Resolving Availability and Run-time Integrity Conflicts in Real-Time Embedded Systems

TL;DR

The paper introduces PAIR, a hardware-based approach for real-time systems that balances run-time integrity enforcement with system availability, minimizing overhead and preventing unnecessary task termination.

Contribution

PAIR provides a novel middle-ground solution that maintains system availability during integrity violations without significant runtime overhead.

Findings

PAIR maintains an Availability Region for safe task execution.

It triggers non-maskable interrupts to kill violating tasks.

Overhead is only +2.3% in memory and hardware usage.

Abstract

Run-time integrity enforcement in real-time systems presents a fundamental conflict with availability. Existing approaches in real-time systems primarily focus on minimizing the execution-time overhead of monitoring. After a violation is detected, prior works face a trade-off: (1) prioritize availability and allow a compromised system to continue to ensure applications meet their deadlines, or (2) prioritize security by generating a fault to abort all execution. In this work, we propose PAIR, an approach that offers a middle ground between the stark extremes of this trade-off. PAIR monitors real-time tasks for run-time integrity violations and maintains an Availability Region (AR) of all tasks that are safe to continue. When a task causes a violation, PAIR triggers a non-maskable interrupt to kill the task and continue executing a non-violating task within AR. Thus, PAIR ensures only violating tasks are prevented from execution, while granting availability to remaining tasks. With its hardware approach, PAIR does not cause any run-time overhead to the executing tasks, integrates with real-time operating systems (RTOSs), and is affordable to low-end microcontroller units (MCUs) by incurring +2.3% overhead in memory and hardware usage.