Multi-compartment: A new architecture for secure co-hosting on SoC

Joël Porquet1,  Christian Schwarz1,  Alain Greiner2
1STMicroelectronics, 2UPMC/LIP6


Abstract

Multi-compartment is a flexible, lightweight architecture for embedded systems that allows multiple protection domains (compartments) to securely share processing and memory resources. Compartments run in physical address space and enjoy direct access to security-critical initiator devices, such as DMA devices, while remaining protected from one another.