Your attacker got root? LURE has your back!
Bulletproof security for embedded Linux systems

LURE ensures the integrity and confidentiality of critical system software through:

  • At-rest Encryption
  • Runtime Process Protection
  • Operating System Hardening
  • Mandatory Access Control (MAC) policy

LURE Addresses a Wide Range of Cyber Threats


  • Prevents unauthorized configuration changes to the system
  • Prevents unauthorized software updates and jail breaking
  • Prevents reverse engineering
  • Prevents intellectual property / data theft
  • Prevents attackers using the operating system functionality to exploit the system
  • Continues to provide protection even when attackers have root-level access


  • Reduces attack surface
  • Prevents using system hardware resources to exploit the system
  • Prevents side-loading applications and OS updates
  • Prevents execution of unauthorized applications
  • Prevents access to peripheral devices to unauthorized applications and users

 

Interested In How LURE Addresses These Threats?

  • Simplified Mandatory Access Control (MAC) to enforce system policy
  • Restricted access to the devices and resources used to write to flash, NVRAM, and physical storage
  • Enforcement and integrity verification of system configurations
  • Signature and checksum verification on data, configuration files, and applications before use
  • Restricted access to configuration files of protected applications
  • Limited access to sockets, pipes, and shared memory used by protected applications, ensuring that an attacker cannot interact with these IPC mechanisms in order to subvert the protections or alter system configuration
  • Removal of non-critical operating system functionalities
  • Restricted access to application state interfaces
  • Enables applications to be executed in standalone containers or namespaces similar to docker or chroot environments
  • Encryption of protected applications, data files, and configurations at rest
  • Prevention of debugging protected applications, copying the application for offline analysis, reading the contents of protected applications, and loading unauthenticated libraries into a protected application
  • Encrypted data and configuration file can only be accessed by protected applications

 

Want to learn more about LURE?
Schedule a Demo