, Freertos tcp/ip stack vulnerabilities put a wide range of devices at risk of compromise: From smart homes to critical infrastructure systems, 2018.

, Intel control-flow enforcement technology preview, 2017.

S. Anati, S. P. Gueron, V. Johnson, and . Scarlata, Innovative technology for cpu based attestation and sealing ittai, 2013.

, ARM. Cortex-m3 devices generic user guide, 2010.

, Arm amba 5 ahb protocol specification, 2015.

, Arm the architecture for the digital world, 2015.

. Arm and . Uvisor, , 2015.

, Arm system memory management unit architecture specification, 2016.

A. Tech, Arm R ?v7-m architecturereference manual, 2006.

J. Bachrach, H. Vo, B. C. Richards, Y. Lee, A. Waterman et al., Chisel: Constructing hardware in a scala embedded language, DAC Design Automation Conference, pp.1212-1221, 2012.

D. Barnetson, How to secure a risc-v embedded system in just 30 minutes, 2019.

G. Becker, Merkle signature schemes, merkle trees and their cryptanalysis, 2008.

M. Ben-yehuda and K. Rister, The price of safety : Evaluating iommu performance, 2007.

C. El-mehdi-benhani, A. Marchand, L. Aubert, and . Bossuet, On the security evaluation of the arm trustzone extension in a heterogeneous soc, 30th IEEE International System-on-Chip Conference (SOCC), pp.108-113, 2017.

B. E. Franz-ferdinand-brasser, A. Mahjoub, C. Sadeghi, P. Wachsmann, and . Koeberl, Tytan: Tiny trust anchor for tiny devices, 52nd ACM/EDAC/IEEE Design Automation Conference (DAC), pp.1-6, 2015.

E. Brickell and J. Li, Enhanced privacy id from bilinear pairing for hardware authentication and attestation, IEEE Second International Conference on Social Computing, pp.768-775, 2010.

R. Buhren, S. Gueron, J. Nordholz, J. Seifert, and J. Vetter, Fault attacks on encrypted general purpose compute platforms, Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, CODASPY '17, pp.197-204, 2017.

A. Cimatti, E. M. Clarke, E. Giunchiglia, F. Giunchiglia, M. Pistore et al., Nusmv 2: An opensource tool for symbolic model checking, CAV, 2002.

A. A. Clements, N. Saleh-almakhdhub, S. Bagchi, and M. Payer, Aces: Automatic compartments for embedded systems, USENIX Security Symposium, 2018.

A. A. Clements, N. Saleh-almakhdhub, K. S. Saab, P. Srivastava, J. Koo et al., Protecting bare-metal embedded systems with privilege overlays, IEEE Symposium on Security and Privacy (SP), pp.289-303, 2017.

A. Corporation, Atmel trusted platform module at97sc3201, 2005.

N. Corteggiani, G. Camurati, and A. Francillon, Inception: System-wide security testing of real-world embedded systems software, USENIX Security Symposium, 2018.

V. Costan and S. Devadas, Intel sgx explained, IACR Cryptology ePrint Archive, p.86, 2016.

. Victor-costan, A. Ilia, S. Lebedev, and . Devadas, Sanctum: Minimal hardware extensions for strong software isolation, USENIX Security Symposium, 2016.

L. Davi, M. Hanreich, D. Paul, A. Sadeghi, P. Koeberl et al., Hafix: Hardware-assisted flow integrity extension, 52nd ACM/EDAC/IEEE Design Automation Conference (DAC), pp.1-6, 2015.

C. Ruan-de and I. Verbauwhede, A survey of hardware-based control flow integrity (cfi), 2017.

M. E. Karim, G. Defrawy, A. Tsudik, D. Francillon, and . Perito, Smart: Secure and minimal architecture for (establishing dynamic) root of trust, NDSS, p.132, 2012.

. Easycrypt and . Easycrypt, Computer-aided cryptographic proofs, 2009.

A. , Input/output memory management unit with protection mode for preventing memory access by i/o devices, 2014.

M. Hummel, Direct memory access (dma) address translation in an input/output memory management unit (iommu). (US7809923B2), 2010.

D. Evtyushkin, J. Elwell, M. Ozsoy, D. S. Ponomarev, A. Ghazaleh et al., Flexible hardware-managed isolated execution: Architecture, software support and applications, IEEE Transactions on Dependable and Secure Computing, vol.15, pp.437-451, 2018.

D. Evtyushkin, J. Elwell, M. Ozsoy, V. Dmitry, . Ponomarev et al., Iso-x: A flexible architecture for hardware-managed isolated execution, 47th Annual IEEE/ACM International Symposium on Microarchitecture, pp.190-202, 2014.

A. Francillon, . Quan-hoang-nguyen, G. Kasper-bonne-rasmussen, and . Tsudik, A minimalist approach to remote attestation, Design Automation & Test in Europe Conference & Exhibition (DATE), pp.1-6, 2014.

J. Götzfried, T. Müller, P. Ruan-de-clercq, F. C. Maene, I. Freiling et al., Soteria: Offline software protection within low-cost embedded devices, ACSAC, 2015.

