Skip to Main Content
As an important parameter reflecting the system's behavior evidence, control flow has been the focus for attackers to carry out attacks on the security of a system. However, most of the security guards for control flow have been resting on the software level without considering the system architecture. Moreover, the current security guarding methods for control flow have much higher demands for the system's resources, and they are not suitable for the embedded application environment which has limited resources. To solve these problems, this paper introduces a security guarding architecture which combines the Cache with the random permutation. This security guarding architecture takes full advantage of the Cache's modulation function on the system's performance and the restraining function on the control flow information leakage. Combining with the random permutation algorithm, it provides with a high level security guard for the system control flow, and brings a better balance between the system security and the system efficiency.