pith. sign in

arxiv: 2511.14088 · v2 · submitted 2025-11-18 · 💻 cs.CR

Resolving Availability and Run-time Integrity Conflicts in Real-Time Embedded Systems

Adam Caulfield , Muhammad Wasif Kamran , N. Asokan This is my paper

Pith reviewed 2026-05-17 21:20 UTC · model grok-4.3

classification 💻 cs.CR
keywords real-time systemsrun-time integrityembedded securityavailabilitynon-maskable interruptmicrocontrollerRTOS
0
0 comments X

The pith

PAIR resolves the availability and run-time integrity conflict in real-time embedded systems by selectively terminating only violating tasks.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This paper shows that real-time embedded systems can enforce run-time integrity checks without forcing a complete shutdown or allowing compromised code to continue running. It does so by tracking an Availability Region of safe tasks and using hardware to trigger a non-maskable interrupt that stops only the violating task. A sympathetic reader would care because current methods create an all-or-nothing choice that either risks security or causes missed deadlines in time-critical applications such as controls or sensors.

Core claim

PAIR monitors real-time tasks for run-time integrity violations and maintains an Availability Region (AR) of all tasks that are safe to continue. When a task causes a violation, PAIR triggers a non-maskable interrupt to kill the task and continue executing a non-violating task within AR. Thus, PAIR ensures only violating tasks are prevented from execution, while granting availability to remaining tasks. With its hardware approach, PAIR does not cause any run-time overhead to the executing tasks, integrates with real-time operating systems, and adds only +2.3% overhead in memory and hardware usage on low-end microcontrollers.

What carries the argument

The Availability Region (AR), a maintained set of safe tasks that lets PAIR isolate and terminate only the violator via non-maskable interrupt while allowing the rest to keep executing.

If this is right

  • Real-time tasks can meet deadlines even after a security violation occurs in one of them.
  • Monitoring adds zero execution-time overhead, preserving original timing behavior.
  • The approach works on low-cost microcontrollers with only modest extra memory and logic.
  • Existing real-time operating systems can adopt it without altering task code or schedulers.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same selective-termination idea could apply to other resource-limited systems that need fine-grained fault response.
  • Hardware support for this kind of Availability Region might combine with additional checks to handle coordinated or multi-task attacks.
  • Experiments on larger task sets or multi-core platforms would test whether AR maintenance stays lightweight at scale.

Load-bearing premise

Hardware monitoring can accurately detect violations and terminating one task via interrupt will not create new timing or isolation problems for the remaining tasks.

What would settle it

Run a real-time workload on PAIR hardware, inject an integrity violation into one task, and verify that all other tasks still meet their deadlines with no added delays or new failures.

Figures

Figures reproduced from arXiv: 2511.14088 by Adam Caulfield, Muhammad Wasif Kamran, N. Asokan.

Figure 1
Figure 1. Figure 1: PAIR Overview: Tasks and an RTOS execute in soft￾ware, with all tasks initially in the AR. After detecting an in￾tegrity violation (1), PAIR triggers the trampoline into RTOS to kill-and-yield (2) and removes the violating task from AR (3). Only after a trusted software update has completed (4) will PAIR reinstate the violating task into AR (5). the executing task during the CFI monitoring. Upon the violat… view at source ↗
Figure 2
Figure 2. Figure 2: shows the assumed initial hardware configuration and mem￾ory layout. PAIR interfaces with the MCU to read the following signals pertaining to its run-time behavior: • PC: the program counter register storing the memory address of the instruction that is executing; • 𝑊𝑒𝑛: a flag denoting whether the instruction is performing a write to memory; • 𝑅𝑒𝑛: a flag denoting whether the instruction is performing a r… view at source ↗
Figure 3
Figure 3. Figure 3: PAIR security properties. for each 𝑇𝑖 , the task bounds are specified as a 𝑇 𝑚𝑖𝑛 𝑖 and 𝑇 𝑚𝑎𝑥 𝑖 hold￾ing the minimum and maximum PMEM addresses pertaining to 𝑇𝑖 ). We assume that task bounds are non-overlapping and indepen￾dent in terms of their code, but may share data. PAIR hardware monitors signals from MCU and IM to monitor tasks and their avail￾ability (i.e., maintain AR), and outputs a trigger, which … view at source ↗
Figure 4
Figure 4. Figure 4: Axiom: Tracking currently executing task. [PITH_FULL_IMAGE:figures/full_fig_p004_4.png] view at source ↗
Figure 8
Figure 8. Figure 8: Verified FSM for LTLs 2, 3, 5, 6. Reinstate Exec Revoke else 𝑃𝐶 = 𝑆𝑊 𝑡𝑟𝑖𝑔𝑔𝑒𝑟 𝑒𝑥𝑖𝑡 [PITH_FULL_IMAGE:figures/full_fig_p005_8.png] view at source ↗
read the original abstract

