Trusted Hyper Execution Environment

Hardware level comprehensive protection system security

THEE: Trusted Hyper Execution Environment


The proliferation of mobile platform business has given rise to a variety of security problems, and the TEE (such asT6) and application protection (such as TVEE) are considered to be cutting-edge and most effective to protect the security of application and sensitive data. TEE builds a new security environment from the hardware bottom to ensure key application data security, while mobile applications protect their business security through application-level protection. However, the starting point of both TEE and application protection is that the security of current mobile platform OS(such as Android, iOS, Linux, etc.) cannot be guaranteed. Is it true that the giant modern OS is not secure enough? The OS itself runs at the processor privilege level, which is considered to be the highest running level of the system. However, in reality, processors now have a higher level of privilege - the virtualization layer. This level has not been utilized to improve the security of the overall system.

TrustKernel's Trusted Hyper Execution Environment, THEE, is designed to solve the problems of the operating system’s own security problem, and is currently the most advanced technology of mobile system security. By utilizing ability of the processors’ highest authority to perform isolation and interception of keys events in the system. It comprehensively protects the system from hardware to application layer, by monitoring and verifying events of the OS, filtering all malicious operations happening on the kernel state and with key data.

Key Features


THEE runs in the system's most secure area, and ensures that even when there occurs pass-through vulnerability in Android kernel running on the top, the device (Android system) cannot be controlled by the attacker (such as root), through monitoring and identifying Android kernel key instructions and memory state.

Support secure service development

THEE provides a set of safe execution environments for system developers to run under the hyp mode, enabling developers to make more targeted security applications based on THEE (e.g., system-level security antivirus). This is the world's first and currently only mobile platform based on hypervisor technology SDK.

Remote Attestation

THEE is able to work with existing TEE systems such as T6 to provide system level remote authentication for device vendors. THEE will store all illegal access logs locally and report the system's security status to the remote server.

Use Case