TVisor - Secure Mobile Multi-OS Support

T-Visor: Secure Mobile Multi-OS Support

TVisor supports multiple operating system instances running alteratively on a single device. Provide flexibility of OS diversity, strong isolation (hardware-level) between instances, as well as fast switch.

T-Visor follows the principle of Red-green dual-OS design, which provides a highly-protected, highly-constrained trusted environment ("green" OS) to perform secure sensitive tasks and a general purpose environment ("red" OS) for all other tasks and applications, on the other hand, is an attractive architecture to achieve both security and functionality. Red-green dual-OS architecture uses resources partition instead of virtualization to achieve its goal and has been deployed in many mobile devices by running the red OS in normal world while the green OS in secure world of ARM TrustZone. However, even red-green dual-OS provides an isolated environment and rich functionality, the two OSes are not created equally: a compromise of the green OS would also result in the compromise of the red OS.

T-Visor is a lightweight dual-OS architecture that creates two born-equal OS, each of which could still use the secure services of TEE in ARM TrustZone secure world. T-Visor could be deployed to many low cost embedded and mobile devices which are equipped with ARM TrustZone but without the requirement of hardware virtualization.