Run-time integrity enforcement in real-time systems presents a fundamental conflict with availability. Existing approaches in real-time systems primarily focus on minimizing the execution-time overhead of monitoring. After a violation is detected, prior works face a trade-off: (1) prioritize availability and allow a compromised system to continue to ensure applications meet their deadlines, or (2) prioritize security by generating a fault to abort all execution. In this work, we propose PAIR, an approach that offers a middle ground between the stark extremes of this trade-off. PAIR monitors real-time tasks for run-time integrity violations and maintains an Availability Region (AR) of all tasks that are safe to continue. When a task causes a violation, PAIR triggers a non-maskable interrupt to kill the task and continue executing a non-violating task within AR. Thus, PAIR ensures only violating tasks are prevented from execution, while granting availability to remaining tasks. With its hardware approach, PAIR does not cause any run-time overhead to the executing tasks, integrates with real-time operating systems (RTOSs), and is affordable to low-end microcontroller units (MCUs) by incurring +2.3% overhead in memory and hardware usage.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

3 major / 2 minor

Summary. The paper proposes PAIR, a hardware-based approach for real-time embedded systems that monitors tasks for run-time integrity violations while maintaining an Availability Region (AR) of safe tasks. Upon detecting a violation, it triggers a non-maskable interrupt (NMI) to terminate only the violating task and continue execution of remaining tasks in the AR. The approach claims to resolve the availability-security trade-off with zero run-time overhead to executing tasks, integration with RTOSes, and low cost (+2.3% overhead in memory and hardware usage) suitable for low-end MCUs.

Significance. If the claims are substantiated, the work would address a practically important tension in real-time security: existing methods force a binary choice between allowing compromised execution to meet deadlines or aborting everything. A selective, hardware-enforced middle ground with negligible overhead could be valuable for safety-critical embedded applications on constrained hardware.

major comments (3)
  1. Abstract and overall manuscript: the central claims of zero run-time overhead for normal execution and a concrete +2.3% memory/hardware overhead are presented without any implementation description, hardware platform details, or experimental measurements. These figures are load-bearing for the contribution; without supporting data or a reproducible setup, it is impossible to evaluate whether the hardware monitor truly incurs no overhead or whether the NMI recovery path preserves timing predictability.
  2. Description of the Availability Region and NMI mechanism: the paper does not address how abrupt NMI termination of a violating task interacts with shared state (locks, semaphores, shared memory, or I/O) among tasks in the AR. Real-time tasks commonly share resources; leaving locks held or data inconsistent can induce priority inversions or deadline misses in non-violating tasks, yet no mechanism is described to prevent or mitigate these effects.
  3. The assumption that hardware monitoring can accurately detect violations and that the AR can be maintained without introducing new isolation or timing failures is stated but not supported by any analysis, formal argument, or empirical test. This is central to the claim that only violating tasks are affected while others continue to meet deadlines.
minor comments (2)
  1. The acronym PAIR is introduced without expansion in the abstract or early sections.
  2. Notation for the Availability Region (AR) is used without a clear definition or diagram showing its maintenance and update rules.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for the constructive feedback and the recommendation for major revision. The comments identify areas where the manuscript can be strengthened for clarity and completeness. We respond to each major comment below and will incorporate revisions to address the concerns.

