Secure controller operation and malware prevention
First Claim
1. A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for deploying embedded runtime whitelist policies in an ECU (electronic control unit) in a vehicle, comprising:
- maintaining, as embedded software within the ECU in the vehicle, a plurality of whitelist polices for runtime functionality of the ECU;
wherein a first of the plurality of whitelist policies defines permitted runnable binaries for ECU software installed on the ECU;
wherein a second of the plurality of whitelist policies defines permitted function sequences in a memory of the ECU; and
wherein the first or second of the plurality of whitelist policies includes one or more signatures corresponding to one or more verified process calls;
invoking, by at least one of the plurality of whitelist policies, a stack inspection operation;
detecting, based on the invoking, a requested operation to be performed by the ECU as part of an identified runtime process call;
identifying a process identifier associated with the identified runtime process call;
determining a verified signature from among the one or more signatures based on the process identifier;
determining that the requested operation violates at least one of the first or second of the plurality of whitelist polices, wherein the determining is based on comparing a signature (i) associated with the identified runtime process call and (ii) based on a pointer to a location in the memory with the verified signature; and
blocking, based on the determination, the requested operation from being performed by the ECU.
1 Assignment
0 Petitions
Accused Products
Abstract
In one implementation, a method for providing security on an externally connected controller includes launching, by the controller, a kernel level security layer that includes a whitelist of permitted processes on the controller, the whitelist being part of a custom security policy for the controller; receiving, at the security layer, a request to run a particular process; determining, by the security layer, a signature for the particular process; identifying, by the security layer, a verified signature for the process from the whitelist; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the determined signature with the verified signature from the whitelist; and blocking, by the security layer, the particular process from running on the automotive controller based on the determined signature not matching the verified signature for the process.
-
Citations
18 Claims
-
1. A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for deploying embedded runtime whitelist policies in an ECU (electronic control unit) in a vehicle, comprising:
-
maintaining, as embedded software within the ECU in the vehicle, a plurality of whitelist polices for runtime functionality of the ECU; wherein a first of the plurality of whitelist policies defines permitted runnable binaries for ECU software installed on the ECU; wherein a second of the plurality of whitelist policies defines permitted function sequences in a memory of the ECU; and wherein the first or second of the plurality of whitelist policies includes one or more signatures corresponding to one or more verified process calls; invoking, by at least one of the plurality of whitelist policies, a stack inspection operation; detecting, based on the invoking, a requested operation to be performed by the ECU as part of an identified runtime process call; identifying a process identifier associated with the identified runtime process call;
determining a verified signature from among the one or more signatures based on the process identifier;determining that the requested operation violates at least one of the first or second of the plurality of whitelist polices, wherein the determining is based on comparing a signature (i) associated with the identified runtime process call and (ii) based on a pointer to a location in the memory with the verified signature; and blocking, based on the determination, the requested operation from being performed by the ECU. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-implemented method for deploying embedded runtime whitelist policies in an ECU (electronic control unit) in a vehicle, the method comprising:
-
maintaining, as embedded software within the ECU in the vehicle, a plurality of whitelist polices for runtime functionality of the ECU; wherein a first of the plurality of whitelist policies defines permitted runnable binaries for ECU software installed on the ECU; wherein a second of the plurality of whitelist policies defines permitted function sequences in a memory of the ECU; and wherein the first or second of the plurality of whitelist policies includes one or more signatures corresponding to one or more verified process calls; invoking, by at least one of the plurality of whitelist polices, a stack inspection operation; detecting, based on the invoking, a requested operation to be performed by the ECU as part of an identified runtime process call; identifying a process identifier associated with the identified runtime process call;
determining a verified signature from among the one or more signatures based on the process identifier;determining that the requested operation violates at least one of the first or second of the plurality of whitelist polices, wherein the determining is based on comparing a signature (i) associated with the identified runtime process call and (ii) based on a pointer to a location in the memory with the verified signature; and blocking, based on the determination, the requested operation from being performed by the ECU. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification