Reporting and processing controller security information
First Claim
1. A method for providing security on externally connected electronic control units (ECUs), the method comprising:
- receiving, at a reporting agent that is part of a security middleware layer operating on an ECU, an indication that a process has been blocked;
obtaining, by the reporting agent, trace information for the blocked process;
determining, by the reporting agent, a code portion in an operating system of the ECU that served as an exploit for the blocked process;
obtaining, by the reporting agent, a copy of malware that was to be executed by the blocked process;
determining, by the reporting agent, a current context of the ECU;
generating, by the reporting agent, an alert for the blocked process that includes (i) the trace information, (ii) information identifying the code portion, (iii) the copy of the malware, and (iv) information identifying the current context of the ECU; and
providing, by the reporting agent, the alert to a network interface on the ECU for immediate transmission to a backend computer system.
1 Assignment
0 Petitions
Accused Products
Abstract
In one implementation, a method for providing security on externally connected controllers includes receiving, at a reporting agent that is part of a security middleware layer operating on a controller, an indication that a process has been blocked; obtaining, by the reporting agent, trace information for the blocked process; determining, by the reporting agent, a code portion in an operating system of the controller that served as an exploit for the blocked process; obtaining, by the reporting agent, a copy of malware that was to be executed by the blocked process; generating, by the reporting agent, an alert for the blocked process that includes (i) the trace information, (ii) information identifying the code portion, and (iii) the copy of the malware; and providing, by the reporting agent, the alert to a network interface on the controller for immediate transmission to a backend computer system.
-
Citations
18 Claims
-
1. A method for providing security on externally connected electronic control units (ECUs), the method comprising:
-
receiving, at a reporting agent that is part of a security middleware layer operating on an ECU, an indication that a process has been blocked; obtaining, by the reporting agent, trace information for the blocked process; determining, by the reporting agent, a code portion in an operating system of the ECU that served as an exploit for the blocked process; obtaining, by the reporting agent, a copy of malware that was to be executed by the blocked process; determining, by the reporting agent, a current context of the ECU; generating, by the reporting agent, an alert for the blocked process that includes (i) the trace information, (ii) information identifying the code portion, (iii) the copy of the malware, and (iv) information identifying the current context of the ECU; and providing, by the reporting agent, the alert to a network interface on the ECU for immediate transmission to a backend computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for providing security on externally connected electronic control units (ECUs), the operations comprising:
-
receiving, at a reporting agent that is part of a security middleware layer operating on an ECU, an indication that a process has been blocked; obtaining, by the reporting agent, trace information for the blocked process; determining, by the reporting agent, a code portion in an operating system of the ECU that served as an exploit for the blocked process; obtaining, by the reporting agent, a copy of malware that was to be executed by the blocked process; determining, by the reporting agent, a current context of the ECU; generating, by the reporting agent, an alert for the blocked process that includes (i) the trace information, (ii) information identifying the code portion, (iii) the copy of the malware, and (iv) information identifying the current context of the ECU; and providing, by the reporting agent, the alert to a network interface on the ECU for immediate transmission to a backend computer system. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
Specification