J. Greene, Intel R ? trusted execution technology hardware-based technology for enhancing server platform security, 2013.

. Greenipcore, Amba-ahb security, 2018.

V. Herdt, D. Große, M. Hoang, R. Le, and . Drechsler, Extensible and configurable RISC-V based virtual prototype, pp.5-16, 2018.

M. Hoekstra, R. Lal, P. Pappachan, V. Phegade, J. Del et al., Using innovative instructions to create trustworthy software solutions, HASP@ISCA, 2013.

G. Hunt, G. Letey, and E. Nightingale, The seven properties of highly secure devices, 2017.

A. Paul, R. R. Karger, and . Schell, Thirty years later: Lessons from the multics security evaluation, ACSAC, 2002.

M. Szekely and K. Temkin, Fusee gelee exploit, 2018.

C. Kern and M. R. Greenstreet, Formal verification in hardware design: A survey, ACM Trans. Des. Autom. Electron. Syst, vol.4, issue.2, p.133, 1999.

T. Chung-hwan-kim, H. Kim, Z. Choi, B. Gu, X. Lee et al., Securing real-time microcontroller systems through customized memory view switching, NDSS, 2018.

P. Koeberl, S. Schulz, A. Sadeghi, and V. Varadharajan, Trustlite: a security architecture for tiny embedded devices, EuroSys, 2014.

R. Kumar, E. Kohler, and M. B. Srivastava, Harbor: Software-based memory protection for sensor nodes, 6th International Symposium on Information Processing in Sensor Networks, pp.340-349, 2007.

V. Kuznetsov, L. Szekeres, M. Payer, G. Candea, R. Sekar et al., Code-pointer integrity, 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 14), pp.147-163, 2014.

S. Langan, , 2017.

P. Larsen, A. Homescu, S. Brunthaler, and M. Franz, Sok: Automated software diversity, IEEE Symposium on Security and Privacy, pp.276-291, 2014.

A. Amit, B. Levy, B. Campbell, D. B. Ghena, P. Giffin et al., Multiprogramming a 64kb computer safely and efficiently, SOSP, 2017.

A. Amit, B. Levy, B. Campbell, P. Ghena, P. Pannuto et al., The case for writing a kernel in rust, APSys, 2017.

M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Haas et al., Meltdown: Reading kernel memory from user space, USENIX Security Symposium, 2018.

. Llvm, Add support for embedded position-independent code (ropi/rwpi)

P. Maene, J. Götzfried, T. Ruan-de-clercq, F. C. Müller, I. Freiling et al., Hardware-based trusted computing architectures for isolation and attestation, IEEE Transactions on Computers, vol.67, pp.361-374, 2018.

A. T. Markettos, C. Rothwell, B. F. Gutstein, A. Pearce, P. G. Neumann et al., Thunderclap: Exploring vulnerabilities in operating system iommu protection via dma from untrustworthy peripherals, 2019.

J. M. Mccune, Y. Li, N. Qu, Z. Zhou, A. Datta et al., Trustvisor: Efficient tcb reduction and attestation, IEEE Symposium on Security and Privacy, pp.143-158, 2010.

J. M. Mccune, B. Parno, A. Perrig, M. K. Reiter, and H. Isozaki, Flicker: an execution infrastructure for tcb minimization, EuroSys, 2008.

F. Mckeen, I. Alexandrovich, A. Berenzon, C. V. Rozas, and H. Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. Innovative instructions and software model for isolated execution, Proceedings of the 2Nd International Workshop on Hardware and Architectural Support for Security and Privacy, HASP '13, vol.10, pp.1-10, 2013.

K. L. Mcmillan, Symbolic model checking, 1993.

R. C. Merkle, A digital signature based on a conventional encryption function, CRYPTO, 1987.

D. Münch, M. Paulitsch, O. Hanka, and A. Herkersdorf, Mpiov: Scaling hardware-based i/o virtualization for mixed-criticality embedded real-time systems using non transparent bridges to (multi-core) multi-processor systems, Design, Automation and Test in Europe Conference and Exhibition (DATE), pp.579-584, 2015.

D. Münch, M. Paulitsch, and A. Herkersdorf, Iompu: Spatial separation for hardware-based i/o virtualization for mixed-criticality embedded real-time systems using nontransparent bridges, IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems, pp.1037-1044, 2015.

F. Nilsson and N. Adolfsson, A rust-based runtime for the internet of things, 2017.

J. Noorman, P. Agten, W. Daniels, R. Strackx, A. Van-herrewege et al., Sancus: Lowcost trustworthy extensible networked devices with a zero-software trusted computing base, USENIX Security Symposium, 2013.

I. Nunes, K. Eldefrawy, N. Rattanavipanon, M. Steiner, and G. Tsudik, VRASED: A verified hardware/software co-design for remote attestation, 28th USENIX Security Symposium (USENIX Security 19), pp.1429-1446, 2019.

. Nvd and . Nvd, , 2015.

D. Papp, Z. Ma, and L. Buttyán, Embedded systems security: Threats, vulnerabilities, and attack taxonomy, 13th Annual Conference on Privacy, Security and Trust (PST), pp.145-152, 2015.

