Patents Assigned to Karamba Security
-
Patent number: 11790074Abstract: In one implementation, a method for providing security on an externally connected controller includes launching, by the controller, a security layer that includes a whitelist of permitted processes on the controller, the whitelist including (i) signatures for processes that are authorized to be executed and (ii) context information identifying permitted controller contexts within which the processes are authorized to be executed; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the determined signature with a verified signature for the particular process from the whitelist; identifying, by the security layer, a current context for the controller; determining by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the current context with one or more permitted controller contexts for the particular process from the whitelist.Type: GrantFiled: January 23, 2023Date of Patent: October 17, 2023Assignee: Karamba Security Ltd.Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Patent number: 11637696Abstract: In one implementation, a method for providing end-to-end communication security for a controller area network (CANbus) in an automotive vehicle across which a plurality of electronic control units (ECU) communicate is described. Such an automotive vehicle can include, for example, a car or truck with multiple different ECUs that are each configured to control various aspects of the vehicle's operation, such as an infotainment system, a navigation system, various engine control systems, and/or others.Type: GrantFiled: March 8, 2022Date of Patent: April 25, 2023Assignee: KARAMBA SECURITY LTD.Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai, Eli Mordechai
-
Patent number: 11616792Abstract: In one implementation, a method for providing security on externally connected controllers includes receiving, at a reporting agent that is part of a security middleware layer operating on a controller, an indication that a process has been blocked; obtaining, by the reporting agent, trace information for the blocked process; determining by the reporting agent, a code portion in an operating system of the controller that served as an exploit for the blocked process; obtaining, by the reporting agent, a copy of malware that was to be executed by the blocked process; generating, by the reporting agent, an alert for the blocked process that includes (i) the trace information, (ii) information identifying the code portion, and (iii) the copy of the malware; and providing, by the reporting agent, the alert to a network interface on the controller for immediate transmission to a backend computer system.Type: GrantFiled: June 30, 2021Date of Patent: March 28, 2023Assignee: KARAMBA SECURITY LTD.Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Publication number: 20230059025Abstract: In one implementation, a method for automatically generating a security policy for a controller includes receiving, by a security policy generation system and from a controller development environment, code for a device controller; selecting middleware that enforces a security policy; analyzing the code for the device controller; based at least in part on the analyzing, automatically generating the security policy; and providing the selected middleware along with the generated security policy.Type: ApplicationFiled: October 18, 2022Publication date: February 23, 2023Applicant: Karamba Security Ltd.Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Patent number: 11574043Abstract: In one implementation, a method for providing security on an externally connected controller includes launching, by the controller, a security layer that includes a whitelist of permitted processes on the controller, the whitelist including (i) signatures for processes that are authorized to be executed and (ii) context information identifying permitted controller contexts within which the processes are authorized to be executed; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the determined signature with a verified signature for the particular process from the whitelist; identifying, by the security layer, a current context for the controller; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the current context with one or more permitted controller contexts for the particular process from the whitelist.Type: GrantFiled: July 13, 2021Date of Patent: February 7, 2023Assignee: Karamba Security Ltd.Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Patent number: 11509666Abstract: In one implementation, a method for automatically generating a security policy for a controller includes receiving, by a security policy generation system and from a controller development environment, code for a device controller; selecting middleware that enforces a security policy; analyzing the code for the device controller; based at least in part on the analyzing, automatically generating the security policy; and providing the selected middleware along with the generated security policy.Type: GrantFiled: October 19, 2020Date of Patent: November 22, 2022Assignee: KARAMBA SECURITY LTD.Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Patent number: 11271727Abstract: In one implementation, a method for providing end-to-end communication security for a controller area network (CANbus) in an automotive vehicle across which a plurality of electronic control units (ECU) communicate is described. Such an automotive vehicle can include, for example, a car or truck with multiple different ECUs that are each configured to control various aspects of the vehicle's operation, such as an infotainment system, a navigation system, various engine control systems, and/or others.Type: GrantFiled: July 18, 2018Date of Patent: March 8, 2022Assignee: KARAMBA SECURITY LTD.Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai, Eli Mordechai
-
