RunSafe Security released Alkemist, a proprietary self-service technology built to reduce vulnerabilities and deny malware the uniformity needed to execute.
Previously known as Software Guardian, Alkemist uses remotely deployable software binary runtime application self-protection (RASP) methods to reduce risk by precluding exploits from spreading across multiple devices and networks.
Originally born out of a research project for the Advanced Research Projects Agency of the Department of Defense, Alkemist is a self-service cyber-hardening tool to protect binaries in minutes while leaving each system functionally identical, but logically unique.
“The recent news cycle has had no shortage of stories on the many risks to vulnerable embedded devices and industrial control systems,” said Joe Saunders, McLean, VA-based RunSafe Security’s chief executive. “With the release of Alkemist, our customers can cyber-harden systems across all critical infrastructure so that operators and manufacturers can avoid disruption in service. We also work directly with software suppliers to ensure that they are not the weak link in the supply chain.”
While many embedded system and device security and ICS security solutions focus on identifying breaches with firewalls, anti-virus software, or intrusion protection, RunSafe Security always assumes motivated attackers will break in. Therefore, rather than reacting to compromised vulnerabilities following an exploit, Alkemist actively prevents malware from being executed by mitigating common attack techniques including:
• Memory corruption attacks (buffer, stack, and heap)
• Return/jump oriented programming (ROP/JOP) attacks
• Compromised hardware and software supply chain attacks
• Scaling of attacks
• To reduce the attack surface, RunSafe Security hardens software binaries by remotely deploying a transformation process that uses RASP techniques in multiple ways including:
• Binary Stirring (memory, function, library, and stack) – This post-compilation hardening process randomizes memory, basic block functions, and access to third-party libraries. This logical reordering ensures malware is denied the structure it requires to propagate and take control of code.
• Control Flow Integrity (CFI) – This technique stops exploits from reordering legitimate functions into an unintended sequence and protects against Return Oriented Programming and Jump Oriented Programming (ROP/JOP) attacks. It prevents malware from changing how commands are executed.
• Proprietary a priori Optimization – This is used to discern best techniques based on instruction set, codebase, and binary structure.
Click here for more information.