Most embedded systems contain a number of software vulnerabilities, such as program buffer overflow. The physical attacks in embedded systems are also becoming more and more common. This paper presents a fast, effective and reliable algorithm for tagging and validating what can be used in embedded systems. The compiler automatically collects the secure tags for each main memory segment at compile time. At run-time, the designed hardware observes the dynamic execution trace, and checks whether the trace conforms to the permissible behavior and triggers the appropriate response mechanisms according to the check result. This design does not change the compiler or the existing instruction set, with no restriction on the software developer. The design is implemented on an actual SOPC platform. Experimental analysis shows that the proposed techniques can eliminate a wide range of common software and physical attacks, with low performance penalties and minimal overheads.