Abstract: An in-vehicle communication network comprising a bus and at least one node connected to the bus; an in-vehicle network operating system (OS) that manages OS processes, to enable a processor to run the processes and execute their respective process codes; and a module hosted in the OS that is configured to monitor the OS and vet a process that the OS enables for running by a processor to determine if the process is potentially damaging.

Abstract: A system for providing security to an in-vehicle communication network, the system comprising: a data monitoring and processing hub external to the in-vehicle network, the in-vehicle network having a bus and at least one node connected to the bus; a module configured to monitor messages in communication traffic propagating in the in-vehicle network, the module comprising: at least one communication port via which the module receives and transmits messages; a memory having data characterizing messages that the at least one node transmits and receives during normal operation of the node, and software executable to: identify, responsive to the data characterizing messages, an anomaly in communications over the in-vehicle communication network; and instruct a communication interface, configured to support communication with the hub, to transmit monitoring data responsive to identifying the anomaly to the hub for processing; and a processor configured to execute the software in the memory.

Abstract: A module for providing security to an in-vehicle communication network having a bus and at least one node connected to the bus, the module including: a memory having software including a model of an expected behavior of data communications over the portion of the in-vehicle communication network; and a processor that processes, responsive to the software in the memory, a plurality of messages registered from a portion of the in-vehicle network to: determine, based on the model and a context comprising attributes of the plurality of messages, whether or not at least one of the messages complies with the model; and if the at least one message does not comply with the model, then perform at least one action on the message.

Abstract: An in-vehicle communication network comprising at least one node connected to a bus, the network comprising: at least one memory comprising software having data characterizing messages that propagate over the network during normal operation and executable instructions for processing a message based on the data to determine if the message is normal or anomalous; a module operable to: process messages received from the in-vehicle network in accordance with the executable instructions and the data to identify an anomaly in communications over the in-vehicle communication network; accumulate and store information responsive to the processing of the received messages; instruct a communication interface, configured to support communication with an entity external to the vehicle, to upload the stored information or a portion thereof to the entity external to the in-vehicle network.

Abstract: A system for providing security to a fleet of vehicles, the system comprising: a plurality of modules, each module configured to monitor messages propagating in an in-vehicle network of a vehicle comprised in the fleet; a memory having data characterizing messages, and software executable to: identify an anomaly in communications over the in-vehicle communication network; and instruct a communication interface, configured to support communication with an entity external to the vehicle, to transmit monitoring data responsive to the messages; and a processor configured to execute the software in the memory; and a data monitoring and processing hub external to the vehicles comprised in the fleet and operable to receive transmission of monitoring data from the plurality of modules.

Abstract: A module for providing security to an in-vehicle communication network having a bus and at least one node connected to the bus, the module comprising: a memory having software comprising data characterizing messages that the at least one node transmits to and/or receives via the bus; a communication port via which the module receives and transmits messages configured to be connected to a portion of the in-vehicle network; and a processor that is operable to: processes messages received via the port responsive to the software in the memory to control passage of messages through an on-board diagnostics (OBD) port between the in-vehicle network and an entity external to the vehicle.

Abstract: Systems and methods for detection of attacks on a communication authentication layer of an in-vehicle network, including determining, by at least one network node, at least one attack attempt on the communication authentication layer of the in-vehicle network, wherein the determination is carried out by identifying anomalies in at least one of messages, data and metadata directed to the communication authentication layer, and selecting, by the at least one network node, a response corresponding to the determined attack attempt from at least one of modification of parameter values corresponding to a security protocol, a failsafe response, and rejection of messages identified as anomalies.

Abstract: A module for providing security to a vehicle's in-vehicle communication network that is responsive to an operational state of the vehicle.

Abstract: A module for providing security to an in-vehicle communication network comprising at least one node, the module being operative to identify an anomalous message in the network indicative of exposure of the in-vehicle network to damage from a cyber attack and transmit at least one signal that alters the anomalous message so that the at least one node will discard it.

Abstract: A module for providing security to a vehicle's in-vehicle communication network that is responsive to an operational state of the vehicle.

