Shield is RIoT Secure’s runtime firmware protection layer, designed to safeguard application logic and intellectual property on physically accessible IoT devices. Built as a security extension tightly integrated with Brawl, Shield protects WebAssembly-based firmware against reverse engineering, memory inspection, and unauthorized modification - even when an attacker has direct access to the device hardware. Unlike communication security or hardware sandboxing, Shield addresses a different threat model: the moment firmware is at rest or executing on the device itself.
When Physical Access Becomes the Attack Vector
In many real-world deployments, IoT devices operate in environments where physical access cannot be prevented. Once a device is accessed, traditional protections often fall apart: firmware can be extracted from flash memory, disassembled using standard toolchains, and analyzed or modified at leisure. This risk is amplified in embedded systems where application logic is compiled into well-known instruction sets such as ARM, AVR, or MIPS. With readily available debugging tools, reverse engineering becomes a practical - and often straightforward - attack.
Shield exists specifically to address this gap.
A Different Layer of Security — Beyond Transport and Hardware Isolation
Many security approaches focus on protecting communication channels or isolating execution through hardware mechanisms. While these measures are essential, they do not prevent an attacker from extracting or analyzing firmware once it resides on the device. Shield operates inside the execution environment itself, encrypting application logic and memory regions in real time. Firmware is delivered to each device in encrypted form, decrypted only within the controlled context of the Brawl runtime. This ensures that:
- Extracted firmware images are unusable
- Application logic cannot be statically analyzed
- Memory inspection yields encrypted data
- Firmware modification attempts are detected or rendered ineffective
Each device receives a unique encrypted firmware instance, further reducing the value of any single compromise.
Runtime Protection Without Custom Hardware
Traditional approaches to firmware protection often rely on intrusive hardware countermeasures - secure memory regions, proprietary chips, or vendor-specific IP protection features - which must be designed into the hardware early and can significantly increase cost and complexity. Shield provides comparable protection without requiring specialized hardware. By integrating encryption directly into the WebAssembly execution model, Shield delivers strong intellectual property protection as part of the software lifecycle - making it deployable across a wide range of hardware platforms without redesign. This makes Shield particularly well-suited for scalable IoT deployments where hardware diversity and long product lifetimes are the norm.
Designed for WebAssembly, Integrated with Brawl
Shield is purpose-built for WebAssembly-based execution and operates as a native extension of the Brawl runtime. This tight integration allows Shield to protect firmware dynamically, rather than relying on static encryption schemes that can be bypassed once decrypted in memory. Together, Brawl and Shield provide:
- A portable, standardized execution layer (WebAssembly)
- A sandboxed runtime environment
- Continuous, real-time protection of application logic and memory
- Secure lifecycle delivery through Oasis and µTLS
This layered approach ensures that WebAssembly modules remain protected from delivery, through execution, and throughout the device lifecycle.
Protecting Intellectual Property at Scale
Shield is designed for organizations whose competitive advantage depends on proprietary algorithms, business logic, or data processing workflows deployed at the edge. By protecting firmware at runtime, Shield enables companies to deploy advanced functionality - including AI-related logic - without exposing valuable intellectual property to reverse engineering or cloning. This protection remains effective even as firmware is updated over the air, ensuring that intellectual property stays protected throughout the entire lifecycle of the device.
Shield - runtime protection for WebAssembly firmware, securing what matters most when devices are physically accessible.
