FIG. 1 illustrates a typical system-on-chip (SoC) “ecosystem”, comprising hardware components HW under a dashed line, and software components SW above the dashed line. The hardware components may include multiple processing units CPU, a shared memory MEM, a graphics-processing unit GPU, and other hardware accelerators, peripheral or input/output devices IO.
Software components designed to run on that hardware may include an operating system OS in which individual application programs (App) may be executed. In some instances, the software may instead include a hypervisor that can run multiple virtual machines VM. Each virtual machine may then run its own guest operating system and specific application programs.
The use of virtual machines may be desired in situations needing tight isolation between operating environments on a same device. For instance a user may install two virtual machines on a smartphone, a first one provided by his employer for business use, and the second one for personal use. The virtual machine for business use would implement strict security policies to restrict access to company information, and thus limit the features available to the user. To benefit from the full feature set of the smartphone, the user would switch to the second virtual machine that has no restrictions.
In theory, the data of the virtual machines are isolated from each other, i.e. one virtual machine cannot access the data of another virtual machine even though the data is stored in the same memory of the SoC. The hypervisor ensures this isolation, in particular, by mapping the address spaces used by the virtual machines to non-overlapping physical address spaces on the SoC.
In practice, however, a rogue program running in a virtual machine may be designed to exploit security vulnerabilities of the hypervisor, for instance using buffer overflow or “virtual machine escape” techniques. With such exploits, the rogue program may access data beyond the address space assigned to the virtual machine and reach sensitive data belonging to the host system or to another virtual machine.