Memory Protection for Embedded Software, RunSafe Security Platform, RunSafe Security
Photo Gallery
Memory Protection for Embedded Software, RunSafe Security Platform, RunSafe Security
Additional Info
Company | RunSafe Security |
Website | runsafesecurity.com |
Company size (employees) | 10 to 49 |
Headquarters Region | North America |
Overview
RunSafe integrates its technology into the software build process to provide runtime protection. During this process, it generates a comprehensive Software Bill of Materials (SBOM), identifying all components and vulnerabilities within a software package. RunSafe not only resolves existing vulnerabilities but also reduces exposure to future zero-day threats by automating the remediation of 1st party, 3rd party proprietary, and open-source code. This is done seamlessly within the developer’s CI tool, like GitLab or GitHub, without impacting performance.
RunSafe’s unique load-time function randomization technology shifts the memory location of software functions each time they load, preventing attackers from creating reliable exploits. This approach offers protection against over 70% of vulnerabilities, significantly reducing attack surfaces while improving operational efficiency.
RunSafe automates patching, alerts customers when they are protected from newly disclosed vulnerabilities, and allows developers to focus on feature development instead of security maintenance. The solution requires no code rewrites, does not change system behavior, and avoids adding software agents to devices. It introduces no impact on system overhead while ensuring randomized memory layout at load time without runtime changes.
Additionally, RunSafe monitors software in real-time, identifying crashes caused by cyberattacks and distinguishing them from those caused by bugs. This dual monitoring enhances code quality while further reducing the attack surface, providing a fully integrated, automated cybersecurity solution for embedded software development.
Key Capabilities / Features
RunSafe offers fully automated memory protection and vulnerability remediation, seamlessly integrating into existing CI tools without affecting performance or requiring code rewrites. Key benefits include comprehensive SBOM generation, reduced attack surfaces, and enhanced security for open-source and proprietary components, allowing developers to focus on innovation.
Past attempts to protect software memory include Address Space Layout Randomization (ASLR) and Control Flow Integrity (CFI). With regard to ASLR, because the solution is simply an offset in memory, a single information leak leads easily to an attacker’s exploit to still succeed. RunSafe randomizes memory at the function level - which is far more granular - so that the randomization is not referential. An information leak may result in identifying one random function but the attacker still can't find any of the other functions. Our diversity in randomization prevents the exploit from succeeding. Given the average binary contains 228 functions, our diversity achieved from software load to software load is 10^228 on average.
RunSafe has substantial advantages in both deployment costs and performance. RunSafe is an automated tool that does not require any prior knowledge of the control flow prior to applying our protections whereas CFI requires analysis of the full control flow graph and extensive testing before its protections can be applied - otherwise it runs the risk of breaking the functionality and causing the code to crash. Additionally, because a full control graph with CFI could add 10-20% overhead, most CFI systems optimize what guard rails get added to help reduce the overhead hit to the system performance. This leads to unprotected aspects of memory due to performance trade offs. There is no prior knowledge is needed and no optimizations are required to improve system performance. our overhead remains less than less less than 1%.
How we are different
We automate the generation of SBOMs, identify vulnerabilities and score attack surface reduction, and automate remediation, and we capture software crashes to identify bugs or attacks. We do this all from open source to in-house code to runtime - with a feedback loop. Our platform is extensible beyond our core protections around memory safe languages and we expect to continue to add value in an automated fashion with our unique methods of disrupting hacker economics.
Fully Automated Security and Remediation: Unlike competitors such as Karamba and Sternum, RunSafe offers a fully automated process that integrates seamlessly into existing CI tools like GitLab or GitHub. This automation allows for continuous security at build time without disrupting development workflows or requiring manual intervention, saving developers time and ensuring that security doesn't slow down new feature development.
No Impact on System Performance or Code Rewrites: RunSafe provides memory protection without impacting system performance or requiring code rewrites, which is a distinct advantage over competitors like Morphisec and Red Balloon. By relocating software functions in memory at load time, RunSafe mitigates memory-based vulnerabilities without altering system behavior or introducing runtime changes, making it more efficient than solutions that require performance compromises.
Comprehensive SBOM Generation and Remediation: RunSafe stands out against SBOM-focused competitors like Snyk and Synopsys by not only generating a complete SBOM at build time but also automating the remediation process. Unlike these competitors, who often miss dependencies and require manual updates to open-source software, RunSafe builds SBOMs with perfect information and automates the entire remediation process, eliminating vulnerabilities without developer intervention.
-
Vote for this Nomination
(click the thumbs-up icon to cast your vote)
You need to be a registered member to vote for this nomination. Please register here.
Loading...