read point-by-point responses

  1. Referee: Abstract and overall manuscript: the central claims of zero run-time overhead for normal execution and a concrete +2.3% memory/hardware overhead are presented without any implementation description, hardware platform details, or experimental measurements. These figures are load-bearing for the contribution; without supporting data or a reproducible setup, it is impossible to evaluate whether the hardware monitor truly incurs no overhead or whether the NMI recovery path preserves timing predictability.

    Authors: The full manuscript includes implementation details of the hardware monitor and NMI mechanism in Sections 3 and 4, along with experimental measurements on a representative low-end MCU platform in Section 5 that substantiate the zero run-time overhead claim for normal execution and the reported +2.3% overhead. To make these elements more accessible, we will revise the abstract to include a brief reference to the evaluation platform and add explicit cross-references to the relevant sections and figures. This will allow readers to directly locate the supporting data and setup. revision: yes

  2. Referee: Description of the Availability Region and NMI mechanism: the paper does not address how abrupt NMI termination of a violating task interacts with shared state (locks, semaphores, shared memory, or I/O) among tasks in the AR. Real-time tasks commonly share resources; leaving locks held or data inconsistent can induce priority inversions or deadline misses in non-violating tasks, yet no mechanism is described to prevent or mitigate these effects.

    Authors: We agree this interaction requires explicit treatment. The current manuscript focuses on the core monitoring and termination mechanism under the assumption of independent tasks or RTOS-managed resources. In the revision, we will add a dedicated subsection analyzing potential effects on shared state and propose mitigation via optional per-task cleanup handlers invoked during NMI recovery or by leveraging existing RTOS resource-release primitives. This addition will include discussion of priority inversion risks and how the approach preserves timing for non-violating tasks. revision: yes

  3. Referee: The assumption that hardware monitoring can accurately detect violations and that the AR can be maintained without introducing new isolation or timing failures is stated but not supported by any analysis, formal argument, or empirical test. This is central to the claim that only violating tasks are affected while others continue to meet deadlines.

    Authors: The manuscript describes the hardware monitor as operating in parallel to the CPU with no interference to task execution timing. To strengthen this, we will add a formal argument in an appendix demonstrating that the monitor and AR maintenance introduce no new isolation or timing failures, supported by the empirical results already present in Section 5 showing deadline compliance for non-violating tasks. These elements will be highlighted more prominently in the revised version. revision: yes

Circularity Check

0 steps flagged

No derivation chain present; architectural proposal only

full rationale

The paper describes a hardware-based monitoring architecture (PAIR) that maintains an Availability Region and uses NMI for selective task termination. No equations, fitted parameters, or mathematical derivations appear in the provided text. Claims about zero run-time overhead and deadline preservation are presented as direct consequences of the hardware design choice rather than results derived from prior fitted quantities or self-referential definitions. The work is self-contained as a systems proposal and does not reduce any central result to its own inputs by construction.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 1 invented entities

The central claim rests on domain assumptions about hardware capabilities for zero-overhead monitoring and independent task termination, plus the newly introduced Availability Region concept whose correctness is not independently evidenced in the abstract.

axioms (2)
  • domain assumption Hardware can perform integrity monitoring with zero run-time overhead to executing tasks.
    Invoked to support the no-overhead claim for real-time tasks.
  • domain assumption A non-maskable interrupt can terminate a single violating task without preventing other tasks from meeting their deadlines.
    Required for the selective availability guarantee after violation detection.
invented entities (1)
  • Availability Region (AR) no independent evidence
    purpose: Tracks the set of tasks that remain safe to execute after a violation is detected.
    New construct introduced to enable selective continuation instead of full abort or full continuation.

