Are there good reasons for protecting mobile phones with hypervisors?

Security threats on consumer devices such as mobile phones are increasing as the software platforms become more open and complex. Therefore, hypervisors, which bring potential new secure services to embedded systems, are becoming increasingly important. In this paper, we look into how to design a hypervisor-based security architecture for an advanced mobile phone. Key security components of the architecture have been verified through a hypervisor implemented on an emulated ARM platform. We compare the hypervisor security architecture with TrustZone and summarize the major benefits and limitations of the hypervisor approach. In short, hypervisors exhibit several advantages such as support of multiple secure execution domains and monitoring of non-trusted domains; however, this comes at the cost of larger legacy system porting efforts.