TrustAPP: Enabling Secure Multi-Sandboxing for Embedded Devices

Secure, Isolated, and Scalable Application Execution

TrustAPP extends the MICROEJ VEE software container with secure multi-sandboxing, enabling embedded devices to run multiple applications safely in isolated environments. Each application operates within its own protected sandbox, ensuring system resources remain secure and unaffected by other apps. Importantly, TrustApp’s sandboxing is language-agnostic: it applies equally to any application type running on MEJ32, whether written in Java, C, or any other supported language. The execution semantics (isolation, security management, multithreading) are identical across all app types and guaranteed across hardware evolutions.

With TrustAPP, applications (whether developed in-house or by third parties) can be installed, launched, paused, stopped, or uninstalled safely, enabling the creation of app ecosystems that open new use cases and monetization opportunities.

• Secure Multi-Sandboxing: Run multiple applications independently, with strict isolation between sandboxes, regardless of the language they were written in.
• Full Application Lifecycle Control: Install, start, stop, update, and remove apps dynamically without system disruption.
• Resource and Access Management: Allocate system resources efficiently, with built-in access control mechanisms.
• Strong Security Layer: Prevents unauthorized access to critical system data with trust and ownership controls.
• Unique App Identifiers: Assigns each application a unique ID for traceability and enhanced security.
• Controlled Inter-App Communication: Enables secure data sharing between apps through defined interfaces.
• Supports App Ecosystem Models: Facilitates third-party app development and deployment with robust security.

Execution Control & Isolation

TrustAPP provides a sandbox model where each application operates independently within its own execution environment (memory, namespace, objects). This guarantees:

• Memory safety: Prevents apps from reading or writing to unauthorized memory sections.
• App lifecycle management: The system dynamically manages app execution states.
• System integrity: Faulty or malicious applications cannot compromise core system functionality.

Runtime Security & Verification

At runtime, TrustAPP ensures:

• Pre-verified application binaries only execute if they pass security and compatibility checks.
• Automatic resource allocation based on app priorities and system constraints.
• On-the-fly security enforcement to prevent unauthorized access attempts.