Art der Publikation: Beitrag in Sammelwerk

MPUsh: Applying Security Hotpatches Instead Of MPU Barriers

Autor(en):

Niesler, Christian; Scholz, Christian; Davi, Lucas

Titel des Sammelbands:

Proc. of 2nd Constructive Approaches for SeCurity Analysis and Design of Embedded systems Conference (CASCADE'26)

Verlag:

Springer

Ort(e):

Regensburg, Germany

Veröffentlichung:

2026

Zitation:

Download BibTeX

Kurzfassung

Due to hardware limitations and stringent timing demands, runtime hotpatching of security vulnerabilities on flash-constrained, hard real-time embedded systems remains a significant challenge. We present MPUsh, a novel Memory Protection Unit (MPU)-based hotpatching approach. MPUsh leverages the MPU to render vulnerable flash regions non-executable. Fault handlers then intercept these violations and redirect execution to RAM-resident patches. Our proof-of-concept prototype, implemented on an ARM Cortex-M4 (NUCLEO-F446RE) processor, activates patches in 15 cycles and redirects execution in 46 cycles. MPUsh outperforms interpreter-based alternatives while supporting arbitrary patch locations without pre-inserted hooks. Furthermore, MPUsh provides more patch slots than approaches that use hardware breakpoints. When evaluated on a safety-critical syringe pump, MPUsh successfully demonstrated real-time capability.