To maximize IIoT device profitability and customer satisfaction, users can take a few simple steps to augment yocto’s robust platform with tooling to increase security and decrease update frequency, while still maintaining aggressive delivery timelines. Yocto is quickly becoming the de facto standard build environment for embedded devices. Its configurability and wide range of supported hardware and software target systems make it ideal for fine-tuning binary images to meet exacting processing, memory, and power constraints. Yocto’s strength in enabling custom distributions of thousands or even millions of replicated device images, however, comes with costs in terms of security exposure and management. The yocto community is highly responsive in providing patches, but most customers want more assurances when making a bet on their company’s reputation.
How to Mitigate Cyber Attacks
RunSafe provides a simple and seamless option to completely eliminate zero-day and other memory-based vulnerabilities, without patching, for yocto developers. With a 5-minute one-time implementation into the native yocto build stage, RunSafe’s Alkemist technology immunizes binaries from memory attacks, so that every image is functionally identical but logically unique. This changes hacker economics back in favor of the manufacturers and users of embedded devices.
Because the images running on each yocto-built embedded system are identical, a single vulnerability can expose thousands of systems and attackers can easily scale their attacks. Alkemist can mitigate this concern by using a patented technique called Loadtime Function Randomization (LFR). Alkemist performs randomization at runtime instead of buildtime, preserving “Binary Reproducibility,” one of the yocto project’s core features, while dramatically increasing security against memory-based attacks.
Modify Memory Layout – Stop the Attack
In a memory corruption-based exploit, attackers hijack legitimate code to achieve unintended, attacker-derived outcomes. Attackers utilize buffer overflows, stack overflows, heap overflows, use-after frees, etc. to redirect execution to targets of their choice, much like creating a ransom note from the letters cut out of a magazine.
View IIoT World’s interview on the Yocto Project with RunSafe Security here. More articles from RunSafe Security on IIoT World website here.
About RunSafe Security
RunSafe Security’s mission is to immunize software without developer friction from cyber attacks, disrupting hacker economics. RunSafe’s security techniques inoculate our customers’ systems from an entire class of cyber attacks. Our customers integrate our product across build and deploy tools chains without developer friction protecting open source, in house code, and 3rd party binaries. Headquartered in McLean, Virginia, with an office in Huntsville, Alabama, RunSafe Security’s customers span the enterprise, suppliers and manufacturers, and national security industries.