The Role of Runtime Protection in Securing Embedded Devices

Embedded devices form the backbone of critical infrastructure, from SCADA systems monitoring and controlling industrial processes to the software running medical devices and transportation systems. With so much relying on these devices, securing them against attack is a top concern, particularly as nation-state actors continue to target critical infrastructure to gain a foothold into key systems. Securing embedded devices, however, is notoriously difficult. 

The Challenges of Securing Embedded Systems

Software manufacturers and asset owners across critical infrastructure run into several challenges when looking to improve the security of embedded systems, including resource constraints, the product lifespan, supply chain concerns, and following secure development best practices, like addressing memory safety.

1. Resource Constraints

Embedded devices are often resource-constrained, meaning they have limited processing power, memory, and energy. Adding security measures can have a negative effect on performance, making it impractical or difficult to add security features at the device level.

2. Legacy Systems

Embedded software products and programs typically have long lifespans, easily operating for 10 to 30 years. These systems are often difficult or impossible to patch, making them susceptible to a breach as new vulnerabilities emerge.

3. Software Supply Chain Risk

Embedded systems integrate hardware and software from a variety of vendors, increasing the attack surface. A vulnerability in software from a third-party could be exploited and compromise the entire system.

4. Memory Safety Concerns

The widespread use of C/C++ in embedded systems across critical infrastructure leaves the door wide open for attackers to target memory-based vulnerabilities, like buffer overflows and use-after-free errors. The prevailing guidance is to rewrite C/C++ code into a memory safe language, like Rust. However, the cost to rewrite code could easily run into the millions and will take years to accomplish, leaving embedded systems vulnerable in the meantime.

Understanding Runtime Protection

Runtime protection is a security solution that allows embedded devices to defend themselves while deployed in the field, including from attacks like malware, code injection, backdoors, zero-day vulnerabilities, and memory-based attacks. It is ideal for protecting legacy systems where patching is difficult and where resource constraints are a major concern.

Many developers have likely heard of or deployed Address Space Layout Randomization (ASLR), a type of runtime protection that randomizes the base address of a program each time it is executed to help improve security against memory corruption vulnerabilities. ASLR, however, has its weaknesses. Because it relies on coarse-grained randomization, moving an entire program as one unit, it can be easily defeated by one information leak.

To address this, a new type of runtime protection, called Load-Time Function Randomization (LFR), takes things a step further to better defend embedded systems. LFR provides more granular protection by randomizing each function within a program every time the software is run, creating a unique memory layout with orders of magnitude greater entropy in code address layout than ASLR.

The ability to randomize memory at the device level every time software is run allows for proactive defense of embedded systems that prevents attackers from finding a path to exploitation.

The Benefits of Runtime Protection for Embedded Devices

One of the key advantages of runtime protection is its ability to secure software without requiring developers to rewrite existing code into memory safe languages. This is particularly valuable for embedded systems with legacy code bases.

Additionally, implementing runtime protection for embedded devices offers several significant benefits:

• Reduces the attack surface: By addressing memory-based vulnerabilities, runtime protection significantly reduces the attack surface of embedded devices.
• Future-proofs software: Runtime protection safeguards software against both known and unknown memory-based vulnerabilities, including zero-days, increasing software resilience.
• Smooths out the patching process: With runtime protections applied, organizations can evaluate the severity of a new vulnerability and whether their existing protection measures prevent exploitation. If so, they can align patching and security updates with planned software upgrades to minimize impact on uptime and prevent delays in time to market.
• Increases developer productivity: By automating code protection, developers are freed from the constant cycle of patching vulnerabilities and can focus on building innovative features.
• Causes minimal performance impact: Runtime protection solutions typically have little overhead, allowing software to run at peak performance with no additional load on system resources.
• Improves compliance and transparency: Runtime protection helps organizations meet regulatory standards and build trust with customers by demonstrating a commitment to securing critical embedded devices.

Securing Critical Infrastructure Today and Into the Future

Runtime protection has an important role to play in defending embedded devices from known vulnerabilities that leave gaps in the security of our critical infrastructure and for defense against future threats.  As we move forward, runtime protection will undoubtedly play an increasingly vital role in ensuring the long-term security and reliability of embedded systems and their resilience against attack.

Learn more about safeguarding the code underlying embedded software: Safeguarding Code: A Comprehensive Guide to Addressing the Memory Safety Crisis.