US2019340357A1PendingUtilityA1

Secure controller operation and malware prevention

65
Assignee: KARAMBA SECURITY LTDPriority: Apr 6, 2016Filed: Jul 16, 2019Published: Nov 7, 2019
Est. expiryApr 6, 2036(~9.7 yrs left)· nominal 20-yr term from priority
G06F 21/568H04L 2209/84H04L 67/12H04L 63/20G06F 21/554H04L 63/145G06F 21/566G06F 21/64H04L 63/1441H04L 63/101G06F 21/606G06F 21/577G06F 21/52H04W 12/128
65
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

In one implementation, a method for providing security on an externally connected controller includes launching, by the controller, a kernel level security layer that includes a whitelist of permitted processes on the controller, the whitelist being part of a custom security policy for the controller; receiving, at the security layer, a request to run a particular process; determining, by the security layer, a signature for the particular process; identifying, by the security layer, a verified signature for the process from the whitelist; determining, by the security layer, whether the particular process is permitted to he run on the controller based on a comparison of the determined signature with the verified signature from the whitelist; and blocking, by the security layer, the particular process from running on the automotive controller based on the determined signature not matching the verified signature for the process.

Claims

exact text as granted — not AI-modified
1 - 22 . (canceled) 
     
     
         23 . A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for customized code execution flow integrity for a controller, comprising:
 embedding, in a controller, customized and controller-specific code execution flow inspection code, the controller-specific code execution flow inspection code being configured to:
 monitor local processing activity of the controller; 
 compare code execution requests of the controller to a map of permitted code execution for the controller; 
 determine whether the code execution requests conflict with the map of permitted code execution for the controller; and 
 implement, based on the determination, control actions to prevent the code execution requests that conflict with the map of permitted code execution from being executed on the controller. 
   
     
     
         24 . The non-transitory computer readable medium of  claim 23 , wherein the map of permitted code execution for the controller defines a plurality of valid function call sequences for the controller. 
     
     
         25 . The non-transitory computer readable medium of  claim 23 , wherein the map of permitted code execution for the controller is based on a build process for the controller. 
     
     
         26 . The non-transitory computer readable medium of  claim 23 , wherein the map of permitted code execution for the controller is based on a static analysis of binaries associated with code installed on the controller. 
     
     
         27 . The non-transitory computer readable medium of  claim 23 , wherein the embedding includes integrating the controller-specific code execution flow inspection code into executable code installed on the controller. 
     
     
         28 . The non-transitory computer readable medium of  claim 23 , wherein the operations further comprise accessing signatures associated with the code execution requests. 
     
     
         29 . The non-transitory computer readable medium of  claim 28 , wherein the operations further comprise comparing the signatures with a database of approved signatures. 
     
     
         30 . The non-transitory computer readable medium of  claim 23 , wherein a hook registered with a kernel of the controller is configured to redirect processing of the controller to a process verification function. 
     
     
         31 . The non-transitory computer readable medium of  claim 30 , wherein the process verification function is configured to return processing of the controller following the process verification function. 
     
     
         32 . The non-transitory computer readable medium of  claim 30 , wherein the process verification function is configured to determine signatures associated with the code execution requests. 
     
     
         33 . A computer-implemented method for customized code execution flow integrity for a controller, the method comprising:
 embedding, in a controller, customized and controller-specific code execution flow inspection code, the controller-specific code execution flow inspection code being configured to:
 monitor local processing activity of the controller; 
 compare code execution requests of the controller to a map of permitted code execution for the controller; 
 determine whether the code execution requests conflict with the map of permitted code execution for the controller; and 
 implement, based on the determination, control actions to prevent the code execution requests that conflict with the map of permitted code execution from being executed on the controller. 
   
     
     
         34 . The computer-implemented method of  claim 33 , wherein the map of permitted code execution for the controller defines a plurality of valid function call sequences for the controller. 
     
     
         35 . The computer-implemented method of  claim 33 , wherein the map of permitted code execution for the controller is based on a build process for the controller. 
     
     
         36 . The computer-implemented method of  claim 33 , wherein the map of permitted code execution for the controller is based on a static analysis of binaries associated with code installed on the controller. 
     
     
         37 . The computer-implemented method of  claim 33 , wherein the embedding includes integrating the controller-specific code execution flow inspection code into executable code installed on the controller. 
     
     
         38 . The computer-implemented method of  claim 33 , further comprising accessing signatures associated with the code execution requests. 
     
     
         39 . The computer-implemented method of  claim 38 , further comprising comparing the signatures with a database of approved signatures. 
     
     
         40 . The computer-implemented method of  claim 33 , wherein a hook registered with a kernel of the controller is configured to redirect processing activity of the controller to a process verification function. 
     
     
         41 . The computer-implemented method of  claim 40 , wherein the process verification function is configured to return processing of the controller following the process verification function. 
     
     
         42 . The computer-implemented method of  claim 40 , wherein the process verification function is configured to determine signatures associated with the code execution requests.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.