Alkemist to secure embedded Linux distributions using Yocto
RunSafe Security, a pioneer of the patented process to immunize software from cyber-attacks and disrupt hacker economics without developer friction, today announced an integration with Yocto Project (YP), an open-source collaboration project which enables developers to create custom Linux-based systems for an expanding array of uses including embedded, IoT, connected edge, servers, and virtual environments. YP ecosystem members and participants include Intel, Wind River, Texas Instrument, Facebook, Comcast, Cisco, Juniper Networks, Dell, LG Electronics, and more. With this integration, RunSafe’s Alkemist can immunize software by simply adding a layer into Yocto build environments without changing a line of code or slowing down product releases.
“With its accelerating adoption for building embedded linux distributions, Yocto users needed a simple and seamless solution to reduce attack surfaces and enable continuous delivery, without chasing vulnerabilities and delaying releases,” said Joe Saunders, CEO of RunSafe Security. “Alkemist provides the perfect solution. We’re able to immunize code without developer friction and shift hacker economics back in favor of the manufacturers and users of embedded devices.”
Since the images running on each Yocto-built embedded system are identical, a single vulnerability can expose thousands of systems, and attackers can easily scale their attacks. Alkemist mitigates this concern by using a patented technique called Load-time Function Randomization (LFR), which creates greater memory diversity by restacking functions in memory, before a process begins executing, every time that process executes. By performing randomization at runtime instead of build-time, Alkemist is able to preserve “Binary Reproducibility,” one of the Yocto Project’s core features, while dramatically increasing security against memory-based attacks.
“We’re excited to support Yocto users to insert security into the build toolchain while reducing costs associated with frequent security updates and releases of IoT and embedded systems,” said Doug Britton, chief technical officer, RunSafe Security. “Alkemist helps our customers maintain product velocity without sacrificing security, and provides greater memory location entropy without sacrificing performance or ease of application. Through this integration, we can effectively immunize an entire class of IIoT devices from persistent and powerful memory corruption vulnerabilities.”