US2023059025A1PendingUtilityA1

Automated security policy generation for controllers

76
Assignee: KARAMBA SECURITY LTDPriority: Apr 6, 2016Filed: Oct 18, 2022Published: Feb 23, 2023
Est. expiryApr 6, 2036(~9.7 yrs left)· nominal 20-yr term from priority
G06F 8/30H04L 9/3239H04L 9/00H04L 63/0428G06F 21/54G06F 21/125H04L 63/1408G06F 8/40H04L 2209/84H04L 63/20H04L 63/101
76
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

In one implementation, a method for automatically generating a security policy for a controller includes receiving, by a security policy generation system and from a controller development environment, code for a device controller; selecting middleware that enforces a security policy; analyzing the code for the device controller; based at least in part on the analyzing, automatically generating the security policy; and providing the selected middleware along with the generated security policy.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 - 20 . (canceled) 
     
     
         21 . A method for providing security on connected controllers, the method comprising:
 receiving, at a controller, a security policy generated based on analysis of controller code configured to execute on the controller, the analysis performed separately from the controller;   implementing the security policy on the controller; and   logging, at the controller, operation information of the controller operating according to the security policy.   
     
     
         22 . The method of  claim 21 , wherein the analysis of controller code configured to execute on the controller includes analysis of disassembled binary code. 
     
     
         23 . The method of  claim 21 , wherein implementing the security policy on the controller does not modify controller software on the controller. 
     
     
         24 . The method of  claim 23 , wherein the controller software includes an operating system or application to be run on the controller. 
     
     
         25 . The method of  claim 21 , wherein the security policy designates authorized behaviors and operations for the controller. 
     
     
         26 . The method of  claim 25 , wherein the authorized behaviors and operations are within expected behavior according to controller software on the controller. 
     
     
         27 . The method of  claim 21 , wherein logging operation information of the controller includes logging trace information about a blocked malware attempt. 
     
     
         28 . The method of  claim 27 , wherein the trace information includes at least one of malware code, an origin of the blocked malware attempt, or information identifying a code segment that provided an exploit for the blocked malware attempt. 
     
     
         29 . The method of  claim 21 , the method further comprising reporting the logged operation information to a remote system. 
     
     
         30 . The method of  claim 21 , wherein the security policy includes a whitelist of at least one of: permitted program binaries, permitted processes, permitted scripts, permitted network behavior, or permitted devices. 
     
     
         31 . The method of  claim 21 , wherein the controller is configured to implement the security policy using a security middleware layer. 
     
     
         32 . The method of  claim 21 , wherein the security policy restricts the controller to operate with specific code or a specific application defined by the security policy. 
     
     
         33 . A non-transitory computer-readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for providing security on connected controllers, comprising:
 receiving, at a controller, a security policy generated based on analysis of controller code configured to execute on the controller, the analysis performed separately from the controller;   implementing the security policy on the controller; and   logging, at the controller, operation information of the controller operating according to the security policy.   
     
     
         34 . The non-transitory computer-readable medium of  claim 33 , wherein implementing the security policy on the controller does not modify controller software on the controller. 
     
     
         35 . The non-transitory computer-readable medium of  claim 34 , wherein the controller software includes an operating system or application to be run on the controller. 
     
     
         36 . The non-transitory computer-readable medium of  claim 33 , wherein the security policy designates authorized behaviors and operations for the controller. 
     
     
         37 . The non-transitory computer-readable medium of  claim 36 , wherein the authorized behaviors and operations are within expected behavior according to controller software on the controller. 
     
     
         38 . The non-transitory computer-readable medium of  claim 33 , wherein logging operation information of the controller includes logging trace information about a blocked malware attempt. 
     
     
         39 . The non-transitory computer-readable medium of  claim 38 , wherein the trace information includes at least one of malware code, an origin of the blocked malware attempt, or information identifying a code segment that provided an exploit for the blocked malware attempt. 
     
     
         40 . The non-transitory computer-readable medium of  claim 33 , wherein the security policy includes a whitelist of at least one of: permitted program binaries, permitted processes, permitted scripts, permitted network behavior, or permitted devices.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.