Linux Symbolic Links: Convenient, Useful, and a Whole Lot of Trouble

Symbolic links, or symlinks, are a feature pretty familiar to anyone with a *nix background. These file shortcuts have been around in Unix since the early 1980s and have been a part of POSIX since its inception. Today they are supported almost everywhere: Linux, MacOS, Android, every flavor of Unix, and even Windows supports symlinks. They are ubiquitous, convenient, useful…and occasionally dangerous. 

Read More
Ben Fogle
Is there a STIG for KVM? Investigating STIG Compliance as it Relates to Virtualization

For organizations operating within regulated environments, it is important that their systems be robustly protected against potential attacks. Many times, this is done through the use of Security Technical Implementation Guides (STIGs) applied to their system. Until recently, it has been unclear what, if any, STIGs are available for Linux-based virtualized systems.

Read More
Matthew Fahrenkrug
FMS Readiness: A Critical Paradigm to Maintaining US Technological Advantage

FMS-readiness is quickly emerging as an important element to the U.S. National Defense Strategy. With roughly $41B[1] being spent on FMS cases each year, The U.S.’s efforts to prevent the rogue development and unintended transfer of critical military technologies continues with importance.  Still, FMS programs are expensive and fraught with risk. These programs have more stakeholders, expanding requirements, and demands to protect critical technology. Unfortunately, most baseline programs, if triggered to perform an FMS program for the first time, are surprised at the requirements and often take an adversarial posture to meeting them.  To counter this attitude and continue the important function of protecting our critical technology, programs should adopt an FMS-ready mindset during baseline development.

Read More
Adam Fraser
Achieve Modern IP Protection with Zero-Trust Strategies for the Edge

Have you seen Top Gun? Not the second one, the original.  It’s a great movie for sure.  The flying, the music, the iconic volleyball scene. However, there is a thread, a movement, through the movie where Maverick turns from his callsign. He transforms from a “Go it alone” pilot no one can trust to a teammate, beloved and celebrated.  Zero trust … Maverick’s Top Gun classmates had zero trust in the rash, undisciplined, unproven pilot. This same skepticism is at the core of today’s promotion of a new security paradigm called Zero Trust.  For decades, static, network-based defenses have been employed, and even worse, they have been assumed to be effective.  Nothing is further from the truth.   

Read More
Adam Fraser
Secure Boot is hard! Lessons Learned from the BlackTech Firmware Compromise

At first glance, the latest BlackTech firmware attack isn’t all the interesting as it’s a fairly run of the mill firmware / system-level attack, and that is mostly true. There are, however, a couple aspects worth digging into and discussing in more depth, specifically as they relate to larger system security and extrapolating these concerns to Linux-based systems.  

Read More
Achieve Modern IP Protection by Protecting the Host

My last blog described what Star Lab’s believes is a sound, modern approach to achieving effective protection for software IP. Globalization, as well as the rapid adoption of digital technologies into all aspects of business operations, have companies thinking more and more about how they protect their software IP once it leaves their control, i.e., once it is sold to a consumer.

Read More
Adam Fraser
How does eBPF Malware perform against Star Lab’s Kevlar Embedded Security?

Those crafty hackers.  Not surprisingly, every time the design of an operating system is improved someone demonstrates how the design can also be abused. The inclusion of the Berkley Packet Filter (BPF) technology is an example of one such improvement. In this blog, not only will we highlight some  of the malware used to abuse the BPF facility, we will describe our experiment to employ it against systems that are protected by Kevlar Embedded Security to answer the question – how will an eBPF malware attack fair against a system protected by Kevlar Embedded Security? 

Read More
Richard Schmitt
A Modern Approach to IP Protection in Embedded Systems

Why is security important?  What purpose does it ultimately serve?  For some its purpose is to ensure uninterrupted operations.  For others, it is important to protect sensitive customer data, avoid reputational damage, or address liability risk.  The cost of compromise takes many forms. 

Read More
Adam Fraser
Can You Trust the Data Coming Into Your SIEM?

Format and normalize audit events from each source; synchronize clocks between all event sources; establish filter rules to get rid of the daily noise. Wait…. Did we just filter out too much noise? Was that event we just ignored important? We can probably all agree, the hardest and most complicated parts of audit logging are ensuring you are logging only what you need and performing the actual analysis on the aggregated audit entries. These tasks are generally the job of a Security Information and Event Management (SIEM) and human analysts, but before we can even get to log analysis, we need to carefully consider something on the back end - can we trust our log and audit data? 

Read More
Jonathan Kline
Is Application Security the Golden Ticket?

Application Security, or AppSec, is the process of adding some form of static and/or dynamic analysis of code, usually to a build pipeline or similar CI / CD environment. AppSec helps check code for various code quality issues and potential security vulnerabilities that have either caused a vulnerability in the past, appear in a list like the OWASP Top 10, or have the potential to be misused. Depending on the specific application, and how it is used / deployed, AppSec may be a value add to the overall system security, but it is not the whole story here. 

Read More
Jonathan Kline