{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,4]],"date-time":"2026-02-04T19:16:22Z","timestamp":1770232582170,"version":"3.49.0"},"reference-count":41,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2018,8,30]],"date-time":"2018-08-30T00:00:00Z","timestamp":1535587200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Cryptography"],"abstract":"<jats:p>Attacks on embedded devices are becoming more and more prevalent, primarily due to the extensively increasing plethora of software vulnerabilities. One of the most dangerous types of these attacks targets application code at run-time. Techniques to detect such attacks typically rely on software due to the ease of implementation and integration. However, these techniques are still vulnerable to the same attacks due to their software nature. In this work, we present a novel hardware-assisted run-time code integrity checking technique where we aim to detect if executable code resident in memory is modified at run-time by an adversary. Specifically, a hardware monitor is designed and attached to the device\u2019s main memory system. The monitor creates page-based signatures (hashes) of the code running on the system at compile-time and stores them in a secure database. It then checks for the integrity of the code pages at run-time by regenerating the page-based hashes (with data segments zeroed out) and comparing them to the legitimate hashes. The goal is for any modification to the binary of a user-level or kernel-level process that is resident in memory to cause a comparison failure and lead to a kernel interrupt which allows the affected application to halt safely.<\/jats:p>","DOI":"10.3390\/cryptography2030020","type":"journal-article","created":{"date-parts":[[2018,8,30]],"date-time":"2018-08-30T10:30:06Z","timestamp":1535625006000},"page":"20","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Hardware-Based Run-Time Code Integrity in Embedded Devices"],"prefix":"10.3390","volume":"2","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4024-2835","authenticated-orcid":false,"given":"Taimour","family":"Wehbe","sequence":"first","affiliation":[{"name":"School of Electrical and Computer Engineering, Georgia Institute of Technology, Atlanta, GA 30332, USA"}]},{"given":"Vincent","family":"Mooney","sequence":"additional","affiliation":[{"name":"School of Electrical and Computer Engineering, Georgia Institute of Technology, Atlanta, GA 30332, USA"},{"name":"School of Computer Science, Georgia Institute of Technology, Atlanta, GA 30332, USA"}]},{"given":"David","family":"Keezer","sequence":"additional","affiliation":[{"name":"School of Electrical and Computer Engineering, Georgia Institute of Technology, Atlanta, GA 30332, USA"}]}],"member":"1968","published-online":{"date-parts":[[2018,8,30]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"461","DOI":"10.1145\/1015047.1015049","article-title":"Security in Embedded Systems: Design Challenges","volume":"3","author":"Ravi","year":"2004","journal-title":"ACM Trans. Embed. Comput. Syst."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Loscocco, P.A., Wilson, P.W., Pendergrass, J.A., and McDonell, C.D. (2007, January 2). Linux Kernel Integrity Measurement Using Contextual Inspection. Proceedings of the ACM Workshop on Scalable Trusted Computing, Alexandria, VA, USA.","DOI":"10.1145\/1314354.1314362"},{"key":"ref_3","unstructured":"Szor, P. (2005). The Art of Computer Virus Research and Defense, Symantec Press."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Dunham, K., Hartman, S., Quintans, M., Morales, J.A., and Strazzere, T. (2014). Android Malware and Analysis, Auerbach Publications. [1st ed.].","DOI":"10.1201\/b17598"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Davi, L., Sadeghi, A.R., and Winandy, M. (2009, January 13). Dynamic Integrity Measurement and Attestation: Towards Defense Against Return-oriented Programming Attacks. Proceedings of the 2009 ACM workshop on Scalable Trusted Computing, Chicago, IL, USA.","DOI":"10.1145\/1655108.1655117"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Jaeger, T., Sailer, R., and Shankar, U. (2006, January 7\u20139). PRIMA: Policy-reduced Integrity Measurement Architecture. Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies, Lake Tahoe, CA, USA.","DOI":"10.1145\/1133058.1133063"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"546","DOI":"10.1109\/TVLSI.2007.896913","article-title":"Architectural Support for Run-time Validation of Program Data Properties","volume":"15","author":"Arora","year":"2007","journal-title":"IEEE Trans. Very Large Scale Integr. Syst."