Recent technological advancements have proliferated the use of small embedded devices for collecting, processing, and transferring the security-critical information. The Internet of Things (IoT) has enabled remote access and control of these network-connected devices. Consequently, an attacker can exploit security vulnerabilities and compromise these devices. In this context, the secure boot becomes a useful security mechanism to verify the integrity and authenticity of the software state of the devices. However, the current secure boot schemes focus on detecting the presence of potential malware on the device but not on disinfecting and restoring the soft-ware to a benign state. This manuscript presents CARE- the first secure boot framework that provides detection, resilience, and onboard recovery mechanism for the com-promised devices. The framework uses a prototype hybrid CARE: Code Authentication and Resilience Engine to verify the software state and restore it to a benign state. It uses Physical Memory Protection (PMP) and other security enchaining techniques of RISC-V processor to pro-vide resilience from modern attacks. The state-of-the-art comparison and performance analysis results indicate that the proposed secure boot framework provides a promising resilience and recovery mechanism with very little 8 % performance and resource overhead

中文翻译：

---

CARE：具有基于RISC-V SOC的板载恢复功能的轻量级攻击弹性安全启动架构

最近的技术进步已使小型嵌入式设备用于收集，处理和传输对安全至关重要的信息的使用激增。物联网（IoT）已启用对这些联网设备的远程访问和控制。因此，攻击者可以利用安全漏洞并破坏这些设备。在这种情况下，安全启动成为一种有用的安全机制，用于验证设备软件状态的完整性和真实性。但是，当前的安全启动方案专注于检测设备上潜在恶意软件的存在，而不是将软件消毒并将其恢复到良性状态。该手稿介绍了CARE-第一个安全启动框架，可为商用设备提供检测，恢复能力和机载恢复机制。该框架使用原型混合CARE：代码身份验证和弹性引擎来验证软件状态并将其恢复为良性状态。它使用物理内存保护（PMP）和RISC-V处理器的其他安全链接技术来提供现代攻击的弹性。最新的比较和性能分析结果表明，提出的安全启动框架提供了一种有希望的弹性和恢复机制，而性能和资源开销却很少达到8％