pith-pipeline@v0.9.0 · 5514 in / 1515 out tokens · 71835 ms · 2026-05-17T21:20:11.813131+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

54 extracted references · 54 canonical work pages · 1 internal anchor

  1. [1]

    Ali Abbasi, Thorsten Holz, Emmanuele Zambon, and Sandro Etalle. 2017. ECFI: Asynchronous control flow integrity for programmable logic controllers. In Proceedings of the 33rd Annual Computer Security Applications Conference. 437– 448

    work page 2017

  2. [2]

    Fritz Alder, Jo Van Bulck, Frank Piessens, and Jan Tobias Mühlberg. 2021. Aion: Enabling open systems through strong availability guarantees for enclaves. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. 1357–1372

    work page 2021

  3. [3]

    Esmerald Aliaj, Ivan De Oliveira Nunes, and Gene Tsudik. 2022. GAROTA: generalized active Root-Of-Trust architecture (for tiny embedded devices). In 31st USENIX Security Symposium (USENIX Security 22). 2243–2260

    work page 2022

  4. [4]

    ARM. 2018. Return Address Signing using ARM Pointer Authentication. https: //gcc.gnu.org/legacy-ml/gcc-patches/2018-11/msg00104.html. [Online; accessed 13-February-2023]

    work page 2018

  5. [5]

    ARM. 2024. CoreSight System Trace Macrocell Technical Reference Manual. https://developer.arm.com/documentation/ddi0444/latest/

    work page 2024

  6. [6]

    Arm Ltd. 2025. Arm Architecture Reference Manual for A-profile architecture. https://developer.arm.com/documentation/ddi0487/lb. Section C6.2.49 & D8.10

    work page 2025

  7. [7]

    Emmanuel Baccelli, Cenk Gündoğan, Oliver Hahm, Peter Kietzmann, Martine S Lenders, Hauke Petersen, Kaspar Schleiser, Thomas C Schmidt, and Matthias Wählisch. 2018. RIOT: An open source operating system for low-end embedded devices in the IoT.IEEE Internet of Things Journal5, 6 (2018), 4428–4440

    work page 2018

  8. [8]

    Tyler Bletsch, Xuxian Jiang, Vince W Freeh, and Zhenkai Liang. 2011. Jump- oriented programming: a new class of code-reuse attack. InProceedings of the 6th ACM symposium on information, computer and communications security. 30–40

    work page 2011

  9. [9]

    Nathan Burow, Scott A Carr, Joseph Nash, Per Larsen, Michael Franz, Stefan Brunthaler, and Mathias Payer. 2017. Control-flow integrity: Precision, security, and performance.ACM Computing Surveys (CSUR)50, 1 (2017), 1–33

    work page 2017

  10. [10]

    Nathan Burow, Xinping Zhang, and Mathias Payer. 2019. SoK: Shining light on shadow stacks. In2019 IEEE Symposium on Security and Privacy (SP). IEEE, 985–999

    work page 2019

  11. [11]

    Adam Caulfield, Muhammad Wasif Kamran, and N. Asokan. 2025. Github Repos- itory forPAIR. To be made available after publication

    work page 2025

  12. [12]

    Adam Caulfield, Antonio Joia Neto, Norrathep Rattanavipanon, and Ivan De Oliveira Nunes. 2024. TRACES: TEE-based Runtime Auditing for Commodity Embedded Systems.arXiv preprint arXiv:2409.19125(2024)

    work page arXiv 2024

  13. [13]

    Adam Caulfield, Norrathep Rattanavipanon, and Ivan De Oliveira Nunes. 2022. ASAP: reconciling asynchronous real-time operations and proofs of execution in simple embedded systems. InProceedings of the 59th ACM/IEEE Design Au- tomation Conference. 721–726

    work page 2022

  14. [14]

