Patents by Inventor Tal Efraim Ben David
Tal Efraim Ben David has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230418928Abstract: In one implementation, a method for providing security on an externally connected controller includes launching, by the controller, a security layer that includes a whitelist of permitted processes on the controller, the whitelist including (i) signatures for processes that are authorized to be executed and (ii) context information identifying permitted controller contexts within which the processes are authorized to be executed; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the determined signature with a verified signature for the particular process from the whitelist; identifying, by the security layer, a current context for the controller; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the current context with one or more permitted controller contexts for the particular process from the whitelist.Type: ApplicationFiled: September 12, 2023Publication date: December 28, 2023Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Patent number: 11790074Abstract: In one implementation, a method for providing security on an externally connected controller includes launching, by the controller, a security layer that includes a whitelist of permitted processes on the controller, the whitelist including (i) signatures for processes that are authorized to be executed and (ii) context information identifying permitted controller contexts within which the processes are authorized to be executed; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the determined signature with a verified signature for the particular process from the whitelist; identifying, by the security layer, a current context for the controller; determining by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the current context with one or more permitted controller contexts for the particular process from the whitelist.Type: GrantFiled: January 23, 2023Date of Patent: October 17, 2023Assignee: Karamba Security Ltd.Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Publication number: 20230275877Abstract: Technology descried here can be used for collecting information about malicious attacks on computer devices. Hosting hardware can be configured to host virtual machines, virtual machines of ECU images, and ECUs to collect records of malicious attacks. An attack analyzer can generate fingerprints from the malicious attacks.Type: ApplicationFiled: September 24, 2019Publication date: August 31, 2023Inventors: Assaf HAREL, Amiram DOTAN, David BARZILAI, Eli MORDECHAI, Tal Efraim BEN DAVID
-
Publication number: 20230224145Abstract: In one implementation, a method for providing end-to-end communication security for a controller area network (CANbus) in an automotive vehicle across which a plurality of electronic control units (ECU) communicate is described. Such an automotive vehicle can include, for example, a car or truck with multiple different ECUs that are each configured to control various aspects of the vehicle's operation, such as an infotainment system, a navigation system, various engine control systems, and/or others.Type: ApplicationFiled: March 16, 2023Publication date: July 13, 2023Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai, Eli Mordechai
-
Publication number: 20230199010Abstract: In one implementation, a method for providing security on externally connected controllers includes receiving, at a reporting agent that is part of a security middleware layer operating on a controller, an indication that a process has been blocked; obtaining, by the reporting agent, trace information for the blocked process; determining, by the reporting agent, a code portion in an operating system of the controller that served as an exploit for the blocked process; obtaining, by the reporting agent, a copy of malware that was to be executed by the blocked process; generating, by the reporting agent, an alert for the blocked process that includes (i) the trace information, (ii) information identifying the code portion, and (iii) the copy of the malware; and providing, by the reporting agent, the alert to a network interface on the controller for immediate transmission to a backend computer system.Type: ApplicationFiled: February 24, 2023Publication date: June 22, 2023Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Publication number: 20230153418Abstract: In one implementation, a method for providing security on an externally connected controller includes launching, by the controller, a security layer that includes a whitelist of permitted processes on the controller, the whitelist including (i) signatures for processes that are authorized to be executed and (ii) context information identifying permitted controller contexts within which the processes are authorized to be executed; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the determined signature with a verified signature for the particular process from the whitelist; identifying, by the security layer, a current context for the controller; determining by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the current context with one or more permitted controller contexts for the particular process from the whitelist.Type: ApplicationFiled: January 23, 2023Publication date: May 18, 2023Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Patent number: 11637696Abstract: In one implementation, a method for providing end-to-end communication security for a controller area network (CANbus) in an automotive vehicle across which a plurality of electronic control units (ECU) communicate is described. Such an automotive vehicle can include, for example, a car or truck with multiple different ECUs that are each configured to control various aspects of the vehicle's operation, such as an infotainment system, a navigation system, various engine control systems, and/or others.Type: GrantFiled: March 8, 2022Date of Patent: April 25, 2023Assignee: KARAMBA SECURITY LTD.Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai, Eli Mordechai
