Your attacker got root? LURE has your back!
Embedded Linux System Hardening and Security

Are you still protected when an attacker gains root level access to your system?  A common misconception is that a combination of perimeter protections such as firewalls and intrusion detection systems in addition to information assurance controls like passwords are sufficient for keeping your data safe.  Unfortunately, attackers continue to prove otherwise.

Our approach begins with the assumption that the attacker will gain admin access to your system.  LURE is specifically designed to protect critical software applications, configurations and data from unauthorized access, modification, reverse engineering or theft by malicious insiders.  As such, Star Lab’s LURE product offers the most robust Linux system hardening and security capabilities available on the market today for operationally-deployed Linux systems.

LURE ensures the integrity and confidentiality of critical system software through:

  • At-rest Encryption
  • Runtime Process Protection
  • Operating System Hardening
  • Mandatory Access Control (MAC) policy
  • Helps address 96% of RMF (NIST 800-53) technical controls

SaveSave

SaveSaveSaveSaveSaveSave

SaveSaveSaveSave

LURE Addresses a Wide Range of Cyber Threats


  • Prevents unauthorized configuration changes to the system
  • Prevents unauthorized software updates and jail breaking
  • Prevents reverse engineering
  • Prevents intellectual property / data theft
  • Prevents attackers using the operating system functionality to exploit the system
  • Continues to provide protection even when attackers have root-level access


  • Reduces attack surface
  • Prevents using system hardware resources to exploit the system
  • Prevents side-loading applications and OS updates
  • Prevents execution of unauthorized applications
  • Prevents access to peripheral devices to unauthorized applications and users

How Does LURE Address These Threats?

  • Simplified Mandatory Access Control (MAC) to enforce system policy
  • Restricted access to the devices and resources used to write to flash, NVRAM, and physical storage
  • Enforcement and integrity verification of system configurations
  • Signature and checksum verification on data, configuration files, and applications before use
  • Restricted access to configuration files of protected applications
  • Limited access to sockets, pipes, and shared memory used by protected applications, ensuring that an attacker cannot interact with these IPC mechanisms in order to subvert the protections or alter system configuration
  • Removal of non-critical operating system functionalities
  • Restricted access to application state interfaces
  • Enables applications to be executed in standalone containers or namespaces similar to docker or chroot environments
  • Encryption of protected applications, data files, and configurations at rest
  • Prevention of debugging protected applications, copying the application for offline analysis, reading the contents of protected applications, and loading unauthenticated libraries into a protected application
  • Encrypted data and configuration file can only be accessed by protected applications

 

Want to learn more about LURE?
Schedule a Demo