Dover Microsystems’ CoreGuard® technology is the only solution for embedded systems that prevents the exploitation of software vulnerabilities and immunizes processors against entire classes of network-based attacks.
CoreGuard® is the first to fill the enforcement layer of the cybersecurity stack. It is the only solution that prevents the exploitation of software vulnerabilities and immunizes processors against entire classes of network-based attacks.
CoreGuard silicon IP integrates with all RISC architectures to provide separate, sentry logic that acts as a bodyguard to protect embedded systems from cyberattacks. It monitors every instruction executed by the host processor to ensure that it complies with a defined set of security, safety, and privacy rules. If an instruction violates an existing rule, CoreGuard stops it from executing before any damage can be done.
CoreGuard provides protection at the lowest possible level by using a hardware interlock. The hardware interlock controls the communication between the host processor and the outside world to ensure nothing is sent out peripherals without first being verified by the CoreGuard Policy Enforcer.
Updatable security, safety, and privacy rules, called micropolicies, are installed on the SoC. They give CoreGuard information it needs to distinguish between good and bad instructions. CoreGuard collects application information usually discarded by the compiler to create identifiable metadata about every piece of data, and every instruction, executed by the host processor.
The CoreGuard Policy Executor (PEX) crosschecks the metadata of every instruction against an installed set of micropolicies. If an instruction violates an existing micropolicy, CoreGuard issues a violation and stops it from executing before any damage can be done. If there is no micropolicy violation, the host processor executes the instruction normally.