Kevlar Embedded Security

Kevlar Embedded Security is a system hardening solution for embedded Linux devices. The product is designed using a threat model that assumes attackers will gain system access and provides protections to limit their impact. The solution prevents execution of unauthorized applications and libraries, defeats software vulnerability-exploiting attacks, ensures the Linux kernel is not modified at runtime, and prevents malicious modifications of device firmware. It removes unnecessary OS functionality that could help attackers gain access or defeat access controls. The product configures the Linux kernel to disallow techniques commonly used to modify devices and raises defenses against common memory attack techniques. It forces network settings that use secure protocols and enables protective firewall rules. Kevlar Embedded Security includes a testing suite for validating security capability integration through security checks and simulated attacks. It captures and forwards telemetry data about device state and security posture. Testing can be added to continuous integration and continuous test environments for execution upon every check-in. The solution is designed for use throughout a device's lifecycle, from development through deployment and monitoring of fielded devices.