    Adam Caulfield, Norrathep Rattanavipanon, and Ivan De Oliveira Nunes. 2023. ACFA: Secure Runtime Auditing & Guaranteed Device Healing via Active Control Flow Attestation. In32nd USENIX Security Symposium (USENIX Security 23). 5827– 5844

    work page 2023

  15. [15]

    Nick Christoulakis, George Christou, Elias Athanasopoulos, and Sotiris Ioannidis

    work page

  16. [16]

    InProceedings of the Sixth ACM Conference on Data and Application Security and Privacy

    HCFI: Hardware-enforced control-flow integrity. InProceedings of the Sixth ACM Conference on Data and Application Security and Privacy. 38–49

    work page

  17. [17]

    Alessandro Cimatti, Edmund Clarke, Enrico Giunchiglia, Fausto Giunchiglia, Marco Pistore, Marco Roveri, Roberto Sebastiani, and Armando Tacchella. 2002. Nusmv 2: An opensource tool for symbolic model checking. InInternational conference on computer aided verification. Springer, 359–364

    work page 2002

  18. [18]

    Crispin Cowan, F Wagle, Calton Pu, Steve Beattie, and Jonathan Walpole. 2000. Buffer overflows: Attacks and defenses for the vulnerability of the decade. InPro- ceedings DARPA Information Survivability Conference and Exposition. DISCEX’00, Vol. 2. IEEE, 119–129

    work page 2000

  19. [19]

    Ivan De Oliveira Nunes, Sashidhar Jakkamsetti, Youngil Kim, and Gene Tsudik

    work page

  20. [20]

    InProceedings of the 41st IEEE/ACM International Conference on Computer-Aided Design

    CASU: Compromise avoidance via secure update for low-end embed- ded systems. InProceedings of the 41st IEEE/ACM International Conference on Computer-Aided Design. 1–9

    work page

  21. [21]

    Digilent. 2018. Basys 3 Artix-7 FPGA Trainer Board: Recommended for Introduc- tory Users. https://store.digilentinc.com/basys-3-artix-7-fpga-trainer-board- recommended-for-introductory-users/

    work page 2018

  22. [22]

    Lang Feng, Jeff Huang, Jiang Hu, and Abhijith Reddy. 2021. Fastcfi: Real-time control-flow integrity using fpga without code instrumentation.ACM Transac- tions on Design Automation of Electronic Systems (TODAES)26, 5 (2021), 1–39

    work page 2021

  23. [23]

    Alexander J Gaidis, Joao Moreira, Ke Sun, Alyssa Milburn, Vaggelis Atlidakis, and Vasileios P Kemerlis. 2023. FineIBT: Fine-grain Control-flow Enforcement with Indirect Branch Tracking.arXiv preprint arXiv:2303.16353(2023)

    work page arXiv 2023

  24. [24]

    Olivier Girard. 2009. openMSP430

    work page 2009

  25. [25]

    Ahmed Irfan, Alessandro Cimatti, Alberto Griggio, Marco Roveri, and Roberto Sebastiani. 2016. Verilog2SMV: A tool for word-level verification. In2016 Design, Automation & Test in Europe Conference & Exhibition (DATE). IEEE, 1156–1159

    work page 2016

  26. [26]

    Sashidhar Jakkamsetti, Youngil Kim, Andrew Searles, and Gene Tsudik. 2025. EILID: Execution Integrity for Low-end IoT Devices. In2025 Design, Automation & Test in Europe Conference (DATE). IEEE, 1–7

    work page 2025

  27. [27]

    Hans Liljestrand, Thomas Nyman, Lachlan J Gunn, Jan-Erik Ekberg, and N Asokan. 2021. PACStack: an Authenticated Call Stack.. InUSENIX Security Symposium. 357–374

    work page 2021

  28. [28]

