Embedded systems are subjected to various adversaries including software attacks, physical attacks, and side channel attacks. Most of these malicious attacks can lead to the invalid execution of programs, and launch of destructive actions or reveal critical information. However, most previous security mechanisms suffer from coarse checking granularity and unacceptable performance overhead, due to strict restriction on system resources. This paper presents a fine-grained hardware-based security approach to ensure runtime code integrity in the embedded systems by offline profiling of the program features and runtime integrity check. We design a hardware implemented instruction stream integrity checker (ISIC) to perform runtime checking of pre-extracted features. Any invalid execution of the program will trigger the corresponding exception signal. We implement the ISIC with OR1200 processor on XC5VLX50T field-programmable gate array (FPGA). The experimental results show that the proposed approach can detect all the attacks destructing integrity of the instruction stream, and the performance overhead induced by the security mechanism is less than 3.45% according to the selected benchmarks.

embedded systems, basic block, runtime security, code integrity, hardware-based security