Fault model for interrupt crossover in embedded system

Question

I am currently working on a software project which needs to handle certain security related issues, one of them being faults during interrupt execution. A number of sources (IEC standards and google) mentions crossover of interrupts but give no explenation of where to start when building a fault model. Any pointers towards this will be greatly appreciated.

My thoughts so far are:

1. Consider hardware connections, i.e. neighbouring pins fused.
2. Test the integrity of the internal data path (addressing and data transfer).
3. Consider the internal interrupt handling (vector priority and resolution).

The first two are simple enough. The third one I am really at a loss when trying to search for an explanation on how these faults will manifest and what steps may be taken to test for it.

Furthermore there is the question if these three areas are sufficient to cover the interrupt crossover problem.

Answer 1

The specific faults that can occur will depend on which CPU you are using. But typically, this will include things like Invalid Instruction, Bus Fault (instruction or data bus), unaligned memory access, memory protection violation, etc.

Typically a fault is caused by memory corruption. This could be due to your own internal bug that corrupts memory or jumps into the weeds, or potentially by someone attacking your system.

You need to look at exactly which faults apply to your CPU, then analyze what you want your fault handlers to do about them. Often this would just be system reset, but for a secure application, maybe some other things like logging what happened, locking down the system, deleting keys, etc.