US2023059025A1PendingUtilityA1
Automated security policy generation for controllers
Est. expiryApr 6, 2036(~9.7 yrs left)· nominal 20-yr term from priority
G06F 8/30H04L 9/3239H04L 9/00H04L 63/0428G06F 21/54G06F 21/125H04L 63/1408G06F 8/40H04L 2209/84H04L 63/20H04L 63/101
76
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
In one implementation, a method for automatically generating a security policy for a controller includes receiving, by a security policy generation system and from a controller development environment, code for a device controller; selecting middleware that enforces a security policy; analyzing the code for the device controller; based at least in part on the analyzing, automatically generating the security policy; and providing the selected middleware along with the generated security policy.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 - 20 . (canceled)
21 . A method for providing security on connected controllers, the method comprising:
receiving, at a controller, a security policy generated based on analysis of controller code configured to execute on the controller, the analysis performed separately from the controller; implementing the security policy on the controller; and logging, at the controller, operation information of the controller operating according to the security policy.
22 . The method of claim 21 , wherein the analysis of controller code configured to execute on the controller includes analysis of disassembled binary code.
23 . The method of claim 21 , wherein implementing the security policy on the controller does not modify controller software on the controller.
24 . The method of claim 23 , wherein the controller software includes an operating system or application to be run on the controller.
25 . The method of claim 21 , wherein the security policy designates authorized behaviors and operations for the controller.
26 . The method of claim 25 , wherein the authorized behaviors and operations are within expected behavior according to controller software on the controller.
27 . The method of claim 21 , wherein logging operation information of the controller includes logging trace information about a blocked malware attempt.
28 . The method of claim 27 , wherein the trace information includes at least one of malware code, an origin of the blocked malware attempt, or information identifying a code segment that provided an exploit for the blocked malware attempt.
29 . The method of claim 21 , the method further comprising reporting the logged operation information to a remote system.
30 . The method of claim 21 , wherein the security policy includes a whitelist of at least one of: permitted program binaries, permitted processes, permitted scripts, permitted network behavior, or permitted devices.
31 . The method of claim 21 , wherein the controller is configured to implement the security policy using a security middleware layer.
32 . The method of claim 21 , wherein the security policy restricts the controller to operate with specific code or a specific application defined by the security policy.
33 . A non-transitory computer-readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for providing security on connected controllers, comprising:
receiving, at a controller, a security policy generated based on analysis of controller code configured to execute on the controller, the analysis performed separately from the controller; implementing the security policy on the controller; and logging, at the controller, operation information of the controller operating according to the security policy.
34 . The non-transitory computer-readable medium of claim 33 , wherein implementing the security policy on the controller does not modify controller software on the controller.
35 . The non-transitory computer-readable medium of claim 34 , wherein the controller software includes an operating system or application to be run on the controller.
36 . The non-transitory computer-readable medium of claim 33 , wherein the security policy designates authorized behaviors and operations for the controller.
37 . The non-transitory computer-readable medium of claim 36 , wherein the authorized behaviors and operations are within expected behavior according to controller software on the controller.
38 . The non-transitory computer-readable medium of claim 33 , wherein logging operation information of the controller includes logging trace information about a blocked malware attempt.
39 . The non-transitory computer-readable medium of claim 38 , wherein the trace information includes at least one of malware code, an origin of the blocked malware attempt, or information identifying a code segment that provided an exploit for the blocked malware attempt.
40 . The non-transitory computer-readable medium of claim 33 , wherein the security policy includes a whitelist of at least one of: permitted program binaries, permitted processes, permitted scripts, permitted network behavior, or permitted devices.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.