Context-based secure controller operation and malware prevention
Abstract
In one implementation, a method for providing security on an externally connected controller includes launching, by the controller, a security layer that includes a whitelist of permitted processes on the controller, the whitelist including (i) signatures for processes that are authorized to be executed and (ii) context information identifying permitted controller contexts within which the processes are authorized to be executed; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the determined signature with a verified signature for the particular process from the whitelist; identifying, by the security layer, a current context for the controller; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the current context with one or more permitted controller contexts for the particular process from the whitelist.
Claims
exact text as granted — not AI-modified1 - 12 . (canceled)
13 . A method for providing security on a network-connected data processing controller, the method comprising:
identifying a request to run a particular application; determining a digital signature for the particular application; accessing a whitelist of reference digital signatures for approved applications, the whitelist associating approved application names with respective reference digital signatures; determining whether to run the particular application based on:
a first comparison of the determined digital signature with at least one reference digital signature from the whitelist; and
a second comparison of a current real-time controller operating context to a reference real-time controller operating context of the network-connected data processing controller; and
based on at least one of the first comparison or the second comparison, performing at least one of:
blocking the particular application from running on the network-connected data processing controller; or
allowing the particular application to run on the network-connected data processing controller.
14 . The method of claim 13 , further comprising determining, based on the first comparison, that the determined digital signature does not exist within the whitelist.
15 . The method of claim 13 , wherein at least one of the approved applications in the whitelist is associated with at least one of a binary file, a binary library, a script file, a configuration file, or a hardware resource.
16 . The method of claim 13 , wherein the whitelist is stored in a database.
17 . The method of claim 13 , further comprising determining, based on the second comparison, whether operations of the network-connected data processing controller are within expected parameters.
18 . The method of claim 13 , wherein the whitelist further associates the approved application names with respective contexts.
19 . The method of claim 13 , wherein the network-connected data processing controller is an electronic control unit (ECU) of a vehicle.
20 . The method of claim 13 , wherein the reference real-time controller operating context of the network-connected data processing controller comprises at least one of: a state of a device of which the network-connected data processing controller is a part or a state of a surrounding of the device.
21 . The method of claim 13 , wherein the whitelist is stored as read-only or is encrypted.
22 . The method of claim 13 , wherein:
the particular application is a binary application; the approved applications include binary applications; and the reference real-time controller operating context of the network-connected data processing controller is a context within which binary application operation is permitted.
23 . The method of claim 13 , wherein the reference real-time controller operating context of the network-connected data processing controller is defined in a security policy for the network-connected data processing controller.
24 . The method of claim 23 , wherein the security policy for the network-connected data processing controller is determined externally from the network-connected data processing controller.
25 . The method of claim 23 , wherein the security policy for the network-connected data processing controller is stored on the network-connected data processing controller after the network-connected data processing controller receives the security policy from an external system.
26 . A non-transitory computer-readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for providing security on a network-connected data processing controller, comprising:
identifying a request to run a particular application; determining a digital signature for the particular application; accessing a whitelist of reference digital signatures for approved applications, the whitelist associating approved application names with respective reference digital signatures; determining whether to run the particular application based on:
a first comparison of the determined digital signature with at least one reference digital signature from the whitelist; and
a second comparison of a current real-time controller operating context to a reference real-time controller operating context of the network-connected data processing controller; and
based on at least one of the first comparison or the second comparison, performing at least one of:
blocking the particular application from running on the network-connected data processing controller; or
allowing the particular application to run on the network-connected data processing controller.
27 . The non-transitory computer-readable medium of claim 26 , wherein at least one of the approved applications in the whitelist is associated with at least one of a binary file, a binary library, a script file, a configuration file, or a hardware resource
28 . The non-transitory computer-readable medium of claim 26 , wherein the whitelist further associates the approved application names with respective contexts.
29 . The non-transitory computer-readable medium of claim 26 , wherein the network-connected data processing controller is an electronic control unit (ECU) of a vehicle.
30 . The non-transitory computer-readable medium of claim 26 , wherein the reference real-time controller operating context of the network-connected data processing controller comprises at least one of: a state of a device of which the network-connected data processing controller is a part or a state of a surrounding of the device.
31 . The non-transitory computer-readable medium of claim 26 , wherein:
the particular application is a binary application; the approved applications include binary applications; and the reference real-time controller operating context of the network-connected data processing controller is a context within which binary application operation is permitted.
32 . The non-transitory computer-readable medium of claim 26 , wherein the reference real-time controller operating context of the network-connected data processing controller is defined in a security policy for the network-connected data processing controller.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.