-
Patent number: 11616792Abstract: In one implementation, a method for providing security on externally connected controllers includes receiving, at a reporting agent that is part of a security middleware layer operating on a controller, an indication that a process has been blocked; obtaining, by the reporting agent, trace information for the blocked process; determining by the reporting agent, a code portion in an operating system of the controller that served as an exploit for the blocked process; obtaining, by the reporting agent, a copy of malware that was to be executed by the blocked process; generating, by the reporting agent, an alert for the blocked process that includes (i) the trace information, (ii) information identifying the code portion, and (iii) the copy of the malware; and providing, by the reporting agent, the alert to a network interface on the controller for immediate transmission to a backend computer system.Type: GrantFiled: June 30, 2021Date of Patent: March 28, 2023Assignee: KARAMBA SECURITY LTD.Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Publication number: 20230059025Abstract: In one implementation, a method for automatically generating a security policy for a controller includes receiving, by a security policy generation system and from a controller development environment, code for a device controller; selecting middleware that enforces a security policy; analyzing the code for the device controller; based at least in part on the analyzing, automatically generating the security policy; and providing the selected middleware along with the generated security policy.Type: ApplicationFiled: October 18, 2022Publication date: February 23, 2023Applicant: Karamba Security Ltd.Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Patent number: 11574043Abstract: In one implementation, a method for providing security on an externally connected controller includes launching, by the controller, a security layer that includes a whitelist of permitted processes on the controller, the whitelist including (i) signatures for processes that are authorized to be executed and (ii) context information identifying permitted controller contexts within which the processes are authorized to be executed; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the determined signature with a verified signature for the particular process from the whitelist; identifying, by the security layer, a current context for the controller; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the current context with one or more permitted controller contexts for the particular process from the whitelist.Type: GrantFiled: July 13, 2021Date of Patent: February 7, 2023Assignee: Karamba Security Ltd.Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Patent number: 11509666Abstract: In one implementation, a method for automatically generating a security policy for a controller includes receiving, by a security policy generation system and from a controller development environment, code for a device controller; selecting middleware that enforces a security policy; analyzing the code for the device controller; based at least in part on the analyzing, automatically generating the security policy; and providing the selected middleware along with the generated security policy.Type: GrantFiled: October 19, 2020Date of Patent: November 22, 2022Assignee: KARAMBA SECURITY LTD.Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Publication number: 20220337405Abstract: In one implementation, a method for providing end-to-end communication security for a controller area network (CANbus) in an automotive vehicle across which a plurality of electronic control units (ECU) communicate is described. Such an automotive vehicle can include, for example, a car or truck with multiple different ECUs that are each configured to control various aspects of the vehicle's operation, such as an infotainment system, a navigation system, various engine control systems, and/or others.Type: ApplicationFiled: March 8, 2022Publication date: October 20, 2022Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai, Eli Mordechai
-
Publication number: 20220179941Abstract: In one implementation, a method for providing security on an externally connected controller includes launching, by the controller, a security layer that includes a whitelist of permitted processes on the controller, the whitelist including (i) signatures for processes that are authorized to be executed and (ii) context information identifying permitted controller contexts within which the processes are authorized to be executed; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the determined signature with a verified signature for the particular process from the whitelist; identifying, by the security layer, a current context for the controller; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the current context with one or more permitted controller contexts for the particular process from the whitelist.Type: ApplicationFiled: July 13, 2021Publication date: June 9, 2022Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Publication number: 20220094701Abstract: In one implementation, a method for providing security on externally connected controllers includes receiving, at a reporting agent that is part of a security middleware layer operating on a controller, an indication that a process has been blocked; obtaining, by the reporting agent, trace information for the blocked process; determining, by the reporting agent, a code portion in an operating system of the controller that served as an exploit for the blocked process; obtaining, by the reporting agent, a copy of malware that was to be executed by the