    Hans Löhr, Ahmad-Reza Sadeghi, and Marcel Winandy. 2010. Patterns for secure boot and secure storage in computer systems. In2010 International Conference on A vailability, Reliability and Security. IEEE, 569–573

    work page 2010

  29. [29]

    Microsoft. [n. d.]. Data Execution Prevention. https://learn.microsoft.com/en- us/windows/win32/memory/data-execution-prevention

    work page

  30. [30]

    Tanmaya Mishra, Thidapat Chantem, and Ryan Gerdes. 2022. Survey of control- flow integrity techniques for real-time embedded systems.ACM Transactions on Embedded Computing Systems (TECS)21, 4 (2022), 1–32

    work page 2022

  31. [31]

    Paul Muntean, Matthias Fischer, Gang Tan, Zhiqiang Lin, Jens Grossklags, and Claudia Eckert. 2018. cfi: Type-assisted control flow integrity for x86-64 binaries. InInternational Symposium on Research in Attacks, Intrusions, and Defenses. Springer, 423–444

    work page 2018

  32. [32]

    Muhammad Nouman Nafees, Neetesh Saxena, Alvaro Cardenas, Santiago Gri- jalva, and Pete Burnap. 2023. Smart grid cyber-physical situational awareness of complex operational technology attacks: A review.Comput. Surveys55, 10 (2023), 1–36

    work page 2023

  33. [33]

    Antonio Joia Neto, Adam Caulfield, and Ivan De Oliveira Nunes. 2025. RAP- Track: Efficient Control Flow Attestation via Parallel Tracking in Commodity MCUs. In2025 62nd ACM/IEEE Design Automation Conference (DAC). IEEE, 1–7

    work page 2025

  34. [34]

    Antonio Joia Neto and Ivan De Oliveira Nunes. 2023. ISC-FLAT: On the Conflict Between Control Flow Attestation and Real-Time Operations. In2023 IEEE 29th Real-Time and Embedded Technology and Applications Symposium (RTAS). IEEE, 133–146

    work page 2023

  35. [35]

    Antonio Joia Neto, Norrathep Rattanavipanon, and Ivan De Oliveira Nunes. 2024. PEARTS: Provable Execution in Real-Time Embedded Systems. In2025 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, 47–47

    work page 2024

  36. [36]

    Job Noorman, Jo Van Bulck, Jan Tobias Mühlberg, Frank Piessens, Pieter Maene, Bart Preneel, Ingrid Verbauwhede, Johannes Götzfried, Tilo Müller, and Felix Freiling. 2017. Sancus 2.0: A low-cost security architecture for iot devices.ACM Transactions on Privacy and Security (TOPS)20, 3 (2017), 1–33

    work page 2017

  37. [37]

    Ivan De Oliveira Nunes, Karim Eldefrawy, Norrathep Rattanavipanon, Michael Steiner, and Gene Tsudik. 2019. VRASED: A Verified Hardware/Software Co- Design for Remote Attestation. In28th USENIX Security Symposium (USENIX Security 19). 1429–1446

    work page 2019

  38. [38]

    Ivan De Oliveira Nunes, Karim Eldefrawy, Norrathep Rattanavipanon, and Gene Tsudik. 2020. APEX: A verified architecture for proofs of execution on remote devices under full software compromise. In29th USENIX Security Symposium (USENIX Security 20). 771–788

    work page 2020

  39. [39]

    Johannes Obermaier and Vincent Immler. 2018. The past, present, and future of physical security enclosures: from battery-backed monitoring to puf-based inherent security and beyond.Journal of hardware and systems security2, 4 (2018), 289–296

    work page 2018

  40. [40]

    James Pallister, Simon Hollis, and Jeremy Bennett. 2013. BEEBS: Open bench- marks for energy measurements on embedded platforms.arXiv preprint arXiv:1308.5174(2013)

    work page internal anchor Pith review Pith/arXiv arXiv 2013

  41. [41]