S. Koeberl, Execution-aware memory protection, 2013.

S. Pinto and N. Santos, Demystifying arm trustzone: A comprehensive survey, ACM Comput. Surv, vol.51, 2019.

Q. Inc and . Technologies, , 2017.

H. Raj, S. Saroiu, A. Wolman, R. Aigner, J. Cox et al., Rob Spiger, and Stefan Thom. ftpm : A firmware-based tpm 2 . 0 implementation, 2015.

. Fernand-lone, V. Sang, Y. Nicomette, and . Deswarte, I/o attacks in intel pc-based architectures and countermeasures, First SysSec Workshop, pp.19-26, 2011.

A. Sensaoui, D. Oum-el-kheir-aktouf, and . Hely, Shcot: Secure (and verified) hybrid chain of trust to protect from malicious software in lightweight devices, The 1st Annual International Workshop on Software Hardware Interaction Faults, 2019.
URL : https://hal.archives-ouvertes.fr/hal-02335773

A. Sensaoui, O. Aktouf, D. Hely, and S. D. Vito, An indepth study of mpu-based isolation techniques, Journal of Hardware and Systems Security, 2019.
URL : https://hal.archives-ouvertes.fr/hal-02335716

A. Sensaoui, D. Hely, and O. Aktouf, Hardware-based isolation and attestation architecture for a risc-v core, SiFive's Technical Symposium, 2019.
URL : https://hal.archives-ouvertes.fr/hal-02335812

A. Sensaoui, D. Hely, and O. Aktouf, Poster: Hardware-based isolation and attestation architecture for a risc-v core, CySep and EuroS&P, 2019.

A. Sensaoui, D. Hely, and O. Aktouf, Poster: Hardware-based isolation and attestation architecture for a risc-v core, 15th European Dependable Computing Conference (EDCC), 2019.

A. Sensaoui, D. Hely, and O. Aktouf, Toubkal: A flexible and efficient hardware isolation module for secure lightweight devices, 15th European Dependable Computing Conference (EDCC), 2019.
URL : https://hal.archives-ouvertes.fr/hal-02342738

A. Seshadri, M. Luk, E. Shi, A. Perrig, P. K. Leendert-van-doorn et al., Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems, SOSP, 2005.

A. Seshadri, A. Perrig, P. K. Leendert-van-doorn, and . Khosla, Swatt: software-based attestation for embedded devices, IEEE Symposium on Security and Privacy, pp.272-282, 2004.

R. Shu, P. Wang, S. A. Gorski, B. Andow, A. Nadkarni et al., A study of security isolation techniques, ACM Comput. Surv, vol.49, p.37, 2016.

R. Shu, P. Wang, S. A. Gorski, I. , B. Andow et al., A study of security isolation techniques, ACM Comput. Surv, vol.49, issue.3, 2016.

. Sifive, Sifive e31 core complex manual, 2017.

H. Cook-sifive, Diplomatic design patterns : A tilelink case study, 2017.

. Inc and . Sifive, The risc-v instruction set manual, 2017.

. Inc and . Sifive, Sifive tilelink specification, 2017.

. Simon-johnson, Intel R ? sgx: Intel R ? epid provisioning and attestation services, 2016.

Y. Song, On control flow hijacks of unsafe rust, 2017.

E. H. Spafford, The internet worm incident, ESEC, 1989.

E. H. Spafford, The internet worm program: an analysis, CCRV, 1989.

O. Stecklina, P. Langendörfer, and H. Menzel, Design of a tailor-made memory protection unit for low power microcontrollers, 8th IEEE International Symposium on Industrial Embedded Systems (SIES), pp.225-231, 2013.

P. Stewin and I. Bystrov, Understanding dma malware, DIMVA, 2012.

R. Strackx and F. Piessens, Fides: selectively hardening software application components against kernel-level or process-level malware, ACM Conference on Computer and Communications Security, 2012.

R. Strackx, F. Piessens, and B. Preneel, Efficient isolation of trusted subsystems in embedded systems, Security and Privacy in Communication Networks, pp.344-361, 2010.

D. Sullivan, O. Arias, L. Davi, P. Larsen, A. Sadeghi et al., Strategy without tactics: Policy-agnostic hardware-enhanced control-flow integrity, 53nd ACM/EDAC/IEEE Design Automation Conference (DAC), pp.1-6, 2016.

L. Szekeres, M. Payer, T. Wei, and D. X. Song, Sok: Eternal war in memory, IEEE Symposium on Security and Privacy, pp.48-62, 2013.

, Psecurity technology building a secure system using trustzonetechnology, 2009.

. Arm-tech, Memory protection unit (mpu), 2016.

. Tock and . Tockos, , 2015.

E. Witchel, Mondriaan memory protection, 2004.

E. Witchel, J. Rhee, and K. Asanovic, Mondrix: memory isolation for linux using mondriaan memory protection, SOSP, 2005.

J. Karim-zinzindohoué, K. Bhargavan, J. Protzenko, and B. Beurdouche, Hacl*: A verified modern cryptographic library, ACM Conference on Computer and Communications Security, 2017.