Abstract: A system for providing security to an in-vehicle communication network, the system comprising: a data monitoring and processing hub external to the in-vehicle network, the in-vehicle network having a bus and at least one node connected to the bus; a module configured to monitor messages in communication traffic propagating in the in-vehicle network, the module comprising: at least one communication port via which the module receives and transmits messages; a memory having data characterizing messages that the at least one node transmits and receives during normal operation of the node, and software executable to: identify, responsive to the data characterizing messages, an anomaly in communications over the in-vehicle communication network; and instruct a communication interface, configured to support communication with the hub, to transmit monitoring data responsive to identifying the anomaly to the hub for processing; and a processor configured to execute the software in the memory.

Abstract: A cyber security module for providing security to an in-vehicle communication network having a bus, at least one node connected to the bus, and at least one communications device coupled to the in-vehicle communication network configured to interface the in-vehicle network with an external communication network, the cyber security module comprising: a communication port configured to receive a message from the communication device that the communication device generates based on a message that the communication device receives from the external communication network; at least one communication port coupled to the bus; an authentication module configured to authenticate whether or not the message originated from an authorized source; and a processor configured to operate to prevent content of the message from being operated on if the authentication module determines that the source of the message received by the communication device is not from an authorized source.

Abstract: A system for providing security to an in-vehicle communication network, the system comprising: a data monitoring and processing hub; and at least one module configured to monitor messages in communication traffic propagating in a vehicle's in-vehicle network, the network having a bus and at least one node connected to the bus, the module comprising: a communication interface configured to support communication with the hub; a memory having software comprising data characterizing messages that the at least one node transmits and receives during normal operation of the node; at least one communication port via which the module receives and transmits messages configured to be connected to a portion of the in-vehicle network; a processor that processes messages received via the port from the portion of the in-vehicle network responsive to the software in the memory to: identify an anomalous message in the received messages indicative of exposure of the in-vehicle network to damage from a cyber attack; determine a

Abstract: A system or method may include an in-vehicle network including an interface port for connecting an external device to the in-vehicle network; and a security unit connected to the in-vehicle network, the security unit adapted to enable an external device to communicate with the in-vehicle network, over the interface port, based on a security token received from the external device. A system or method may, based on a token, prevent an external device from at least one of: communicating with a selected set of components on in an in-vehicle network, communicating with a selected set of network segments in the in-vehicle network and performing a selected set of operations.

Abstract: A system and method for providing security to a network may include identifying a message sent over a network, the message related to a data transfer from an initiator to a target node, and transmitting, over the network, at least one disruptive message that causes the data transfer to fail.

Abstract: A system and method for providing security to a network may include maintaining, by a processor, a model of an expected behavior of data communications over the in-vehicle communication network; receiving, by the processor, a message sent over the network; determining, by the processor, based on the model and based on a timing attribute of the message, whether or not the message complies with the model; and if the message does not comply with the model then performing, by the processor, at least one action related to the message.

Abstract: A system and method for providing security to a network may include maintaining, by a processor, a model of an expected behavior of data communications over the in-vehicle communication network; receiving, by the processor, a message sent over the network; determining, by the controller, based on the model and based on a timing attribute of the message, whether or not the message complies with the model; and if the message does not comply with the model then performing, by the processor, at least one action related to the message.

Abstract: A system and method for providing security to a network may include maintaining, by a processor, a model of an expected behavior of data communications over an in-vehicle communication network; receiving, by the processor, a plurality of messages communicated over the network; determining, by the processor, based on the model and based on content attributes of the plurality of messages, whether or not at least one of the messages complies with the model; and if at least one message does not comply with the model then performing, by the processor, at least one action related to the message.

Abstract: A system and method for providing security to a network may include maintaining, by a processor, a model of an expected behavior of data communications over the in-vehicle communication network; receiving, by the processor, a message sent over the network; determining, by the processor, based on the model and based on content in the message, whether or not the message complies with the model; and if the message does not comply with the model then performing, by the processor, at least one action related to the message.

Abstract: A module for providing security to an in-vehicle communication network having a bus and at least one node connected to the bus, the module comprising: a memory having software comprising data characterizing messages that the at least one node transmits and receives via the bus during normal operation of the node; a communication port via which the module receives and transmits messages configured to be connected to a portion of the in-vehicle network; and a processor that processes messages received via the port from the portion of the in-vehicle network responsive to the software in the memory to: identify an anomalous message in the received messages indicative of exposure of the in-vehicle network to damage from a cyber attack; and cause the module to transmit at least one signal via the port to the portion of the in-vehicle network that alters the anomalous message so that the at least one node will discard it.