English

Resolving Availability and Run-time Integrity Conflicts in Real-Time Embedded Systems

Cryptography and Security 2026-04-16 v2

Abstract

Run-time integrity enforcement in real-time systems presents a fundamental conflict with availability. Existing approaches in real-time systems primarily focus on minimizing the execution-time overhead of monitoring. After a violation is detected, prior works face a trade-off: (1) prioritize availability and allow a compromised system to continue to ensure applications meet their deadlines, or (2) prioritize security by generating a fault to abort all execution. In this work, we propose PAIR, an approach that offers a middle ground between the stark extremes of this trade-off. PAIR monitors real-time tasks for run-time integrity violations and maintains an Availability Region (AR) of all tasks that are safe to continue. When a task causes a violation, PAIR triggers a non-maskable interrupt to kill the task and continue executing a non-violating task within AR. Thus, PAIR ensures only violating tasks are prevented from execution, while granting availability to remaining tasks. With its hardware approach, PAIR does not cause any run-time overhead to the executing tasks, integrates with real-time operating systems (RTOSs), and is affordable to low-end microcontroller units (MCUs) by incurring +2.3% overhead in memory and hardware usage.

Keywords

Cite

@article{arxiv.2511.14088,
  title  = {Resolving Availability and Run-time Integrity Conflicts in Real-Time Embedded Systems},
  author = {Adam Caulfield and Muhammad Wasif Kamran and N. Asokan},
  journal= {arXiv preprint arXiv:2511.14088},
  year   = {2026}
}
R2 v1 2026-07-01T07:42:33.391Z