METHOD AND APPARATUS FOR PROVIDING SECURE EXECUTION ENVIRONMENT BASED ON DOMAIN SEPARATION

摘要

PURPOSE: A method for providing a safe execution environment based on domain separation and a device thereof are provided to improve security for software executed in a terminal by composing two independent execution environments through virtualization-based domain separation and providing a safety service through a security service channel between domains. CONSTITUTION: A general service domain(300) performs operation requested for a general service in a mobile terminal. A safe service domain(400) is separated from the general service domain based on virtualization to perform operation requested for a security service. The general service domain includes a general service application(360) for interlinking the security service, a safe service API(Application Program Interface)(350) for interlinking the security service requested in the general service application with the safe service domain, and a front end driver(340) for executing the security service received from the API by transmitting the service to the safe service domain. [Reference numerals] (100) Processor; (200) Monitor/hypervisor; (300) General service domain; (310) Embedded operation system; (320) Library; (330) Mobile application; (340) Front end driver; (350) Safe service API; (360) General service application; (400) Safe service domain; (410) Back end driver; (420) Code module; (430) Code API; (440) Safe server application