Many software applications (“applications”), for example, e-commerce applications, Digital-Rights-Management (DRM) applications, and the like, often maintain secret and/or restricted information, which is not to be exposed and/or tampered with.
Such applications may require a platform on which multiple applications can be executed on a shared processing unit, while retaining separation from one another.
One solution of separation between executed applications may be provided by the Operating System (OS), often assisted with Memory Management Units (MMUs) and/or Memory Protection Units (MPUs). Operating systems are often programmed to allow several applications to be executed in some order, without one application being able to read Random-Access-Memory (RAM) contents, and/or access stored data of other applications. Operating Systems, however, are typically software based, and thus may sometimes be exploited into violating the security model that they are trusted to keep. Moreover, sometimes their complex nature makes them inadequate for some environments.
Other solutions for separation between executed applications are based on running the different applications on different platforms, or at least on different processors. Such solutions may be viable, but they are rather costly as they imply deploying more than one processor. Sometimes, such solutions form too complete of a separation, disallowing applications to share data among them, even when desired.
Other solutions are available in specifically designed architectures, such as the one deployed by the ARM TrustZone® product. Such solutions may base the separation between the executed applications on states of the processor. These solutions may be limited by allowing for separation between only two modes (often referred to as “secure” versus “insecure”), and sometimes may not scale well to situations of multiple mutually-distrusting applications. Such solutions sometimes also lack protection of the contents that are stored in RAM, and/or in non-volatile storage.