The limited resources (processing ability, memory space etc.) and special running environments of embedded systems make their security design and implementations differ from the other general-purpose computer systems. Running under limited resources, embedded systems not only have to finish expected functions, but also support various encryption algorithms and security protocols or other security requirements; these dual requirements make security design in embedded systems full of challenges.This paper briefly discusses the basic knowledge of embedded system security, including common hardware attacks and ordinary software security vulnerabilities in embedded systems, as well as challenges embedded system security design facing, on the basis of which makes a deep research on software attacks carried out by making use of vulnerabilities in "trusted" programs, analyzes related preventing techniques in detail, then mainly studies two kinds of hardware-assisted run-time techniques preventing this kind of software attacks——code monitoring technique and data attributes checking technique, puts a deep and thorough analysis on their respective design principles, implementation mechanisms, advantages and disadvantages, then presents several improvement and extension thoughts for these two techniques. Finally, this paper builds SimpleScalar3.0 simulation environment applied to carry out simulation for these two techniques, conducts a simulation on the performance of code monitoring technique, simulation results indicate that this technique could enhance run-time program security with minimal performance overheads on embedded system. |