RunSafe, a Mclean Virginia startup, got started doing research for DARPA on how to defend critical infrastructure. They built a commercial product based on that initial research that they claim eliminates an entire class of attacks. Today, the company released a product called Alkemist that enables customers to install the solution without help from RunSafe.
RunSafe co-founder and CEO Joe Saunders says that the product began with the DoD research and a simple premise: “If you assume hardware in the supply chain is compromised, can you still build trusted software on top of untrusted hardware. And so we came up with techniques that we have since greatly expanded to protect the software from compromise. We eliminate an entire class of attacks and greatly reduce the attack surface for software across critical infrastructure,” he told TechCrunch.
Saunders uses a data center cooling system as an example. If someone were able to control the cooling systems, they could cause the whole data center to overheat in order to shut it down. RunSafe is designed to prevent that from happening whether it’s a data center, a power plant or water works.
The way they do this is by hardening the software binary so malware and exploitations can’t find the tools they need to execute across the infrastructure. In the data center example, that means the attacker could find their way in, and attack a single machine, but couldn’t replicate the attack across multiple machines.
“They’re looking for functions and memory and different things that they can use in their exploitation. What we do is we make it very difficult for the attack tool to find that information, and without the ability to find the memory or the functions, they can’t execute their attack,” he said.
He says that they do this by making every instance “functionally identical but logically unique” by relocating where functions and memory exist at a low level in the software. “When an exploit is looking for memory or function t..