公开(公告)号：US12101338B2

公开(公告)日：2024-09-24

申请号：US16435337

申请日：2019-06-07

Applicant: NVIDIA Corporation

Inventor： Mark Overby ,  Rick Dingle ,  Nicola Di Miscio ,  Varadharajan Kannan ,  Yong Zhang ,  Francesco Saracino

IPC: H04L29/06 ,  G06F9/455 ,  G06F13/40 ,  G06N20/00 ,  H04L9/32 ,  H04L9/40 ,  H04L12/40 ,  H04L47/24 ,  H04L61/2585 ,  G06F21/60 ,  H04L9/00 ,  H04L67/12

CPC classification number: H04L63/1416 ,  G06F9/45558 ,  G06F13/4068 ,  G06N20/00 ,  H04L9/3265 ,  H04L12/40 ,  H04L12/40013 ,  H04L47/24 ,  H04L61/2585 ,  H04L63/1425 ,  H04L63/1441 ,  G06F2009/45587 ,  G06F2009/45595 ,  G06F21/602 ,  H04L9/50 ,  H04L2012/40215 ,  H04L2012/40273 ,  H04L63/1458 ,  H04L63/166 ,  H04L67/12

Abstract: Various approaches are disclosed for protecting vehicle buses from cyber-attacks. Disclosed approaches provide for an embedded system having a hypervisor that provides a virtualized environment supporting any number of guest OSes. The virtualized environment may include a security engine on an internal communication channel between the guest OS and an external vehicle bus of a vehicle to analyze network traffic to protect the guest OS from other guest OSes or other network components, and to protect those network components from the guest OS. Each guest OS may have its own security engine customized for the guest OS to account for what is typical or expected traffic for the guest OS (e.g., using machine learning, anomaly detection, etc.). Also disclosed are approaches for corrupting a message being transmitted on a vehicle bus to prevent devices from acting on the message.

公开(公告)号：US20240406196A1

公开(公告)日：2024-12-05

申请号：US18800623

申请日：2024-08-12

Applicant: NVIDIA Corporation

Inventor： Mark Overby ,  Rick Dingle ,  Nicola Di Miscio ,  Varadharajan Kannan ,  Yong Zhang ,  Francesco Saracino

IPC: H04L9/40 ,  G06F9/455 ,  G06F13/40 ,  G06F21/60 ,  G06N20/00 ,  H04L9/00 ,  H04L9/32 ,  H04L12/40 ,  H04L47/24 ,  H04L61/2585 ,  H04L67/12

Abstract: Various approaches are disclosed for protecting vehicle buses from cyber-attacks. Disclosed approaches provide for an embedded system having a hypervisor that provides a virtualized environment supporting any number of guest OSes. The virtualized environment may include a security engine on an internal communication channel between the guest OS and an external vehicle bus of a vehicle to analyze network traffic to protect the guest OS from other guest OSes or other network components, and to protect those network components from the guest OS. Each guest OS may have its own security engine customized for the guest OS to account for what is typical or expected traffic for the guest OS (e.g., using machine learning, anomaly detection, etc.). Also disclosed are approaches for corrupting a message being transmitted on a vehicle bus to prevent devices from acting on the message

公开(公告)号：US11652827B2

公开(公告)日：2023-05-16

申请号：US16435364

申请日：2019-06-07

Applicant: NVIDIA Corporation

Inventor： Mark Overby ,  Rick Dingle ,  Nicola Di Miscio ,  Varadharajan Kannan ,  Yong Zhang ,  Francesco Saracino

IPC: H04L29/06 ,  H04L9/40 ,  G06F9/455 ,  H04L9/32 ,  G06N20/00 ,  G06F13/40 ,  H04L12/40 ,  H04L47/24 ,  H04L61/2585 ,  G06F21/60 ,  H04L67/12 ,  H04L9/00

CPC classification number: H04L63/1416 ,  G06F9/45558 ,  G06F13/4068 ,  G06N20/00 ,  H04L9/3265 ,  H04L12/40 ,  H04L12/40013 ,  H04L47/24 ,  H04L61/2585 ,  H04L63/1425 ,  H04L63/1441 ,  G06F21/602 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L9/50 ,  H04L63/1458 ,  H04L63/166 ,  H04L67/12 ,  H04L2012/40215 ,  H04L2012/40273

Abstract: Various approaches are disclosed to virtualizing intrusion detection and prevention. Disclosed approaches provide for an embedded system having a hypervisor that provides a virtualized environment supporting any number of guest OSes. The virtualized environment may include a security engine on an internal communication channel between the guest OS and a virtualized hardware interface (e.g., an Ethernet or CAN interface) to analyze network traffic to protect the guest OS from other guest OSes or other network components, and to protect those network components from the guest OS. The security engine may be on a different partition than the guest OS and the virtualized hardware interface providing the components with isolated execution environments that protect against malicious code execution. Each guest OS may have its own security engine customized for the guest OS to account for what is typical or expected traffic for the guest OS.