Resource Center
Explore how Star Lab is protecting critical systems, devices, and infrastructure by delivering software security solutions and expertise.
Explore how Star Lab is protecting critical systems, devices, and infrastructure by delivering software security solutions and expertise.
11/1/22
Version 1.2 Released
ARM64 Support GA – allowlisting, static analysis for system calls and system services for system calls are now supported on ARM64.
Audit logging GA – preset configurations to send system and security-related logs securely over TLS to a remote server. Supports rsyslogd and syslog-ng.
Simple restrictive firewall – A simple firewall that can be configured at build time. In the default configuration, nothing is allowed inbound, and only a few encrypted protocols are allowed outbound.
Generic system call filtering – Apply system call filtering to arbitrary binaries.
Allowlisting – ARM64 support.
Misc improvements – Various bug fixes and usability improvements.
7/8/22
Version 1.1
Limited ARM64 Support GA (see table below) — allowlisting, system services and static analysis for system call filtering are not yet available.
Audit logging EAR — new preset configurations of rsyslogd to send system and security-related logs securely over TLS to a remote server.
File System Integrity — dm-verity provides full-disk protection with minimal extra storage and minimal overhead. The system will only boot if the disk's cryptographic hash matches, and the disk may not be modified at runtime.
Systemd System Call Filtering — Restricts systemd services to a predefined list of system calls. System call lists may be generated manually, automatically with static analysis, or automatically with dynamic analysis.
Allowlisting — general fixes.
4/1/22
Version 1.0 Released