Backplane filtering and firewalls
Abstract
Described herein are various technologies for providing active mitigation of cyber-attacks against industrial and other control systems. A filtering device is connected to a backplane of a control system and receives communications from various modules of the control system. The filter device analyzes the received communications and determines whether they are genuine and permissible communications for the control system. Validated signals are output to a communications bus of the control system by the filter device, while impermissible communications are blocked. The filter device can be interposed between the modules of the control system and the backplane, or the filter device can be included as a component of a control system backplane.
- Inventors:
- Issue Date:
- Research Org.:
- Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
- Sponsoring Org.:
- USDOE
- OSTI Identifier:
- 1568689
- Patent Number(s):
- 10375106
- Application Number:
- 15/364,011
- Assignee:
- National Technology & Engineering Solutions of Sandia, LLC (Albuquerque, NM)
- Patent Classifications (CPCs):
-
G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
G - PHYSICS G06 - COMPUTING G06N - COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
- DOE Contract Number:
- AC04-94AL85000
- Resource Type:
- Patent
- Resource Relation:
- Patent File Date: 11/29/2016
- Country of Publication:
- United States
- Language:
- English
- Subject:
- 97 MATHEMATICS AND COMPUTING
Citation Formats
Roesler, Alexander, Clements, Abraham Anthony, Hamlet, Jason, and Mulder, John. Backplane filtering and firewalls. United States: N. p., 2019.
Web.
Roesler, Alexander, Clements, Abraham Anthony, Hamlet, Jason, & Mulder, John. Backplane filtering and firewalls. United States.
Roesler, Alexander, Clements, Abraham Anthony, Hamlet, Jason, and Mulder, John. Tue .
"Backplane filtering and firewalls". United States. https://www.osti.gov/servlets/purl/1568689.
@article{osti_1568689,
title = {Backplane filtering and firewalls},
author = {Roesler, Alexander and Clements, Abraham Anthony and Hamlet, Jason and Mulder, John},
abstractNote = {Described herein are various technologies for providing active mitigation of cyber-attacks against industrial and other control systems. A filtering device is connected to a backplane of a control system and receives communications from various modules of the control system. The filter device analyzes the received communications and determines whether they are genuine and permissible communications for the control system. Validated signals are output to a communications bus of the control system by the filter device, while impermissible communications are blocked. The filter device can be interposed between the modules of the control system and the backplane, or the filter device can be included as a component of a control system backplane.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Tue Aug 06 00:00:00 EDT 2019},
month = {Tue Aug 06 00:00:00 EDT 2019}
}
Works referenced in this record:
Generic method for automatically generating finite-state machines for schedudling from print engine capabilities
patent, November 1998
- Fromherz, Markus P. J.
- US Patent Document 5,835,688
System for programming a programmable logic controller using a web browser
patent, June 2006
- Baker, Jr., Richard A.
- US Patent Document 7,058,693
System for Detecting a Reset Condition in an Electronic Circuit
patent-application, May 2010
- Fuller, Jay Scott
- US Patent Application 12/610082; 20100109721
System and method for analyzing vehicular behavior in a network environment
patent, December 2014
- Addepalli, Sateesh K.; Dai, Lillian Lei; Moghe, Ashok Krishnaji
- US Patent Document 8,903,593
PLC backplane analyzer for field forensics and intrusion detection
patent, May 2015
- Mulder, John; Schwartz, Moses Daniel; Berg, Michael
- US Patent Document 9,032,522
Transparent bridging and routing in an industrial automation environment
patent, December 2010
- Callaghan, David M.
- US Patent Document 7,853,677
Automatic Churn Prediction
patent-application, December 2011
- Fine, Shai; Yom-Tov, Elad; Richter, Yossi
- US Patent Application 12/790850; 20110295649
System and Method for Detecting OBD-II CAN Bus Message Attacks
patent-application, January 2016
- Yan, Wei; Peng, Kai; Pan, JunWu
- US Patent Application 14/801582; 20160021127
Integrated security in a process plant having a process control system and a safety system
patent, June 2007
- Scott, Cindy; Law, Gary K.; Ott, Michael G.
- US Patent Document 7,237,109
Control system and module for an accumulation conveyor
patent, January 1999
- Taylor, Bryan
- US Patent Document 5,862,907
Advanced logic system
patent, January 2011
- Sorensen, Steen Ditlev; Sogaard, Sten
- US Patent Document 7,870,299
Trusted Client Utilizing Security Kernel Under Secure Execution Mode
patent-application, December 2003
- Schmidt, Rodney W.; Barnes, Brian C.; Strongin, Geoffrey S.
- US Patent Application 10/160984; 20030226014
Semiconductor storage device
patent, January 1999
- Makimura, Chisa; Suzuki, Yukihide; Sukegawa, Shunichi
- US Patent Document 5,862,086
Assigning Resource Permissions
patent-application, September 2016
- Liang, Qianhui; Kasravi, Kas; Goldsack, Patrick
- US Patent Application 15/032358; 20160267413
Safety communication on a single backplane
patent, June 2005
- Vasko, David A.; Lenner, Joseph A.
- US Patent Document 6,909,923
Systems and Methods for Flexible, Extensible Authentication Subsystem that Enabled Enhance Security for Applications
patent-application, December 2016
- Reddem, Dileep; Tiwary, Pratap Ranjan; Kumar, Arkesh
- US Patent Application 14/753636; 20160381080
Multi-variable statistical process controller for discrete manufacturing
patent, April 1995
- Mozumder, Purnendu K.; Saxena, Sharad; Pu, William W.
- US Patent Document 5,408,405
Electrolyzer Apparatus
patent-application, September 2013
- Morelle, Philippe; Lange, Joachim; Sommer, Christoph
- US Patent Application 13/988027; 20130233723
Methods and Systems for Using an Expectation-Maximization (EM) Machine Learning Framework for Behavior-Based Analysis of Device Behaviors
patent-application, January 2017
- Chen, Yin; Sridhara, Vinay; Noorshams, Nima
- US Patent Application 14/806882; 20170024660
Central control system and method for using state information to model inflight pipelined instructions
patent, June 2008
- Kuslak, John S.; Hartnett, Thomas
- US Patent Document 7,389,407
Information throttle based on compliance with electronic communication rules
patent, February 2018
- Hunter, Edward; Moussavian, Negeen; Moussavian, Amir
- US Patent Document 9,887,887
Policy-Based Physical Security System for Restricting Access to Computer Resources and Data Flow Through Network Equipment
patent-application, August 2008
- Ghai, Vikrant; Sharma, Shailendra; Jain, Ajay
- US Patent Application 11/893056; 20080209505
Integrated diagnostics in a process plant having a process control system and a safety system
patent, December 2005
- Scott, Cindy; Law, Gary K.; Ott, Michael G.
- US Patent Document 6,975,966
Serial data isolator industrial control system providing intrinsically safe operation
patent, March 2000
- Behrens, Ulrich; Kessler, Michael; Slater, Robin-David
- US Patent Document 6,037,857
Fault tolerant memory system
patent, January 1995
- Papenberg, Robert L.; Yang, Runchan D.; Wotring, David H.
- US Patent Document 5,379,415
Detection and Response to Unauthorized Access to a Communication Device
patent-application, April 2014
- Smith, Rhett; Gordon, Colin
- US Patent Application 13/829047; 20140109182
Data Certification methods and Apparatus
patent-application, July 2008
- Tuliani, Jonnathan Toshan; Bursell, Michael
- US Patent Application 11/661784; 20080163337
Associating network and storage activities for forensic analysis
patent, March 2014
- Dotan, Yedidya; Natanzon, Assaf; Rivner, Uri
- US Patent Document 8,683,592