In a system-on-chip (SoC) device, system memory management unit (SMMU) virtualization (also referred to as input/output memory management unit (IOMMU) virtualization) is standard for hypervisor devices configured to support multiple virtual machines that independently manage various master devices (also referred to as IO devices) and the stream IDs of the master devices. A hypervisor device may alternatively be referred to as a virtual machine manager (VMM)). A hypervisor device in SMMU virtualization merely needs to map a stream ID to a second stage context bank corresponding to the virtual machine that is programming or managing the stream ID. This helps ensure that all the virtual machines remain sandboxed (e.g., isolated) from one another.
When a hypervisor device is designed and deployed with the responsibility of managing the security of an SoC device, a rich operating system (which may be considered to be a non-secure virtual machine) may be allowed to act as a managing entity for all the security domains in the SoC device. In this configuration, a hypervisor device may need to allow a rich operating system to assign the stream IDs to other security domains in the SoC device and/or manage the stream IDs of other security domains. However, this may defeat the sandboxing between the domains/virtual machines since the rich operating system, which can be viewed as a non-secure managing virtual machine, may be compromised. For example, an unauthorized user (e.g., attacker, adversary, hacker, etc.) may be able to reconfigure the stream ID assignments of other virtual machines and enable modification, corruption, and/or theft of sensitive data residing in different security domains. Therefore, the standard system MMU virtualization in the above described configuration may not achieve an adequate or required level of security in an SoC device.