Secure controller operation and malware prevention
First Claim
1. A system for providing security on an externally connected automotive electronic control unit (ECU), the system comprising:
- a processor and computer-readable memory comprising instructions that, when processed by the processor, cause the processor to perform operations comprising;
launching, by the automotive ECU, a kernel level security layer that includes a whitelist of permitted processes on the automotive ECU, the whitelist being part of a custom security policy for the automotive ECU;
receiving, at the security layer, a request to run a particular process;
determining, by the security layer, a signature for the particular process;
identifying, by the security layer, a verified signature for the process from the whitelist;
determining, by the security layer, whether the particular process is permitted to be run on the automotive ECU based on a comparison of the determined signature with the verified signature from the whitelist;
blocking, by the security layer, the particular process from running on the automotive controller automotive ECU based on the determined signature not matching the verified signature for the process;
identifying, by the security layer, a network packet to be transmitted or received as part of an identified network process on the automotive ECU;
determining, by the security layer, an IP address and a port for the network packet;
identifying, by the security layer, one or more verified IP addresses and one or more verified ports for the identified network process from a network and port whitelist; and
determining, by the security layer, whether the network packet is permitted to be transmitted or received through the particular process based on a comparison of (i) the determined IP address and port with (ii) the verified IP address and port for the identified network process from the network and port whitelist.
1 Assignment
0 Petitions
Accused Products
Abstract
In one implementation, a method for providing security on an externally connected controller includes launching, by the controller, a kernel level security layer that includes a whitelist of permitted processes on the controller, the whitelist being part of a custom security policy for the controller; receiving, at the security layer, a request to run a particular process; determining, by the security layer, a signature for the particular process; identifying, by the security layer, a verified signature for the process from the whitelist; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the determined signature with the verified signature from the whitelist; and blocking, by the security layer, the particular process from running on the automotive controller based on the determined signature not matching the verified signature for the process.
-
Citations
20 Claims
-
1. A system for providing security on an externally connected automotive electronic control unit (ECU), the system comprising:
a processor and computer-readable memory comprising instructions that, when processed by the processor, cause the processor to perform operations comprising; launching, by the automotive ECU, a kernel level security layer that includes a whitelist of permitted processes on the automotive ECU, the whitelist being part of a custom security policy for the automotive ECU; receiving, at the security layer, a request to run a particular process; determining, by the security layer, a signature for the particular process; identifying, by the security layer, a verified signature for the process from the whitelist; determining, by the security layer, whether the particular process is permitted to be run on the automotive ECU based on a comparison of the determined signature with the verified signature from the whitelist; blocking, by the security layer, the particular process from running on the automotive controller automotive ECU based on the determined signature not matching the verified signature for the process; identifying, by the security layer, a network packet to be transmitted or received as part of an identified network process on the automotive ECU; determining, by the security layer, an IP address and a port for the network packet; identifying, by the security layer, one or more verified IP addresses and one or more verified ports for the identified network process from a network and port whitelist; and determining, by the security layer, whether the network packet is permitted to be transmitted or received through the particular process based on a comparison of (i) the determined IP address and port with (ii) the verified IP address and port for the identified network process from the network and port whitelist. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
11. A method for providing security on an externally connected automotive ECU, the method comprising:
-
launching, by the automotive ECU, a kernel level security layer that includes a whitelist of permitted processes on the automotive ECU, the whitelist being part of a custom security policy for the automotive ECU, wherein the automotive ECU comprises an automotive electronic control unit (ECU); receiving, at the security layer, a request to run a particular process; determining, by the security layer, a signature for the particular process; identifying, by the security layer, a verified signature for the process from the whitelist; determining, by the security layer, whether the particular process is permitted to be run on the controller automotive ECU based on a comparison of the determined signature with the verified signature from the whitelist; blocking, by the security layer, the particular process from running on the automotive ECU based on the determined signature not matching the verified signature for the process; identifying, by the security layer, a network packet to be transmitted or received as part of an identified network process on the controller automotive ECU; determining, by the security layer, an IP address and a port for the network packet; identifying, by the security layer, one or more verified IP addresses and one or more verified ports for the identified network process from a network and port whitelist; and determining, by the security layer, whether the network packet is permitted to be transmitted or received through the particular process based on a comparison of (i) the determined IP address and port with (ii) the verified IP address and port for the identified network process from the network and port whitelist. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification