TrustAPP: Enabling Secure Multi-Sandboxing for Embedded Devices

Secure, Isolated, and Scalable Application Execution

TrustAPP extends the MICROEJ VEE software container with secure multi-sandboxing, enabling embedded devices to run multiple applications safely in isolated environments. Each application operates within its own protected sandbox, ensuring system resources remain secure and unaffected by other apps.

With TrustAPP, applications (whether developed in-house or by third parties) can be installed, launched, paused, stopped, or uninstalled safely, enabling the creation of app ecosystems that open new use cases and monetization opportunities.

Key Benefits

  • Secure Multi-Sandboxing: Run multiple applications independently, with strict isolation between sandboxes.
  • Full Application Lifecycle Control: Install, start, stop, update, and remove apps dynamically without system disruption.
  • Resource and Access Management: Allocate system resources efficiently, with built-in access control mechanisms.
  • Strong Security Layer: Prevents unauthorized access to critical system data with trust and ownership controls.
  • Unique App Identifiers: Assigns each application a unique ID for traceability and enhanced security.
  • Controlled Inter-App Communication: Enables secure data sharing between apps through defined interfaces.
  • Supports App Ecosystem Models: Facilitates third-party app development and deployment with robust security.

How It Works

Execution Control & Isolation

TrustAPP provides a sandbox model where each application operates independently within its own execution environment (memory, namespace, objects). This guarantees:

  • Memory safety: Prevents apps from reading or writing to unauthorized memory sections.
  • App lifecycle management: The system dynamically manages app execution states.
  • System integrity: Faulty or malicious applications cannot compromise core system functionality.

Runtime Security & Verification

At runtime, TrustAPP ensures:

  • Pre-verified application binaries only execute if they pass security and compatibility checks.
  • Automatic resource allocation based on app priorities and system constraints.
  • On-the-fly security enforcement to prevent unauthorized access attempts.

Fastrack Embedded Development With MicroEJ

MEJ32 is part of MicroEJ’s CORE IPs portfolio, enabling lightweight virtualization, ecosystem creation, and multi-language support for embedded architectures.

To learn more about licensing and integration options, visit our MicroEJ Licensing Page.

MicroEJ Licensing