    Mathias Payer, Antonio Barresi, and Thomas R Gross. 2015. Fine-grained control- flow integrity through binary hardening. InDetection of Intrusions and Malware, and Vulnerability Assessment: 12th International Conference, DIMV A 2015, Milan, Italy, July 9-10, 2015, Proceedings 12. Springer, 144–164

    work page 2015

  42. [42]

    Ryan Roemer, Erik Buchanan, Hovav Shacham, and Stefan Savage. 2012. Return- oriented programming: Systems, languages, and applications.ACM Transactions on Information and System Security (TISSEC)15, 1 (2012), 1–34

    work page 2012

  43. [43]

    Gabriele Serra, Pietro Fara, Giorgiomaria Cicero, Francesco Restuccia, and Alessandro Biondi. 2022. PAC-PL: Enabling control-flow integrity with pointer authentication in FPGA SoC platforms. In2022 IEEE 28th Real-Time and Embedded Caulfield et al. Technology and Applications Symposium (RTAS). IEEE, 241–253

    work page 2022

  44. [44]

    Xi Tan and Ziming Zhao. 2023. SHERLOC: Secure and Holistic Control-Flow Violation Detection on Embedded Systems. InProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. 1332–1346

    work page 2023

  45. [45]

    Tom Garrison. 2020. Intel CET Answers Call to Protect Against Common Mal- ware Threats. https://newsroom.intel.de/editorials/intel-cet-answers-call-to- protect-against-common-malware-threats/. [Online; accessed 13-February- 2023]

    work page 2020

  46. [46]

    Liam Tyler and Ivan De Oliveira Nunes. 2024. Untrusted code compartmental- ization for bare metal embedded devices.IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems43, 11 (2024), 3419–3430

    work page 2024

  47. [47]

    Victor Van Der Veen, Enes Göktas, Moritz Contag, Andre Pawoloski, Xi Chen, Sanjay Rawat, Herbert Bos, Thorsten Holz, Elias Athanasopoulos, and Cristiano Giuffrida. 2016. A tough call: Mitigating advanced code-reuse attacks at the binary level. In2016 IEEE Symposium on Security and Privacy (SP). IEEE, 934–953

    work page 2016

  48. [48]

    Moshe Y Vardi. 2005. An automata-theoretic approach to linear temporal logic. InLogics for concurrency: structure versus automata. Springer, 238–266

    work page 2005

  49. [49]

    Robert J Walls, Nicholas F Brown, Thomas Le Baron, Craig A Shue, Hamed Okhravi, and Bryan C Ward. 2019. Control-flow integrity for real-time embedded systems. In31st Euromicro Conference on Real-Time Systems (ECRTS 2019). Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik, 2–1

    work page 2019

  50. [50]

    Yujie Wang, Cailani Lemieux Mack, Xi Tan, Ning Zhang, Ziming Zhao, Sanjoy Baruah, and Bryan C Ward. 2024. InsectACIDE: Debugger-based holistic asyn- chronous CFI for embedded system. In2024 IEEE 30th Real-Time and Embedded Technology and Applications Symposium (RTAS). IEEE, 360–372

    work page 2024

  51. [51]

    Xilinx. 2017. Vivado Design Suite User Guide

    work page 2017

  52. [52]

    Sungbae Yoo, Jinbum Park, Seolheui Kim, Yeji Kim, and Taesoo Kim. 2022. In- Kernel Control-Flow Integrity on Commodity OSes using ARM Pointer Authen- tication. In31st USENIX Security Symposium (USENIX Security 22). 89–106

    work page 2022

  53. [53]

    Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Laszlo Szekeres, Stephen McCamant, Dawn Song, and Wei Zou. 2013. Practical control flow integrity and randomization for binary executables. In2013 IEEE Symposium on Security and Privacy. IEEE, 559–573

    work page 2013

  54. [54]

    Mingwei Zhang and R. Sekar. 2013. Control Flow Integrity for COTS Binaries. In22nd USENIX Security Symposium)

    work page 2013