Provable Execution in Real-Time Embedded Systems
Antonio Joia Neto, Norrathep Rattanavipanon, Ivan De Oliveira Nunes
TL;DR
This work tackles the incompatibility between Proof of Execution and real-time scheduling by introducing Real-Time PoX (RT-PoX). It relaxes the atomic execution requirement of PoX and provides observable interference guarantees through PEARTS, a secure architecture built atop TrustZone-M that collaborates with an unmodified RTOS. PEARTS deploys an Elastic Secure Region and a shadow task to isolate and monitor a provable execution, logging all interferences and timing data in a final RT-PoX report signed by a secure root of trust. The authors implement a fully functional prototype on a Cortex-M33 MCU with FreeRTOS and demonstrate modest runtime and memory overheads, validating the practicality of remotely verifiable execution for real-time embedded sensing and control systems.
Abstract
Embedded devices are increasingly ubiquitous and vital, often supporting safety-critical functions. However, due to strict cost and energy constraints, they are typically implemented with Micro-Controller Units (MCUs) that lack advanced architectural security features. Within this space, recent efforts have created low-cost architectures capable of generating Proofs of Execution (PoX) of software on potentially compromised MCUs. This capability can ensure the integrity of sensor data from the outset, by binding sensed results to an unforgeable cryptographic proof of execution on edge sensor MCUs. However, the security of existing PoX requires the proven execution to occur atomically. This requirement precludes the application of PoX to (1) time-shared systems, and (2) applications with real-time constraints, creating a direct conflict between execution integrity and the real-time availability needs of several embedded system uses. In this paper, we formulate a new security goal called Real-Time Proof of Execution (RT-PoX) that retains the integrity guarantees of classic PoX while enabling its application to existing real-time systems. This is achieved by relaxing the atomicity requirement of PoX while dispatching interference attempts from other potentially malicious tasks (or compromised operating systems) executing on the same device. To realize the RT-PoX goal, we develop Provable Execution Architecture for Real-Time Systems (PEARTS). To the best of our knowledge, PEARTS is the first PoX system that can be directly deployed alongside a commodity embedded real-time operating system (FreeRTOS). This enables both real-time scheduling and execution integrity guarantees on commodity MCUs. To showcase this capability, we develop a PEARTS open-source prototype atop FreeRTOS on a single-core ARM Cortex-M33 processor. We evaluate and report on PEARTS security and (modest) overheads.