},{"key":"ref_8","unstructured":"Sailer, R., Zhang, X., Jaeger, T., and van Doorn, L. (2004, January 9\u201313). Design and Implementation of a TCG-based Integrity Measurement Architecture. Proceedings of the 13th USENIX Security Symposium, San Diego, CA, USA."},{"key":"ref_9","unstructured":"Holmes, G. (2017, November 15). Evolution of Attacks on Cisco IOS devices. Available online: https:\/\/blogs.cisco.com\/security\/evolution-of-attacks-on-cisco-ios-devices."},{"key":"ref_10","unstructured":"(2017, May 09). Common Weakness Enumeration: A Community-Developed Dictionary of Software Weakness Types. Available online: https:\/\/cwe.mitre.org\/data\/published\/cwe_v2.11.pdf."},{"key":"ref_11","unstructured":"(2017, May 17). Common Vulnerabilities and Exposures: The Standard for Information Security Vulnerability Names. Available online: https:\/\/cve.mitre.org\/data\/downloads\/allitems.html."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Aycock, J. (2006). Computer Viruses and Malware, Springer.","DOI":"10.1145\/1047344.1047404"},{"key":"ref_13","unstructured":"Younan, Y., Joosen, W., and Piessens, F. (2017, September 05). Code injection in C and C++ : A Survey of Vulnerabilities and Countermeasures. Available online: http:\/\/www.cs.kuleuven.be\/publicaties\/rapporten\/cw\/CW386.pdf."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"323","DOI":"10.1145\/161494.161501","article-title":"Undecidability of Static Analysis","volume":"1","author":"Landi","year":"1992","journal-title":"ACM Lett. Program. Lang. Syst."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"76","DOI":"10.1109\/MSP.2004.111","article-title":"Static Analysis for Security","volume":"2","author":"Chess","year":"2004","journal-title":"IEEE Secur. Priv."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"4:1","DOI":"10.1145\/1609956.1609960","article-title":"Control-flow Integrity Principles, Implementations, and Applications","volume":"13","author":"Abadi","year":"2009","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Backes, M., Bugiel, S., and Derr, E. (2016, January 24\u201328). Reliable Third-Party Library Detection in Android and Its Security Applications. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria.","DOI":"10.1145\/2976749.2978333"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Liu, C., Fan, M., Feng, Y., and Wang, G. (2008, January 13\u201317). Dynamic Integrity Measurement Model Based on Trusted Computing. Proceedings of the 2008 International Conference on Computational Intelligence and Security, Suzhou, China.","DOI":"10.1109\/CIS.2008.153"},{"key":"ref_19","unstructured":"Rinard, M., Cadar, C., Dumitran, D., Roy, D.M., and Leu, T. (2004, January 6\u201310). A dynamic technique for eliminating buffer overflow vulnerabilities (and other memory errors). Proceedings of the 20th Annual Computer Security Applications Conference, Tucson, AZ, USA."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"307","DOI":"10.1145\/949952.940113","article-title":"Protecting C Programs from Attacks via Invalid Pointer Dereferences","volume":"28","author":"Yong","year":"2003","journal-title":"ACM SIGSOFT Softw. Eng. Notes"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Clause, J., Li, W., and Orso, A. (2007, January 9\u201312). Dytan: A Generic Dynamic Taint Analysis Framework. Proceedings of the 2007 International Symposium on Software Testing and Analysis, London, UK.","DOI":"10.1145\/1273463.1273490"},{"key":"ref_22","unstructured":"Anati, I., Gueron, S., Johnson, S., and Scarlata, V. (2013, January 23\u201324). Innovative Technology for CPU Based Attestation and Sealing. Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, Tel-Aviv, Israel."},{"key":"ref_23","unstructured":"(2017, December 04). ARM Security Technology\u2014Building a Secure System Using TrustZone Technology. Available online: http:\/\/infocenter.arm.com\/help\/topic\/com.arm.doc.prd29-genc-009492c\/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"94","DOI":"10.1109\/LES.2012.2218630","article-title":"Hardware-Assisted Detection of Malicious Software in Embedded Systems","volume":"4","author":"Rahmatian","year":"2012","journal-title":"IEEE Embed. Sys. Lett."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"847","DOI":"10.1109\/TC.2010.32","article-title":"Hardware Support for Secure Processing in Embedded Systems","volume":"59","author":"Mao","year":"2010","journal-title":"IEEE Trans. Comput."