Products and Technologies

THEE: Trusted Hyper Execution Environment

The proliferation of mobile platform business has given rise to a variety of security problems, and the TEE (such asT6) and application protection (such as TVEE) are considered to be cutting-edge and effective to protect the security of application and sensitive data. TEE builds a new security environment from the hardware bottom to ensure key application data security, while mobile applications protect their business security through application-level protection. However, the starting point of both TEE and application protection is that the security of current mobile platform OS(such as Android, iOS, Linux, etc.) cannot be guaranteed. Is it true that the giant modern OS is not secure enough? The OS itself runs at the processor privilege level, which is considered to be the highest running level of the system. However, in reality, processors now have a higher level of privilege - the virtualization layer. This level has not been utilized to improve the security of the overall system.

TrustKernel's Trusted Hyper Execution Environment, THEE, is designed to solve the problems of the operating system’s own security problem. By utilizing ability of the processors’ highest authority to perform isolation and interception of keys events in the system. It comprehensively protects the system from hardware to application layer, by monitoring and verifying events of the OS, filtering all malicious operations happening on the kernel state and with key data.

Key Features


THEE runs in the system's virtualization mode, and ensures that even when there occurs pass-through vulnerability in Android kernel running on the top, the device (Android system) cannot be controlled by the attacker (such as root), through monitoring and identifying Android kernel key instructions and memory state.

Support secure service development

THEE provides a set of safe execution environments for system developers to run under the hyp mode, enabling developers to make more targeted security applications based on THEE (e.g., system-level security antivirus).

Remote Attestation

THEE is able to work with existing TEE systems such as T6 to provide system level remote authentication for device vendors. THEE will store all illegal access logs locally and report the system's security status to the remote server.

Use Case