Isolated Execution Environments
An execution environment that is isolated from the device operating system (Sect. 3.1) is perhaps the most critical security feature described in (Sect. 3). Such an environment can be used to run secure services that multiplex hardware-backed security features, such as secure storage (sect. 3.2), amongst the various stake-holders, including third party application developers.