In the past two decades, computing services have increasingly migrated to data centers in cloud networks. In more recent years, there has been a proliferation of mobile device use—smartphones, tablets, hybrids such as notebooks, phablets and Chromebooks—that also heavily rely on cloud services for operating and data storage. Mobile devices have been accepted for business use by every industry in one way or another. This has created security risks and challenges for protecting organization data and business processes while allowing broadest possible device use for both business purposes and user personal convenience. Typically, mobile devices have unrestricted internet access and very rare security updates, making them relatively easy targets for hacking. Current mobile security solutions rely on operating systems security features and have been proven ineffective. One underlying primary reason for this is the size and complexity of the device's kernel and operating system itself. Despite continual industry efforts to improve security, the large code size, constant addition of new features, and monolithic architecture of popular kernels, create a never-ending patching process with usually an unknown number of vulnerabilities left in the system. That is why lightweight hardware-enforced hypervisor solutions (called “type-1” or “bare-metal”) can provide necessary security enhancement and create isolated security environments with strict security policies protecting these systems from many vectors of attacks and preventing exploitation of existing vulnerabilities.
Unfortunately, bare-metal hypervisors for mobile devices proved much more difficult to implement practically than such hypervisors for personal computers and servers. The main reasons for this are limited CPU resources and limited power capacity of mobile devices. In particular, full device virtualization or paravirtualization creates an additional software layer between the operating system and device hardware that consumes available resources and drains power. Moreover, a mobile device's performance heavily relies on hardware acceleration, especially in multimedia functions, where without direct hardware access, many system functions become unavailable to user. The present invention solves these problems, using an innovative method whereby VMs can have direct access to the computing system's hardware without adding a traditional virtualization layer while at the same time, the hypervisor maintains hardware-enforced isolation between VMs, preventing risks of cross-contamination between VMs.