In real-time embedded systems, runtime integrity assurance fundamentally conflicts with task availability: existing approaches can only choose between “global shutdown for safety” and “continued execution at the cost of security” upon violation detection. This paper proposes a fine-grained runtime integrity assurance mechanism that introduces the novel concept of Availability Regions (ARs) and leverages Non-Maskable Interrupts (NMIs) to precisely isolate and terminate violating tasks—thereby preserving schedulability and timing guarantees for all remaining tasks. Our approach synergistically integrates hardware-assisted monitoring with RTOS-aware scheduling, implementing lightweight, synthesizable logic for real-time integrity verification and dynamic response. Evaluated on a low-power MCU, it incurs only 2.3% additional area and memory overhead, with zero runtime performance penalty. To the best of our knowledge, this is the first solution enabling co-optimization of security and availability in resource-constrained real-time systems.

Run-time integrity enforcement in real-time systems presents a fundamental conflict with availability. Existing approaches in real- time systems primarily focus on minimizing the execution-time overhead of monitoring. After a violation is detected, prior works face a trade-off: (1) prioritize availability and allow a compromised system to continue to ensure applications meet their deadlines, or (2) prioritize security by generating a fault to abort all execution. In this work, we propose PAIR, an approach that offers a middle ground between the stark extremes of this trade-off. PAIR monitors real-time tasks for run-time integrity violations and maintains an Availability Region (AR) of all tasks that are safe to continue. When a task causes a violation, PAIR triggers a non-maskable interrupt to kill the task and continue executing a non-violating task within AR. Thus, PAIR ensures only violating tasks are prevented from execution, while granting availability to remaining tasks. With its hardware approach, PAIR does not cause any run-time overhead to the executing tasks, integrates with real-time operating systems (RTOSs), and is affordable to low-end microcontroller units (MCUs) by incurring +2.3% overhead in memory and hardware usage.