Mobile systems, such as smartphones, lack support for building and running secure and trusted applications without including a large amount of code in the application's trusted computing base, such as a complete operating system and a managed language runtime. Solutions designed for traditional desktop or server machines using virtualization technology are excessively heavyweight for mobile systems. Moreover, hardware-based solutions provide a low-level interface that makes the solutions inordinately difficult to program.
Existing approaches to providing secure and trusted runtime environments do not meet the needs of today's mobile landscape for multiple reasons. In one example, the majority of mobile handhelds are ARM-based (a processor dedicated for security), and hence, cannot directly utilize x86-based solutions. Additionally, unlike desktops, mobile devices are oftentimes resource constrained. A system for running trusted applications on a smartphone needs to be lightweight. While previous hypervisor-based solutions offer isolation from malicious code, such solutions are too heavyweight for a smartphone when considering the impact on memory use, performance, and energy consumption. Finally, the popularity of smartphones has resulted in a large number of developers developing a highly diverse set of mobile applications. Any system that offers trusted computing primitives to such a large number of third-party developers with varying skills and backgrounds needs to offer easy-to-use, rich programming abstractions.