Trusted Execution Environment
The PSMP Trusted Execution Environment (TEE) operates within the application layer and is completely server-side controlled. It provides active protection mechanisms with patent-pending security solutions, such as just-in-time transfer of code blocks – both valid ones and honeypots – with large entropy and extensive, device-unique integrity checks.
PSMP turns cybercriminals’ own weapons against them and reduces the possible attack surface to close to nothing. The entropy and the limited time available to launch an attack increase the potential costs of attacking the app, thus exponentially reducing the criminals’ ROI. Compared with other methods, such as dedicated hardware deployment, increasing the defense entropy is an extremely cost-efficient way of defending the app.
The PSMP server generates a unique one-time TEE per device, customized in size and complexity depending on the resources of the platform. The TEE is self-contained within the application layer, as it always assumes the OS is controlled by malware and its components cannot be trusted.
The TEE is continuously morphing in unpredictable ways determined by server updates. The unpredictability is based on a randomization of all the parts of the running TEE, including secure storage, secure communication and (possibly) secure display.
The randomness has a huge and configurable entropy that can be tactically increased, such as if honeypot-based anomalies have been detected.
The entropy efficiency is scaled by having a very small validity time of the just-in-time injected code blocks and considering the limited computational resources of the device, which TEE itself is strongly bound to.
A mass attack on a PSMP-protected device is considered to be practically impossible, since the TEEs load huge complexity and correlation efforts across all the morphing TEEs onto the attacker.