Publication number: 20210360009Abstract: In one implementation, a method for providing security on externally connected controllers includes receiving, at a server system, operation information for a plurality of instances of a controller, the plurality of instances being installed across a plurality of devices; statistically analyzing, by the server system, the operation information; identifying, by the server system, one or more anomalous controller behaviors based on the statistical analysis; and providing, by the server system, information regarding the one or more anomalous controller behaviors on the controller as potential security threats.Type: ApplicationFiled: May 17, 2021Publication date: November 18, 2021Applicant: Karamba Security Ltd.Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Patent number: 11068580Abstract: In one implementation, a method for providing security on an externally connected controller includes launching, by the controller, a security layer that includes a whitelist of permitted processes on the controller, the whitelist including (i) signatures for processes that are authorized to be executed and (ii) context information identifying permitted controller contexts within which the processes are authorized to be executed; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the determined signature with a verified signature for the particular process from the whitelist; identifying, by the security layer, a current context for the controller; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the current context with one or more permitted controller contexts for the particular process from the whitelist.Type: GrantFiled: September 7, 2016Date of Patent: July 20, 2021Assignee: Karamba Security Ltd.Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Patent number: 11063964Abstract: In one implementation, a method for providing security on externally connected controllers includes receiving, at a reporting agent that is part of a security middleware layer operating on a controller, an indication that a process has been blocked; obtaining, by the reporting agent, trace information for the blocked process; determining, by the reporting agent, a code portion in an operating system of the controller that served as an exploit for the blocked process; obtaining, by the reporting agent, a copy of malware that was to be executed by the blocked process; generating, by the reporting agent, an alert for the blocked process that includes (i) the trace information, (ii) information identifying the code portion, and (iii) the copy of the malware; and providing, by the reporting agent, the alert to a network interface on the controller for immediate transmission to a backend computer system.Type: GrantFiled: July 3, 2019Date of Patent: July 13, 2021Assignee: KARAMBA SECURITY LTD.Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Patent number: 11023574Abstract: In one implementation, a method for providing security on controllers includes detecting computer-readable code running on a controller, the computer-readable code including code portions that each include instructions to be performed by the controller; identifying a current code portion of the computer-readable code; accessing an in-memory graph that models an operational flow of the computer-readable code, wherein the in-memory graph includes a plurality of nodes, each of the nodes corresponding to one of the code portions and each of the nodes having a risk value for the associated code portion that is a measure of security risk for the associated code portion; identifying the risk value for the current code portion; selecting, from a plurality of available flow control integrity (IMV) schemes, an IMV scheme based on the identified risk value; and applying, to the code portion as the code portion is running on the controller, the selected IMV scheme.Type: GrantFiled: December 28, 2018Date of Patent: June 1, 2021Assignee: Karamba Security Ltd.Inventors: Assaf Harel, Amiram Dotan, Tal Efraim Ben David, David Barzilai
-
Patent number: 11012451Abstract: In one implementation, a method for providing security on externally connected controllers includes receiving, at a server system, operation information for a plurality of instances of a controller, the plurality of instances being installed across a plurality of devices; statistically analyzing, by the server system, the operation information; identifying, by the server system, one or more anomalous controller behaviors based on the statistical analysis; and providing, by the server system, information regarding the one or more anomalous controller behaviors on the controller as potential security threats.Type: GrantFiled: June 14, 2019Date of Patent: May 18, 2021Assignee: KARAMBA SECURITY LTDInventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Publication number: 20210105288Abstract: In one implementation, a method for automatically generating a security policy for a controller includes receiving, by a security policy generation system and from a controller development environment, code for a device controller; selecting middleware that enforces a security policy; analyzing the code for the device controller; based at least in part on the analyzing, automatically generating the security policy; and providing the selected middleware along with the generated security policy.Type: ApplicationFiled: October 19, 2020Publication date: April 8, 2021Applicant: Karamba Security Ltd.Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Patent number: 10972441Abstract: In some implementations, a scheme for data communication in an automobile includes generating a cleartext message to be transmitted to a second ECU, generating a pseudo-random counter by applying a pseudorandom function to a counter value that is incremented for each cleartext message generated by the ECU; combining the cleartext message and the pseudo-random counter to create a randomized message; selecting from a plurality of available cryptography techniques, a selected cryptography technique; applying to the randomized message, the selected cryptography technique to create a ciphertext; and transmitting to the second ECU over the CAN bus, the ciphertext.Type: GrantFiled: January 24, 2019Date of Patent: April 6, 2021Assignee: KARAMBA SECURITY LTDInventors: Amir Herzberg, Assaf Harel, Eli Mordechai, Tal Efraim Ben David, Amiram Dotan, David Barzilai, Itay Khazon
-
Patent number: 10903986Abstract: Technology can be used for sending and receiving messages on a CAN bus with a plurality of ECUs. The technology can include identifying a first message to send to a receiving ECU from a sending ECU; incrementing a sender-version message counter for the message type; determining to create a second session for the message type in the sending ECU; generating a second sender-version session key to be used during the second session in the sending ECU; and resetting the sender-version message counter. The technology further includes processing the first message using the second sender-version session key, including performing an operation to combine the sender-version message counter with the first message to create a combined message and encoding the combined message using the second sender-version session key to create an encoded message. The technology further includes sending the encoded message to the receiving ECU on the CAN bus.Type: GrantFiled: January 18, 2019Date of Patent: January 26, 2021Assignee: KARAMBA SECURITY LTD.Inventors: Amir Herzberg, Assaf Harel, Eli Mordechai, Tai Efraim Ben David, Amiram Dotan, David Barzilai, Itay Khazon
-
Patent number: 10878103Abstract: In one implementation, a method for providing security on controllers includes detecting computer-readable code running on a controller, the computer-readable code including code portions that each include instructions to be performed by the controller; identifying a current code portion of the computer-readable code; accessing an in-memory graph that models an operational flow of the computer-readable code, wherein the in-memory graph includes a plurality of nodes, each of the nodes corresponding to one of the code portions and each of the nodes having a risk value for the associated code portion that is a measure of security risk for the associated code portion; identifying the risk value for the current code portion; selecting, from a plurality of available flow control integrity (IMV) schemes, an IMV scheme based on the identified risk value; and applying, to the code portion as the code portion is running on the controller, the selected IMV scheme.Type: GrantFiled: June 5, 2017Date of Patent: December 29, 2020Assignee: KARAMBA SECURITY LTD.Inventors: Assaf Harel, Amiram Dotan, Tal Efraim Ben David, David Barzilai
-
Patent number: 10819715Abstract: In one implementation, a method for automatically generating a security policy for a controller includes receiving, by a security policy generation system and from a controller development environment, code for a device controller; selecting middleware that enforces a security policy; analyzing the code for the device controller; based at least in part on the analyzing, automatically generating the security policy; and providing the selected middleware along with the generated security policy.Type: GrantFiled: February 26, 2019Date of Patent: October 27, 2020Assignee: KARAMBA SECURITY LTD.Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Patent number: 10419408Abstract: In some implementations, a scheme for data communication in an automobile includes generating a cleartext message to be transmitted to a second ECU, generating a pseudo-random counter by applying a pseudorandom function to a counter value that is incremented for each cleartext message generated by the ECU; combining the cleartext message and the pseudo-random counter to create a randomized message; selecting from a plurality of available cryptography techniques, a selected cryptography technique; applying to the randomized message, the selected cryptography technique to create a ciphertext; and transmitting to the second ECU over the CAN bus, the ciphertext.Type: GrantFiled: September 24, 2018Date of Patent: September 17, 2019Assignee: KARAMBA SECURITYInventors: Amir Herzberg, Assaf Harel, Eli Mordechai, Tal Efraim Ben David, Amiram Dotan, David Barzilai, Itay Khazon
-
Patent number: 10382460Abstract: In one implementation, a method for providing security on externally connected controllers includes receiving, at a reporting agent that is part of a security middleware layer operating on a controller, an indication that a process has been blocked; obtaining, by the reporting agent, trace information for the blocked process; determining, by the reporting agent, a code portion in an operating system of the controller that served as an exploit for the blocked process; obtaining, by the reporting agent, a copy of malware that was to be executed by the blocked process; generating, by the reporting agent, an alert for the blocked process that includes (i) the trace information, (ii) information identifying the code portion, and (iii) the copy of the malware; and providing, by the reporting agent, the alert to a network interface on the controller for immediate transmission to a backend computer system.Type: GrantFiled: June 19, 2018Date of Patent: August 13, 2019Assignee: KARAMBA SECURITY LTD.Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Patent number: 10380344Abstract: In one implementation, a method for providing security on an externally connected controller includes launching, by the controller, a kernel level security layer that includes a whitelist of permitted processes on the controller, the whitelist being part of a custom security policy for the controller; receiving, at the security layer, a request to run a particular process; determining, by the security layer, a signature for the particular process; identifying, by the security layer, a verified signature for the process from the whitelist; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the determined signature with the verified signature from the whitelist; and blocking, by the security layer, the particular process from running on the automotive controller based on the determined signature not matching the verified signature for the process.Type: GrantFiled: November 30, 2018Date of Patent: August 13, 2019Assignee: KARAMBA SECURITY LTD.Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai