25
June 2015
I
NTERNET
-O
F
-T
HINGS
– S
YSTEMS
D
ESIGN
enabled virtualization include Platform Secu-
rity, Data Security and Data Isolation, and
Resource Control. e home gateway pro-
cessor requires a hardware root of trust that
allows designated VMs to run only code
that is authenticated. Combined with secure
debugging and secure storage, this establishes
platform security.
Data security and data isolation based on hard-
ware controls that isolate the so ware code
(both instructions and data) of each separate
VM to prevent unauthorized access and risk
of corruption between VMs. Resource con-
trol based on automatic hardware limitations
to protect on-chip resources and access to
peripherals so that the core broadband gateway
functions and performance are not impaired
by smart home tasks. Importantly, the hard-
ware-enforced VM approach also supports
the di erent life cycles of smart home gateway
applications. e requirements of core gateway
functionality (broadband access) entail rigor-
ous test cycles to assure stability and assurance
that any future eld upgrades can be executed
with absolute security. Add-on functions, fast
changing services and third-party apps that
will likely be updated or changed frequently by
the end customer bene t from executing on a
separate VM.
Figure 2. TrueVirtualization fully isolates operating environments on virtual processing entities
(VPEs), with the potential to implement additional security levels using independent trusted
execution hardware.
Figure 3. Virtualization and security are key elements of next-generation broadband gateways,
which build on the core capabilities of an access pipe serving data and media streams to an
architecture that delivers both traditional carrier services and smart home capabilities.
