Skip to main content

Building Resilient IoT Devices: Binary Hardening with Yocto and Clang

This paper addresses the critical need for enhanced security in Internet of Things (IoT) devices by evaluating the implementation of binary hardening techniques using Clang security features within the Yocto build environment. Recognizing that product managers are often resistant to adopting binary hardening security features due to perceived performance impacts on resource-constrained devices, a cost-benefit analysis was conducted to assess the actual performance impact of various Clang security flags on key metrics such as binary size, device boot time, and service response time. Binaries are compiled using default settings and individual security flags to identify which security enhancements impose minimal performance costs and can be enabled by default. In contrast, enhancements that incur higher costs are identified and should be selectively implemented for critical services. Additionally, a tool was introduced designed to simplify the addition and management of Clang security flags within Yocto, facilitating easier testing and experimenting within the Yocto build system. The study’s findings provide actionable insights for product managers and developers, offering practical recommendations for balancing security and performance in IoT devices. By demonstrating that certain security features can be implemented without significant performance degradation, this research encourages the adoption of security measures essential to modern server-class systems, ultimately contributing to the development of more resilient IoT devices.

Download file

SANS_Building_Resilient_IoT_Devices_Binary_Hardening_with_Yocto_Clang (PDF, 0.62MB)

3 Mar 2025
ByWilliam Terwilliger
Share
All papers are copyrighted

No re-posting of papers is permitted

Related Content

Untested: An Overlooked Link in the Software Supply Chain

Research Paper

This research explores test code as an attack surface and takes a first step toward creating a tool to help analysts detect and mitigate malware lurking in test libraries.

  • 16 Apr 2026

Cyber Risk Intelligence and Security Posture (CRISP): From Compliance to Threat-Informed Intelligence

Research Paper

This paper presents CRISP (Cyber Risk Intelligence & Security Posture), a platform that automates the transformation of STIG compliance data into threat-informed security intelligence.

  • 7 Apr 2026

Enhancing Linux Threat Detection: A Sysmon - Based Approach to Identifying Sandworm TTPs

Research Paper

Linux systems have become foundational across modern IT enterprises. Threat actors are increasingly targeting Linux systems, including well - known advanced persistent threats (APTs) such as Sandworm.

  • 20 Mar 2026

Open-Source National Security Infrastructure for Sweden’s National Security Apparatus

Research Paper

This paper investigates whether core IT infrastructure implemented using open-source software and infrastructure-as-code techniques can achieve compliance with selected information security requirements defined in Chapter 4 of PMFS 2022:1.

  • 18 Mar 2026

Configuring Windows 11 Workgroup Computers to CIS Windows 11 L1 and BitLocker Baseline Recommendations Using PowerShell DSC

Research Paper

Endpoints are often the first points of cyberattacks. Enterprises would often try to harden them according to established security baselines, such as those published by the Center for Internet Security (CIS).

  • 24 Feb 2026

Infrastructure as Code-Driven Group Policy Infrastructure: A Comprehensive Engine for Group Policy Architecture and Enforcement

Research Paper

This study introduces a PowerShell-based Infrastructure as Code (IaC) engine developed to automate the setup and enforcement of a STIG-compliant Group Policy framework.

  • 5 Dec 2025

SANS 2025 Detection and Response Survey Webcast and Forum

Research Paper

As cyber threats grow in complexity and frequency, organizations' strategies for detection and response must continuously evolve. The SANS 2025 Detection and Response Survey white paper delves into the current state of cybersecurity operations, questioning whether the heavy emphasis on endpoint detection is creating new blind spots.

  • 26 Nov 2025
  • Josh Lemon

Defending Vulnerable Populations Against Scams: Effectiveness of Browser Extensions in Mitigating Scammer Attack Chains

Research Paper

This research evaluates the effectiveness of a browser extension as a security control—Grandma’s Guardian—designed for simplicity and accessibility so that even non-technical home users can benefit from enterprise-grade protection.

  • 19 Nov 2025

Building Scalable Detection-as-Code Pipelines with Agentic Validation and Refinement

Research Paper

The proposed DaC pipeline uses large language models (LLMs) for logic conversion, variant analysis, and simulation testing via Atomic Red Team, with queries executed against Splunk to measure true positives and false negatives.

  • 6 Nov 2025

Isolated Trust: Zero Trust in Standalone Systems

Research Paper

The use of air-gapped, isolated systems remains an essential tool for organizations that require high confidentiality or integrity, including those in the government, industrial control systems, and the banking industry.

  • 6 Nov 2025

"You Again": Fingerprinting and Tracking Mechanisms of Malicious Sites

Research Paper

Browsers provide many APIs for any visited site to perform stateful and stateless tracking, and legitimate websites utilize these capabilities. Yet little is widely known about what tracking, if any, malicious sites perform.

  • 26 Sep 2025

Evaluating Zero Trust Network Access: A Framework for Comparative Security Testing

Research Paper

Evaluating Zero Trust Network Access: A Framework for Comparative Security Testing

  • 11 Jul 2025

AI-Driven Insecurity: Assessing Security Gaps in AI Generated IT Guidance

Research Paper

The increasing reliance on AI-generated technical guidance for IT system configuration introduces significant security risks. This study assesses these risks through a case study: setting up an Apache web server on a Rocky Linux system using instructions from seven AI models.

  • 13 May 2025

SIEM Detection Logic Conversion with LLMs

Research Paper

This research explores how Large Language Models (LLMs) and automation scripts can expedite the translation of detection logic between SIEMs, converting detections in minutes instead of hours.

  • 2 May 2025

Validating the Effectiveness of MITRE Engage and Active Defense

Research Paper

This research examines the impact of Active Defense compared to a traditional security posture when an adversary employs common tactics and techniques to identify high-value targets or exfiltrate sensitive data.

  • 29 Mar 2025

Shift Left the Awareness and Detection of Developers Using Vulnerable Open-Source Software Components

Research Paper

The number of open-source software components, as well as the number of existing security...

  • 26 Mar 2025

Strolling Through the STIG

Research Paper

The CKL file has become the unofficial common language amongst the Department of Defense activities...

  • 7 Mar 2025

Identifying Advanced Persistent Threat Activity Through Threat-Informed Detection Engineering: Enhancing Alert Visibility in Enterprises

Research Paper

Advanced Persistent Threats (APTs) are among the most challenging to detect in enterprise...

  • 20 Feb 2025

Persistence Busters: High Impact Methods for Adversary and Threat Detection

Research Paper

This research investigates the top persistence techniques targeting Windows systems as documented in the MITRE ATT&CK framework and how to detect them.

  • 7 Feb 2025

Evaluating Modern Network Protocol Fingerprinting: Defending Bastion Hosts in Hostile Networks

Research Paper

Adversaries continue to attack the network perimeter and trusted user workstations to gain access to...

  • 6 Feb 2025