Resource-constrained embedded microcontrollers are highly vulnerable to control-flow hijacking attacks, while existing remote attestation schemes suffer from excessive overhead and poor compatibility. This paper proposes the first lightweight runtime remote attestation mechanism tailored for Arm Cortex-M processors—requiring no hardware modifications. It innovatively integrates Pointer Authentication Codes (PAC) and Branch Target Identification (BTI), two Arm architectural extensions, to enforce robust control-flow integrity. A compact, real-time–aware attestation protocol is designed to balance security guarantees with stringent timing constraints. Evaluated on two benchmark suites, the approach incurs geometric mean performance overheads of only 1.0% and 4.7%, respectively, while significantly reducing power consumption and memory footprint compared to state-of-the-art solutions—thereby meeting the stringent resource constraints of deeply embedded systems.

The widespread adoption of embedded systems has led to their deployment in critical real-world applications, making them attractive targets for malicious actors. These devices face unique challenges in mitigating vulnerabilities due to intrinsic constraints, such as low energy consumption requirements and limited computational resources. This paper presents RunPBA, a hardware-based runtime attestation system designed to defend against control flow attacks while maintaining minimal performance overhead and adhering to strict power consumption constraints. RunPBA leverages PACBTI, a new processor extension tailored for the Arm Cortex M processor family, allowing robust protection without requiring hardware modifications, a limitation present in similar solutions. We implemented a proof-of-concept and evaluated it using two benchmark suites. Experimental results indicate that RunPBA imposes a geometric mean performance overhead of only 1% and 4.7% across the benchmarks, underscoring its efficiency and suitability for real-world deployment.