Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Sophisticated Linux Security – but not for the masses?

By Archis Gore

October is Cybersecurity Awareness Month. It’s an initiative aimed at helping all of us improve our online safety and security by implementing stronger cybersecurity practices.

Frankly, that’s a topic that’s close to my heart.

To quote Arthur Conan Doyle, “it’s easy to be wise after the event.” But that doesn’t do you much good if your business has just been hacked, or if you’ve become the victim of a ransomware attack. Polyverse’s Phillip Cockrell highlighted the full dangers and impact of ransomware in his recent blog. He pointed out that the worst-case examples of successful ransomware attacks involved losses close to $1 billion and took months to recover from.

My philosophy is that it’s far better to be wise before the event. And that involves being more creative and innovative than the bad guys. I reckon it’s time to take the initiative and make the cybercriminal’s job infinitely more difficult.

Let me explain how that can be done.

The Linux Randstruct plugin

Linux is a great starting point for anyone looking for a robust, stable, and secure environment for running mission-critical systems. It is equipped with a strong kernel security framework with plugins to handle authentication and privileges; access permissions; intrusion detection; program resource restrictions; encryption; and secure networking.

But sometimes, strengths can also be weaknesses. And cybercriminals love to find any chink in your armor that they can exploit.

The strength (and weakness) of Linux is its consistent, homogenous layout and structure. The upside of that uniformity is the army of developers who understand it and are on hand to support or improve it. The downside is that sinister hackers also have an intimate knowledge of the Linux structure and layout. That’s all they need to get started on crafting their attacks.

Which brings me to a little known secret weapon that Linux has been hiding under the hood.

It’s called the Randstruct plugin and it has been supported since version 4.8 of the Linux kernel. This plugin makes it possible to randomize and rearrange the structure of the Linux build at compile time, resulting in an entirely unique binary layout.

Structural randomization makes the hacker’s job exponentially more difficult. They no longer know where everything is located. They would have to craft a hugely complex one-off attack if they want to crack this singularly exclusive Linux layout.

This all sounds fantastic, but it comes with a huge “gotcha”. That’s because of the randomization value (or “seed”) that the Randstruct plugin uses. If any other kernel plugins or modules are being used, the “seed” has to be shared or distributed. This means it can no longer be kept secret and it immediately becomes a security risk.

By definition, the Randstruct plugin is useless for any of the major Linux “distributions”. However, it is incredibly valuable for a highly elite club that can afford to compile their own in-house Linux builds for highly secure and controlled environments. At this point, you might be thinking about Google, Facebook, and a few other super-users.

So, what can be done for everyone else?

Democratizing cybersecurity with Polymorphing for Linux

So what about the rest of us? How can companies that are not able to write our own Linux distribution able to beat the bad guys at the arms race?

Polymorphing is the ground-breaking technology that delivers all the benefits of the Randstruct plugin but without any of the drawbacks.

Polymorphing for Linux takes the entire Linux environment (the Linux distribution source code, along with all the dependent libraries, kernel modules, and plugins) and runs it all through an advanced polymorphic compiler to scramble the low-level machine code. Best of all, there’s no need for a randomization seed to be shared with anyone. That means this supreme level of cybersecurity protection has now been democratized and is available for everyone.

The result is a uniquely hardened Linux layout designed to confound even the most determined cyber-villains and the most sophisticated attacks.

Intrigued?  If you’d like to learn more, please read the Polymorphing Whitepaper.

Interested in learning more?

Be the first to hear about the latest product releases and cybersecurity news.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.