blocked process; generating, by the reporting agent, an alert for the blocked process that includes (i) the trace information, (ii) information identifying the code portion, and (iii) the copy of the malware; and providing, by the reporting agent, the alert to a network interface on the controller for immediate transmission to a backend computer system.Type: ApplicationFiled: June 30, 2021Publication date: March 24, 2022Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Patent number: 11271727Abstract: In one implementation, a method for providing end-to-end communication security for a controller area network (CANbus) in an automotive vehicle across which a plurality of electronic control units (ECU) communicate is described. Such an automotive vehicle can include, for example, a car or truck with multiple different ECUs that are each configured to control various aspects of the vehicle's operation, such as an infotainment system, a navigation system, various engine control systems, and/or others.Type: GrantFiled: July 18, 2018Date of Patent: March 8, 2022Assignee: KARAMBA SECURITY LTD.Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai, Eli Mordechai
-
Publication number: 20210360009Abstract: In one implementation, a method for providing security on externally connected controllers includes receiving, at a server system, operation information for a plurality of instances of a controller, the plurality of instances being installed across a plurality of devices; statistically analyzing, by the server system, the operation information; identifying, by the server system, one or more anomalous controller behaviors based on the statistical analysis; and providing, by the server system, information regarding the one or more anomalous controller behaviors on the controller as potential security threats.Type: ApplicationFiled: May 17, 2021Publication date: November 18, 2021Applicant: Karamba Security Ltd.Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Publication number: 20210349991Abstract: In one implementation, a method for providing security on controllers includes detecting computer-readable code running on a controller, the computer-readable code including code portions that each include instructions to be performed by the controller; identifying a current code portion of the computer-readable code; accessing an in-memory graph that models an operational flow of the computer-readable code, wherein the in-memory graph includes a plurality of nodes, each of the nodes corresponding to one of the code portions and each of the nodes having a risk value for the associated code portion that is a measure of security risk for the associated code portion; identifying the risk value for the current code portion; selecting, from a plurality of available flow control integrity (IMV) schemes, an IMV scheme based on the identified risk value; and applying, to the code portion as the code portion is running on the controller, the selected IMV scheme.Type: ApplicationFiled: May 26, 2021Publication date: November 11, 2021Inventors: Assaf Harel, Amiram Dotan, Tal Efraim Ben David, David Barzilai
-
Publication number: 20210328782Abstract: In one implementation, a method for providing end-to-end communication security for a controller area network (CANbus) in an automotive vehicle across which a plurality of electronic control units (ECU) communicate is described. Such an automotive vehicle can include, for example, a car or truck with multiple different ECUs that are each configured to control various aspects of the vehicle's operation, such as an infotainment system, a navigation system, various engine control systems, and/or others.Type: ApplicationFiled: July 18, 2018Publication date: October 21, 2021Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai, Eli Mordechai
-
Patent number: 11068580Abstract: In one implementation, a method for providing security on an externally connected controller includes launching, by the controller, a security layer that includes a whitelist of permitted processes on the controller, the whitelist including (i) signatures for processes that are authorized to be executed and (ii) context information identifying permitted controller contexts within which the processes are authorized to be executed; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the determined signature with a verified signature for the particular process from the whitelist; identifying, by the security layer, a current context for the controller; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the current context with one or more permitted controller contexts for the particular process from the whitelist.Type: GrantFiled: September 7, 2016Date of Patent: July 20, 2021Assignee: Karamba Security Ltd.Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Patent number: 11063964Abstract: In one implementation, a method for providing security on externally connected controllers includes receiving, at a reporting agent that is part of a security middleware layer operating on a controller, an indication that a process has been blocked; obtaining, by the reporting agent, trace information for the blocked process; determining, by the reporting agent, a code portion in an operating system of the controller that served as an exploit for the blocked process; obtaining, by the reporting agent, a copy of malware that was to be executed by the blocked process; generating, by the reporting agent, an alert for the blocked process that includes (i) the trace information, (ii) information identifying the code portion, and (iii) the copy of the malware; and providing, by the reporting agent, the alert to a network interface on the controller for immediate transmission to a backend computer system.Type: GrantFiled: July 3, 2019Date of Patent: July 13, 2021Assignee: KARAMBA SECURITY LTD.Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai