable medium of claim 23 , wherein the identified request comprises at least one of: a request to load a software library, a request to execute a script file, a request to use an operating system resource, or a request to run a process execution procedure.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.