Search

US-20260127262-A1 - System and Method for Allowlisting of Devices

US20260127262A1US 20260127262 A1US20260127262 A1US 20260127262A1US-20260127262-A1

Abstract

During development, a whitelist is automatically created that includes entries for all programs that will run on the target device. Security software is included in the installation package. After the installation package is installed, the operating system runs the system security software and the system security software intercepts attempts to run any program and only allows programs to run that match an entry in the whitelist. In some embodiments, an entitlement file is created (manually, automatically, or a combination of both) and is included in the installation package. In such embodiments, after initialization, the system security software intercepts attempts to access resources of the target device by programs and only allows access to resources that are identified in the entitlement file for that program.

Inventors

  • Zachary A. Austin
  • Robert J. Cheng
  • Andrew Tuch
  • Robert J. Woodworth
  • Matthew Quincy Riley

Assignees

  • PC MATIC INC

Dates

Publication Date
20260507
Application Date
20241101

Claims (13)

  1. 1 . A system for device security, the system comprising: a target device, the target device having a processor and a memory operatively interfaced to the processor, the memory is non-transitory; security software stored in the memory; the security software running on the processor; a whitelist stored in the memory and accessible by the security software, the whitelist containing entries indicative of which programs are allowed to run on the processor; when a program attempts to be executed by the processor, the security software intercepts execution and determines when the program is authorized using the whitelist and when the program is unauthorized, the security software prevents execution of the program; when the program is authorized, the security software allows the execution of the program; and whereas, when each program is created from source code by a compiler/linker running on a computer in a build environment, a whitelist entry is automatically generated and added to the whitelist after the program is created.
  2. 2 . The system of claim 1 , further comprising an entitlement list for the program, the entitlement list stored in the memory, when the program attempts to access a resource of the processor, the security software intercepts and determines when the program is entitled to access the resource using the entitlement list and when access to the resource is prevented, the security software prevents the access of the resource by the program, otherwise when the access to the resource is allowed based upon the entitlement list, the security software allows the access of the resource by the program.
  3. 3 . The system of claim 2 , wherein the entitlement list comprises one or more entitlements selected from a group consisting of reading a file, writing the file, reading an input/output device, writing to the input/output device, reading a memory location, and writing a memory location.
  4. 4 . The system of claim 2 , wherein the entitlement list further comprises a range of times that the program is entitled to access the resource and when the security software intercepts and determines when the program is entitled to access the resource using the entitlement list, the access to the resource is allowed only during the range of times.
  5. 5 . A system for device security, the system comprising: a target device, the target device having a processor and a memory operatively interfaced to the processor, the memory is non-transitory; a program-build system in which control program source code is compiled/linked to create a control program, security software source code is compiled/linked to create a security software program, and operating system source code are compiled/linked to create operating system programs to run on the target device, the program-build system automatically generates a whitelist entry in a whitelist for the control program and each program in the operating system programs; the program-build system generates a firmware image that comprises the control program, the whitelist, the security software program, and the operating system programs; upon installation of the firmware image on the target device, the control program, the security software program, the whitelist, and the operating system programs are stored in the memory, the whitelist is thereby accessible by the security software program; upon initialization, the operating system programs run on the processor and the operating system programs start the security software program; thereafter, when a program attempts to be executed by the operating system programs, the security software program intercepts execution of the program and determines when the program is authorized using the whitelist and when the program is unauthorized, the security software program prevents execution of the program; and when the program is authorized, the security software program allows the execution of the program.
  6. 6 . The system of claim 5 , further comprising an entitlement list for each program, the entitlement list as added to the firmware image and, upon installation, the entitlement list is read from the firmware image and installed in the memory such that when the program attempts to access a resource of the processor, the security software program intercepts and determines when the program is entitled to access the resource using the entitlement list and when access to the resource is prevented, the security software program prevents access of the resource by the program, otherwise when the access to the resource is allowed based upon the entitlement list, the security software program allows the access of the resource by the program.
  7. 7 . The system of claim 6 , wherein the entitlement list comprises one or more entitlements selected from a group consisting of reading a file, writing the file, reading an input/output device and writing to the input/output device.
  8. 8 . The system of claim 6 , wherein an entry in the entitlement list further comprises a range of times that the program is entitled to access the resource and when the security software program intercepts and determines when the program is entitled to access the resource using the entitlement list, the access to the resource is allowed only during the range of times.
  9. 9 . A method of protecting a target computer, the method comprising: in a program-build environment, compiling and linking a control program from source code, compiling and linking a security software program, compiling and linking operating system programs, the control program, the security software program, and the operating system programs are created to run on a target device, the program-build environment automatically generating a whitelist entry for the control program and each of the operating system programs and adding the whitelist entry to a whitelist; creating a firmware image that comprises the control program, the security software program, the operating system programs, and the whitelist for the target device; installing the firmware image, including installing of the control program, the security software program, the operating system programs, and the whitelist in a memory of a target device, the target device having a processor and the memory is operatively interfaced to the processor, the memory being non-transitory, the security software program having access to the whitelist, the whitelist containing entries indicative of which programs are allowed to run on the processor; upon initialization of the target device, the operating system programs running on the processor and the operating system programs run the security software program; when attempting to execute a program by the operating system programs, the security software program intercepting and determining when the program is authorized using the whitelist, and when the program is unauthorized, the security software program preventing execution of the program; and when the program is authorized, the security software program allowing the execution of the program.
  10. 10 . The method of claim 9 , further comprising an entitlement list for the program, the entitlement list included in the firmware image and, during installing the firmware image, storing the entitlement list in the memory; thereafter, when attempting to access a resource by the program, the security software program intercepting and determining when accessing of the resource by the program is allowed by using the entitlement list and when accessing of the resource by the program is not allowed, the security software program preventing access of the resource by the program, otherwise when accessing of the resource by the program is allowed based upon the entitlement list, the security software program allowing the access of the resource by the program.
  11. 11 . The method of claim 10 , wherein the entitlement list comprises one or more entitlements selected from a group consisting of accessing a file system, accessing the file system for reading, accessing the file system for reading and writing, reading a file, writing the file, reading an input/output device and writing to the input/output device.
  12. 12 . The method of claim 11 , wherein the one or more entitlements of accessing the file system are limited to a portion of the file system.
  13. 13 . The method of claim 12 , wherein the entitlement list further comprises a range of times for the whitelist entry and when interceding and determining when the program is entitled to access the resource using the entitlement list, the security software program allowing the access to the resource only during the range of times.

Description

FIELD OF THE INVENTION This invention relates to the field of computer security and more particularly to a system for generation of whitelist entries during the system build process. BACKGROUND OF THE INVENTION The proliferation of low to medium functionality devices (often referred to as the Internet of Things (IoT)) has brought about a transformative wave of interconnected devices designed to enhance convenience, efficiency, and automation across various sectors. Many homes have many connected devices (e.g., connected by Wi-Fi or other wireless mechanisms) such as appliances, light controls, electronic door locks, ceiling fans, stereo systems, televisions, wireless cameras, light bulbs, network interfaces, Wi-Fi repeaters, Wi-Fi routers, etc. Each device has an interface to the internet through this wireless mechanism and many such devices include a processor, memory, and an operating system of some sort. In many small devices, the operating system is some form of LINUX®. Although these connected devices typically have single-purpose functions, these connected devices have become a new frontier for bad actors and global hackers seeking to exploit vulnerabilities for malicious purposes. Such connected devices typically operate on specialized, lightweight operating systems optimized for their constrained resources and specific tasks. These operating systems facilitate seamless interaction with other devices and networks, enabling the connected device ecosystem's growth. However, the prevalence of such operating systems also introduces a potential avenue for attackers to gain unauthorized access, execute arbitrary code, or inject malware. This can be achieved through various mechanisms, including weak authentication mechanisms, code vulnerabilities, and insufficient security protocols. Compounding the issue is the inherent single-purpose nature of many IoT devices. While this characteristic enhances their efficiency and usability, it also limits their ability to defend against sophisticated attacks. Hackers capitalize on this limitation by exploiting the device's primary function to introduce malicious code that can propagate across the network, compromise data integrity, or even render the device inoperable. Take a wireless camera; one would not want an intruder to be able to access images from a wireless camera that the owner believes is secure. The consequences of these attacks range from minimal to severe. Although an irritation, if a hacker is able to turn on one of your lights, it isn't the end of the world, and therefore, a minimal threat. Unfortunately, once threat actors (e.g., hackers) compromise a connected device, the threat actor is able to launch distributed denial of service (DDoS) attacks that are capable of overwhelming servers and networks with traffic while disrupting critical online services. Additionally, the injection of malware into connected devices can lead to widespread data breaches of other devices on the network, the theft of sensitive information from other devices on the network, and unauthorized access to connected systems. Beyond the potential for immediate disruptions caused by attacks, connected devices often control critical infrastructure, such as industrial systems, medical equipment, and transportation networks. Exploiting vulnerabilities in these connected devices can result in physical harm, financial losses, and the compromise of personal safety. For example, should a certain brand of electronic entry lock be compromised and the hacker causing every electronic entry lock of that brand to open at a certain time, people who depend on those locks will be vulnerable to others entering their residences, theft, and bodily harm. Therefore, what is needed is a mechanism for protecting such connected devices from attacks. SUMMARY OF THE INVENTION In one embodiment, a system for device security is disclosed including a target device that has a processor, and a memory operatively interfaced to the processor. Security software is stored in the memory and runs on the processor. A whitelist that contains entries indicating which programs are allowed to run on the processor is stored in the memory and accessible by the security software. When a program attempts to be executed by the processor, the security software intercepts and determines when the program is authorized using the whitelist. When the program is unauthorized, the security software prevents execution of the program and when the program is authorized, the security software allows the execution of the program. When each program is made (e.g., compiled/linked) by a build system (e.g., a computer system for building a firmware image for installation on the target device) from source code and libraries (e.g., built, compiled, linked), a whitelist entry is automatically generated and added to the whitelist after the program is created. In another embodiment, a system for device security is disclosed. The system includes a