Patents by Inventor Assaf Harel
Assaf Harel has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20190205523Abstract: In one implementation, a method for providing security on an externally connected controller includes launching, by the controller, a security layer that includes a whitelist of permitted processes on the controller, the whitelist including (i) signatures for processes that are authorized to be executed and (ii) context information identifying permitted controller contexts within which the processes are authorized to be executed; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the determined signature with a verified signature for the particular process from the whitelist; identifying, by the security layer, a current context for the controller; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the current context with one or more permitted controller contexts for the particular process from the whitelist.Type: ApplicationFiled: March 6, 2019Publication date: July 4, 2019Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Publication number: 20190197234Abstract: In one implementation, a method for providing security on controllers includes detecting computer-readable code running on a controller, the computer-readable code including code portions that each include instructions to be performed by the controller; identifying a current code portion of the computer-readable code; accessing an in-memory graph that models an operational flow of the computer-readable code, wherein the in-memory graph includes a plurality of nodes, each of the nodes corresponding to one of the code portions and each of the nodes having a risk value for the associated code portion that is a measure of security risk for the associated code portion; identifying the risk value for the current code portion; selecting, from a plurality of available flow control integrity (IMV) schemes, an IMV scheme based on the identified risk value; and applying, to the code portion as the code portion is running on the controller, the selected IMV scheme.Type: ApplicationFiled: March 1, 2019Publication date: June 27, 2019Inventors: Assaf Harel, Amiram Dotan, Tal Efraim Ben David, David Barzilai
-
Publication number: 20190190925Abstract: In one implementation, a method for automatically generating a security policy for a controller includes receiving, by a security policy generation system and from a controller development environment, code for a device controller; selecting middleware that enforces a security policy; analyzing the code for the device controller; based at least in part on the analyzing, automatically generating the security policy; and providing the selected middleware along with the generated security policy.Type: ApplicationFiled: February 26, 2019Publication date: June 20, 2019Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Patent number: 10320836Abstract: In one implementation, a method for providing security on controllers includes detecting, by a given controller, an attempted security attack on the given controller; in response to detecting the attempted attack, entering a safe mode of operation for the given controller in which at least one process performed by the given controller is restricted such that the at least one process is performed only when a current context of the controller matches a permitted context that is associated with the given controller; in response to detecting the attempted attack, transmitting a safe mode alert to one or more other controllers; and for at least one of the one or more other controllers, in response to receiving the safe mode alert, entering a safe mode of operation for the other controller.Type: GrantFiled: July 16, 2018Date of Patent: June 11, 2019Assignee: KARAMBA SECURITY LTD.Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Publication number: 20190156022Abstract: In one implementation, a method for providing security on controllers includes detecting computer-readable code running on a controller, the computer-readable code including code portions that each include instructions to be performed by the controller; identifying a current code portion of the computer-readable code; accessing an in-memory graph that models an operational flow of the computer-readable code, wherein the in-memory graph includes a plurality of nodes, each of the nodes corresponding to one of the code portions and each of the nodes having a risk value for the associated code portion that is a measure of security risk for the associated code portion; identifying the risk value for the current code portion; selecting, from a plurality of available flow control integrity (IMV) schemes, an IMV scheme based on the identified risk value; and applying, to the code portion as the code portion is running on the controller, the selected IMV scheme.Type: ApplicationFiled: December 28, 2018Publication date: May 23, 2019Inventors: Assaf Harel, Amiram Dotan, Tal Efraim Ben David, David Barzilai
-
Patent number: 10275591Abstract: In one implementation, a method for providing security on an externally connected controller includes launching, by the controller, a security layer that includes a whitelist of permitted processes on the controller, the whitelist including (i) signatures for processes that are authorized to be executed and (ii) context information identifying permitted controller contexts within which the processes are authorized to be executed; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the determined signature with a verified signature for the particular process from the whitelist; identifying, by the security layer, a current context for the controller; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the current context with one or more permitted controller contexts for the particular process from the whitelist.Type: GrantFiled: June 19, 2018Date of Patent: April 30, 2019Assignee: KARAMBA SECURITY LTD.Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Patent number: 10270786Abstract: In one implementation, a method for automatically generating a security policy for a controller includes receiving, by a security policy generation system and from a controller development environment, code for a device controller; selecting middleware that enforces a security policy; analyzing the code for the device controller; based at least in part on the analyzing, automatically generating the security policy; and providing the selected middleware along with the generated security policy.Type: GrantFiled: June 19, 2018Date of Patent: April 23, 2019Assignee: KARAMBA SECURITY LTD.Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Patent number: 10243732Abstract: Technology can be used for sending and receiving messages on a CAN bus with a plurality of ECUs. The technology can include identifying a first message to send to a receiving ECU from a sending ECU; incrementing a sender-version message counter for the message type; determining to create a second session for the message type in the sending ECU; generating a second sender-version session key to be used during the second session in the sending ECU; and resetting the sender-version message counter. The technology further includes processing the first message using the second sender-version session key, including performing an operation to combine the sender-version message counter with the first message to create a combined message and encoding the combined message using the second sender-version session key to create an encoded message. The technology further includes sending the encoded message to the receiving ECU on the CAN bus.Type: GrantFiled: June 27, 2018Date of Patent: March 26, 2019Assignee: KARAMBA SECURITYInventors: Amir Herzerg, Assaf Harel, Eli Mordechai, Tal Efraim Ben David, Amiram Dotan, David Barzilai, Itay Hazon
-
Patent number: 10204219Abstract: In one implementation, a method for providing security on controllers includes detecting computer-readable code running on a controller, the computer-readable code including code portions that each include instructions to be performed by the controller; identifying a current code portion of the computer-readable code; accessing an in-memory graph that models an operational flow of the computer-readable code, wherein the in-memory graph includes a plurality of nodes, each of the nodes corresponding to one of the code portions and each of the nodes having a risk value for the associated code portion that is a measure of security risk for the associated code portion; identifying the risk value for the current code portion; selecting, from a plurality of available flow control integrity (IMV) schemes, an IMV scheme based on the identified risk value; and applying, to the code portion as the code portion is running on the controller, the selected IMV scheme.Type: GrantFiled: June 4, 2018Date of Patent: February 12, 2019Assignee: KARAMBA SECURITYInventors: Assaf Harel, Amiram Dotan, Tal Efraim Ben David, David Barzilai
-
Patent number: 10176326Abstract: In one implementation, a method for providing security on an externally connected controller includes launching, by the controller, a kernel level security layer that includes a whitelist of permitted processes on the controller, the whitelist being part of a custom security policy for the controller; receiving, at the security layer, a request to run a particular process; determining, by the security layer, a signature for the particular process; identifying, by the security layer, a verified signature for the process from the whitelist; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the determined signature with the verified signature from the whitelist; and blocking, by the security layer, the particular process from running on the automotive controller based on the determined signature not matching the verified signature for the process.Type: GrantFiled: June 19, 2018Date of Patent: January 8, 2019Assignee: KARAMBA SECURITYInventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Publication number: 20180349598Abstract: In one implementation, a method for providing security on controllers includes detecting computer-readable code running on a controller, the computer-readable code including code portions that each include instructions to be performed by the controller; identifying a current code portion of the computer-readable code; accessing an in-memory graph that models an operational flow of the computer-readable code, wherein the in-memory graph includes a plurality of nodes, each of the nodes corresponding to one of the code portions and each of the nodes having a risk value for the associated code portion that is a measure of security risk for the associated code portion; identifying the risk value for the current code portion; selecting, from a plurality of available flow control integrity (IMV) schemes, an IMV scheme based on the identified risk value; and applying, to the code portion as the code portion is running on the controller, the selected IMV scheme.Type: ApplicationFiled: June 4, 2018Publication date: December 6, 2018Inventors: Assaf Harel, Amiram Dotan, Tal Efraim Ben David, David Barzilai
-
Publication number: 20180349612Abstract: In one implementation, a method for providing security on controllers includes detecting computer-readable code running on a controller, the computer-readable code including code portions that each include instructions to be performed by the controller; identifying a current code portion of the computer-readable code; accessing an in-memory graph that models an operational flow of the computer-readable code, wherein the in-memory graph includes a plurality of nodes, each of the nodes corresponding to one of the code portions and each of the nodes having a risk value for the associated code portion that is a measure of security risk for the associated code portion; identifying the risk value for the current code portion; selecting, from a plurality of available flow control integrity (IMV) schemes, an IMV scheme based on the identified risk value; and applying, to the code portion as the code portion is running on the controller, the selected IMV scheme.Type: ApplicationFiled: June 5, 2017Publication date: December 6, 2018Inventors: Assaf Harel, Amiram Dotan, Tal Efraim Ben David, David Barzilai
-
Publication number: 20180343270Abstract: In one implementation, a method for providing security on controllers includes detecting, by a given controller, an attempted security attack on the given controller; in response to detecting the attempted attack, entering a safe mode of operation for the given controller in which at least one process performed by the given controller is restricted such that the at least one process is performed only when a current context of the controller matches a permitted context that is associated with the given controller; in response to detecting the attempted attack, transmitting a safe mode alert to one or more other controllers; and for at least one of the one or more other controllers, in response to receiving the safe mode alert, entering a safe mode of operation for the other controller.Type: ApplicationFiled: July 16, 2018Publication date: November 29, 2018Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Publication number: 20180316692Abstract: In one implementation, a method for automatically generating a security policy for a controller includes receiving, by a security policy generation system and from a controller development environment, code for a device controller; selecting middleware that enforces a security policy; analyzing the code for the device controller; based at least in part on the analyzing, automatically generating the security policy; and providing the selected middleware along with the generated security policy.Type: ApplicationFiled: June 19, 2018Publication date: November 1, 2018Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Publication number: 20180316699Abstract: In one implementation, a method for providing security on externally connected controllers includes receiving, at a reporting agent that is part of a security middleware layer operating on a controller, an indication that a process has been blocked; obtaining, by the reporting agent, trace information for the blocked process; determining, by the reporting agent, a code portion in an operating system of the controller that served as an exploit for the blocked process; obtaining, by the reporting agent, a copy of malware that was to be executed by the blocked process; generating, by the reporting agent, an alert for the blocked process that includes (i) the trace information, (ii) information identifying the code portion, and (iii) the copy of the malware; and providing, by the reporting agent, the alert to a network interface on the controller for immediate transmission to a backend computer system.Type: ApplicationFiled: June 19, 2018Publication date: November 1, 2018Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Publication number: 20180316698Abstract: In one implementation, a method for providing security on externally connected controllers includes receiving, at a server system, operation information for a plurality of instances of a controller, the plurality of instances being installed across a plurality of devices; statistically analyzing, by the server system, the operation information; identifying, by the server system, one or more anomalous controller behaviors based on the statistical analysis; and providing, by the server system, information regarding the one or more anomalous controller behaviors on the controller as potential security threats.Type: ApplicationFiled: June 19, 2018Publication date: November 1, 2018Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Publication number: 20180307840Abstract: In one implementation, a method for providing security on an externally connected controller includes launching, by the controller, a kernel level security layer that includes a whitelist of permitted processes on the controller, the whitelist being part of a custom security policy for the controller; receiving, at the security layer, a request to run a particular process; determining, by the security layer, a signature for the particular process; identifying, by the security layer, a verified signature for the process from the whitelist; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the determined signature with the verified signature from the whitelist; and blocking, by the security layer, the particular process from running on the automotive controller based on the determined signature not matching the verified signature for the process.Type: ApplicationFiled: June 19, 2018Publication date: October 25, 2018Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Publication number: 20180307826Abstract: In one implementation, a method for providing security on an externally connected controller includes launching, by the controller, a security layer that includes a whitelist of permitted processes on the controller, the whitelist including (i) signatures for processes that are authorized to be executed and (ii) context information identifying permitted controller contexts within which the processes are authorized to be executed; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the determined signature with a verified signature for the particular process from the whitelist; identifying, by the security layer, a current context for the controller; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the current context with one or more permitted controller contexts for the particular process from the whitelist.Type: ApplicationFiled: June 19, 2018Publication date: October 25, 2018Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Publication number: 20180247045Abstract: In one implementation, a method for providing security on an externally connected controller includes launching, by the controller, a security layer that includes a whitelist of permitted processes on the controller, the whitelist including (i) signatures for processes that are authorized to be executed and (ii) context information identifying permitted controller contexts within which the processes are authorized to be executed; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the determined signature with a verified signature for the particular process from the whitelist; identifying, by the security layer, a current context for the controller; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the current context with one or more permitted controller contexts for the particular process from the whitelist.Type: ApplicationFiled: September 7, 2016Publication date: August 30, 2018Inventors: Tal Efraim David, Assaf Harel, Amiram Dotan, David Barzilai
-
Patent number: 10057286Abstract: In one implementation, a method for providing security on controllers includes detecting, by a given controller, an attempted security attack on the given controller; in response to detecting the attempted attack, entering a safe mode of operation for the given controller in which at least one process performed by the given controller is restricted such that the at least one process is performed only when a current context of the controller matches a permitted context that is associated with the given controller; in response to detecting the attempted attack, transmitting a safe mode alert to one or more other controllers; and for at least one of the one or more other controllers, in response to receiving the safe mode alert, entering a safe mode of operation for the other controller.Type: GrantFiled: January 3, 2018Date of Patent: August 21, 2018Assignee: Karamba SecurityInventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai