US 12,462,020 B2
Firmware protection for industrial control systems
Vladimir Strogov, Singapore (SG); Sergey Ulasen, Singapore (SG); Aliaksei Dodz, Singapore (SG); Serg Bell, Costa del Sol (SG); and Stanislav Protasov, Singapore (SG)
Assigned to Acronis International GmbH, Schaffhausen (CH)
Filed by Acronis International GmbH, Schaffhausen (CH)
Filed on Jun. 30, 2023, as Appl. No. 18/345,088.
Prior Publication US 2025/0005143 A1, Jan. 2, 2025
Int. Cl. G06F 21/55 (2013.01); G06F 21/56 (2013.01); G06F 21/57 (2013.01)
CPC G06F 21/552 (2013.01) [G06F 21/564 (2013.01); G06F 21/572 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method for protecting an Industrial Control System (ICS) resource, the ICS comprising a plurality of Programmable Logic Controllers (PLCs), the method comprising:
at an initialization stage of the ICS, monitoring the ICS to determine a file path of the resource and a functionality of the resource by a kernel-level agent operating at a kernel mode;
dynamically identifying, by the kernel-level agent, the resource prior to intercepting a request to the resource based on the functionality of the resource;
intercepting, by the kernel-level agent operating at the kernel mode, a request to the resource based at least on the file path of the resource, wherein the request is initiated from a user mode of the ICS;
collecting, by the kernel-level agent, data associated with the intercepted request to the resource;
sending, by kernel the kernel-level agent, the data to a security service, the security service operating at a user mode, wherein the security service is located on each PLC of the plurality of PLCs of the ICS;
analyzing, by the security service, the collected data to determine a verdict;
sending, by the security service, the verdict to the kernel-level agent; and
executing, by the kernel-level agent, at least one security action for the resource based on the verdict received from the security service.