continuous delivery of runtime-protected code
Many of today’s most damaging cyber attacks exploit memory corruption vulnerabilities (e.g. heap overflow, stack overflow), which persist even with code scanning.
RunSafe Security’s Alkemist is a suite of software tools that apply memory protections directly into code, enabling that code to protect itself from memory corruption vulnerabilities without altering the functionality of the code.
Alkemist provides run-time protection to a wide range of systems without changing original functionality. Alkemist reduces attack surfaces and improves Cyber Supply Chain Risk Management (C-SCRM). Target software includes in-house developed, COTS, GOTS, and open source running on IT enterprise equipment, OT and IoT devices, and specialized embedded systems. Alkemist protected software components are immunized against memory corruption attacks, including zero-days. Alkemist disrupts memory exploitation by varying the attack surface (the layout of your code).
Alkemist products seamlessly integrate protections into your software development life cycle at build or deploy time. With Alkemist, you have two options: Alkemist:Source and Alkemist:Repo.
Alkemist:Source randomizes the memory address for each function, making reliable exploitation nearly impossible for an attacker. Alkemist:Source uses a proprietary technique called Load-time Function Randomization (LFR).
- Low Overhead
- Alkemist:Source has an imperceptible effect on program initialization and runtime performance. When using the SPEC CPU2006 test suite, Alkemist:Source adds less than a 1% overhead to most of the benchmark running times. This percentage drops even lower when Alkemist:Source is applied to long-running services/daemons.
- Load-time Randomization
- Binaries built with Alkemist:Source are randomized when loaded into main memory. This means that protected programs can be distributed just like traditional programs and can use the same checksum and signature tools too.
- Easy to Use
- No changes to build tools or processes are required. In most cases, using Alkemist:Source is as easy as prepending our helper script to the beginning of your build command.
How Alkemist Works
An important aspect of Alkemist:Source is that while functions move around in memory, the functionality of the program stays identical. One way to assess functionality is to look at the call graph of a program. Let’s consider a simple program with five functions with a call graph shown in the left of the figure below. The call graph would read: Function 1 calls Function 3, Function 3 calls Function 2, Function 2 calls Function 4, and Function 4 calls Function 5. For simplicity’s sake, consider all functions to be contiguous in memory in the order shown in the figure. On the right is the same program, with the same five functions, after the program is executed and Alkemist:Source randomizes the functions in memory. You will see that while the functions are not in the same location, the call graph is the same.
By building Alkemist:Source into your software, you deprive the attacker the ability to reliably exploit your software because the code they need to execute is never in the same place twice. Additionally, any failed attempts to exploit Alkemist:Source-protected software result in the program crashing. When the software is launched again, any information an attacker could gain from the previous failed exploit attempt would not be useful because the program will have been randomized again.
Alkemist:Source allows you to continue using your existing compiler and linker. We accomplish this by sitting in front of the linker, making the modifications needed, and then calling your linker. This process can be seen in the figure below. The top path through the process is what a normal build looks like, abstracting away the infinite complexities that build systems bring. Alkemist:Source has been proven to work with builds as simple as a “Hello, World” example built with GCC all the way to a complex Yocto-based build using different compilers per project. With Alkemist:Source in the mix, compilation takes a slightly different path at the linking stage, where we inject information needed to accomplish our runtime randomization.
Alkemist:Repo applies Alkemist:Source to common open-source applications, repackaging them with memory protections by default.
- Proven Protection
- Alkemist:Repo offerings infuse run-time cyber protections directly into open source code using Alkemist:Source technology. Software is automatically secured from the most common and severe types of cyber attacks with the highest level of protection.
- Secures Third-Party Software
- When using open-source software, developers have minimal insight into and control over the security of those applications. By using Alkemist:Repo, the same applications can be used while knowing that an entire class of security vulnerabilities has been mitigated.
- Seamless Integration
- Deploying with Alkemist:Repo is as simple as modifying where your software is currently installed from to point at RunSafe servers.
Alkemist:Flare continuously monitors the health of your systems during runtime to provide indicators of stability, reliability and vulnerability while instantly flagging failures and potential attacks – increasing the speed and effectiveness of your cyber-attack response!
- Minimize time & resources wasted on false positives
- Trigger automated responses and detailed research to mitigate risks
- Fix code weaknesses that you didn’t even know were there