Alkemist: Harden vulnerable embedded systems and devices

RunSafe Security announced the availability of Alkemist, a proprietary self-service technology built to reduce vulnerabilities and deny malware the uniformity needed to execute.

Previously known as Software Guardian, Alkemist uses deployable software binary runtime application self-protection (RASP) methods to reduce risk by precluding exploits from spreading across multiple devices and networks.

Originally born out of a research project for the Advanced Research Projects Agency of the Department of Defense, Alkemist is the self-service cyberhardening tool to protect binaries in minutes while leaving each system identical.

“The recent news cycle has had no shortage of stories on the many risks to vulnerable embedded devices and industrial control systems,” said Joe Saunders, RunSafe Security’s CEO.

“With the release of Alkemist, our customers can cyberharden systems across all critical infrastructure so that operators and manufacturers can avoid disruption in service. We also work directly with software suppliers to ensure that they are not the weak link in the supply chain.”

How Alkemist provides critical infrastructure protection

While many embedded system and device security and ICS security solutions focus on identifying breaches with firewalls, anti-virus software, or intrusion protection, RunSafe Security assumes that adversaries will eventually break in.

Therefore, rather than reacting to compromised vulnerabilities following an exploit, Alkemist prevents malware from being executed by mitigating common attack techniques including:

• Memory corruption attacks (buffer, stack, and heap),
• Return/jump oriented programming (ROP/JOP) attacks,
• Compromised hardware and software supply chain attacks,
• Scaling of attacks.

To reduce the attack surface, RunSafe Security hardens software binaries by remotely deploying a transformation process that uses RASP techniques in multiple ways including:

• Binary stirring (memory, function, library, and stack) – This process randomizes memory, basic block functions, and access to third-party libraries. This reordering ensures that malware is denied the structure it requires to propagate and take control of code.
• Control flow integrity (CFI) – This technique stops exploits from reordering legitimate functions into an unintended sequence and protects against Return Oriented Programming and Jump Oriented Programming (ROP/JOP) attacks. It prevents malware from changing how commands are executed.
• Proprietary a priori optimization – This is used to discern techniques based on instruction set, codebase, and binary structure.

By precluding an exploit from spreading across multiple devices and networks, RunSafe Security’s Alkemist disrupts traditional hacker economics by denying the routine tactics and techniques that attackers prefer.

Alkemist, which can be accessed through a web client or API, requires no new software, services or hardware, and no access to source code.

In addition, there is no dependence on compiler or operating systems and there are no time-consuming alerts to monitor.

“After evaluating several ICS cybersecurity providers, we chose RunSafe Security to protect boards that are used to manage cooling systems in large scale data centers,” said Jason Gloeckner, Director of Thermal Controls at Vertiv, one of RunSafe’s first customers.

“RunSafe’s Alkemist mitigates against cyberattacks that traditional alerts, intrusion detection, and managed services would otherwise just report on. Our customers cannot afford cyberattacks that disrupt operations.”