Traditional system architectures for mobile computing devices, such as smart phones, tablet computers, and the like, have a monolithic, vertical design in which execution of the file systems, device drivers, and software stacks is controlled by the operating system kernel. A security issue raised by a software application running on the device can therefore impact the entire system. As a consequence, it can be challenging to reliably and consistently maintain the security of the mobile device execution environment. The potential security risks posed by the downloading of third-party software to mobile devices are well-documented, and have spawned a “mobile device management” industry.
Mobile device management systems and other mobile device security mechanisms typically perform integrity checks only at installation time or only with the involvement of the operating system. Among other things, these solutions fail to protect against sideloading, bootloader jailbreaking, and run-time exploitation techniques that attempt to gain elevated (e.g., root-level) privileges in the operating system that is the target of the security attack.
Virtualization technology has long been a component of data center and desktop computing. Efforts are being made to apply virtualization technology to mobile devices. Proponents of mobile device virtualization believe that the technology can accelerate the development and deployment of new mobile device software at a lower cost. Whether a mobile device (or any type of computing device, for that matter) has a traditional or a virtualized architecture, security and integrity verification issues exist.