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"1295","DOI":"10.1109\/TVLSI.2006.887799","article-title":"Hardware-assisted Run-time Monitoring for Secure Program Execution on Embedded Processors","volume":"14","author":"Arora","year":"2006","journal-title":"IEEE Trans. Very Large Scale Integr. syst."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Li, C., Srinivasan, D., and Reindl, T. (2015, January 3\u20136). Hardware-assisted malware detection for embedded systems in smart grid. Proceedings of the 2015 IEEE Innovative Smart Grid Technologies\u2014Asia (ISGT ASIA), Bangkok, Thailand.","DOI":"10.1109\/ISGT-Asia.2015.7387009"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Kanuparthi, A.K., Karri, R., Ormazabal, G., and Addepalli, S.K. (October, January 30). A high-performance, low-overhead microarchitecture for secure program execution. Proceedings of the 2012 IEEE 30th International Conference on Computer Design (ICCD), Montreal, QC, Canada.","DOI":"10.1109\/ICCD.2012.6378624"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"564","DOI":"10.1007\/s11623-009-0145-9","article-title":"Hardware Security Module (HSM)","volume":"33","author":"Fox","year":"2009","journal-title":"Datenschutz und Datensicherheit\u2014DuD"},{"key":"ref_30","unstructured":"Ligh, M.H., Case, A., Levy, J., and Walters, A. (2014). The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory, Wiley Publishing. [1st ed.]."},{"key":"ref_31","unstructured":"Matrosov, A., Rodionov, E., Harley, D., and Malcho, J. (2018, March 30). Stuxnet under the Microscope. Available online: https:\/\/www.esetnod32.ru\/company\/viruslab\/analytics\/doc\/Stuxnet_Under_the_Microscope.pdf."},{"key":"ref_32","unstructured":"Mauerer, W. (2008). Professional Linux Kernel Architecture, Wiley Publshing, Inc."},{"key":"ref_33","unstructured":"Gorman, M. (2004). Understanding the Linux Virtual Memory Manager, Prentice Hall."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Shacham, H., Page, M., Pfaff, B., Goh, E.J., Modadugu, N., and Boneh, D. (2004, January 25\u201329). On the Effectiveness of Address-space Randomization. Proceedings of the 11th ACM Conference on Computer and Communications Security, Washington DC, USA.","DOI":"10.1145\/1030083.1030124"},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"355","DOI":"10.1145\/1993316.1993540","article-title":"Language-independent Sandboxing of Just-in-time Compilation and Self-modifying Code","volume":"46","author":"Ansel","year":"2011","journal-title":"ACM SIGPLAN Not."},{"key":"ref_36","unstructured":"Cook, K. (2018, May 19). Kernel Address Space Layout Randomization. Available online: https:\/\/outflux.net\/slides\/2013\/lss\/kaslr.pdf."},{"key":"ref_37","unstructured":"(2017, July 12). ZedBoard Zynq-7000 ARM\/FPGA SoC Development Board. Available online: https:\/\/store.digilentinc.com\/zedboard-zynq-7000-arm-fpga-soc-development-board."},{"key":"ref_38","unstructured":"(2017, August 08). PetaLinux Tools. Available online: https:\/\/www.xilinx.com\/products\/design-tools\/embedded-software\/petalinux-sdk.html."},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Wehbe, T., Mooney, V.J., Javaid, A.Q., and Inan, O.T. (2017, January 1\u20135). A novel physiological features-assisted architecture for rapidly distinguishing health problems from hardware Trojan attacks and errors in medical devices. Proceedings of the 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), McLean, VA, USA.","DOI":"10.1109\/HST.2017.7951807"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Richard, E., and Chan, A.D.C. (May, January 30). Design of a gel-less two-electrode ECG monitor. Proceedings of the 2010 IEEE International Workshop on Medical Measurements and Applications, Ottawa, ON, Canada.","DOI":"10.1109\/MEMEA.2010.5480198"},{"key":"ref_41","unstructured":"Doin, J. (2017, September 07). SHA 256 Hash Core. Available online: https:\/\/opencores.org\/project,sha256_hash_core."}],"container-title":["Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2410-387X\/2\/3\/20\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T15:22:10Z","timestamp":1760196130000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2410-387X\/2\/3\/20"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,8,30]]},"references-count":41,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2018,9]]}},"alternative-id":["cryptography2030020"],"URL":"https:\/\/doi.org\/10.3390\/cryptography2030020","relation":{},"ISSN":["2410-387X"],"issn-type":[{"value":"2410-387X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,8,30]]}}}