RunSafe Protect
RunSafe Protect is a runtime code randomization tool that protects your C/C++ applications against code-reuse attacks by randomizing the binary layout at runtime.
What is RunSafe Protect?
RunSafe Protect implements runtime binary randomization that shuffles function order and memory layout each time your application runs. This makes it significantly harder for attackers to exploit memory corruption vulnerabilities through code-reuse attacks like Return-Oriented Programming (ROP) and Jump-Oriented Programming (JOP).
Key Features
- Zero code changes required: Works with existing C/C++ codebases without needing to change or annotate your source code
- Trivial build-time integration: Install our
alkemist-lfrpackage and make a simple one-line change to your build commands to get protections baked into your software - Runtime randomization: Unique binary layout on every execution or library load, with function-level granularity
- Zero runtime performance impact: RunSafe performs randomization at startup then is done executing, so runtime throughput of your software remains unchanged
Getting Started
To get started with RunSafe Protect:
- Choose your platform from the Integration Guides
- Install the
alkemist-lfrpackage - Specify your license key
- Add
lfr-helperto your build commands - Verify the integration
Supported Platforms
RunSafe Protect supports integration with various Linux distributions and embedded systems:
For platforms not listed, contact [email protected] for assistance.