Hardware-assisted run-time monitoring for secure program execution on embedded processors

Divya Arora, Srivaths Ravi, Anand Raghunathan, Niraj K. Jha

Research output: Contribution to journalArticlepeer-review

70 Scopus citations


Embedded system security is often compromised when "trusted" software is subverted to result in unintended behavior, such as leakage of sensitive data or execution of malicious code. Several countermeasures have been proposed in the literature to counteract these intrusions. A common underlying theme in most of them is to define security policies at the system level in an application-independent manner and check for security violations either statically or at run time. In this paper, we present a methodology that addresses this issue from a different perspective. It defines correct execution as synonymous with the way the program was intended to run and employs a dedicated hardware monitor to detect and prevent unintended program behavior. Specifically, we extract properties of an embedded program through static program analysis and use them as the bases for enforcing permissible program behavior at run time. The processor architecture is augmented with a hardware monitor that observes the program's dynamic execution trace, checks whether it falls within the allowed program behavior, and flags any deviations from expected behavior to trigger appropriate response mechanisms. We present properties that capture permissible program behavior at different levels of granularity, namely inter-procedural control flow, intra-procedural control flow, and instruction-stream integrity. We outline a systematic methodology to design application-specific hardware monitors for any given embedded program. Hardware implementations using a commercial design flow, and cycle-accurate performance simulations indicate that the proposed technique can thwart several common software and physical attacks, facilitating secure program execution with minimal overheads.

Original languageEnglish (US)
Pages (from-to)1295-1308
Number of pages14
JournalIEEE Transactions on Very Large Scale Integration (VLSI) Systems
Issue number12
StatePublished - Dec 2006

All Science Journal Classification (ASJC) codes

  • Software
  • Hardware and Architecture
  • Electrical and Electronic Engineering


  • Embedded processors
  • Processor architectures
  • Security and protection
  • Special-purpose and application-based systems


Dive into the research topics of 'Hardware-assisted run-time monitoring for secure program execution on embedded processors'. Together they form a unique fingerprint.

Cite this