RunSafe Security has added integration support for Yocto Project distributions to Alkemist, a security solution that leverages remotely deployable binary protection mechanisms to defend against memory corruption exploits. Yocto developers can now simply add a layer into their build environments to support Alkemist without ever modifying a line of code or delaying releases.
Alkemist helps reduce the attack surface of Yocto-built embedded systems, which contain identical images that mean a single vulnerability could potentially impact thousands of systems. Alkemist does this through a procedure called load-time function randomization (LFR), which restacks functions in memory before a process starts to execute in order to create a higher degree of memory diversity.