Abstract: A device and methods are described that comprise at least one host application and a rich execution environment. At least one interface is operably coupled to the REE for communicating with a remote server. A security sub-system comprises a security monitoring and control circuit coupled to the REE and connectable to the remote server via the REE and the at least one interface. The security monitoring and control circuit comprises an analytics circuit configured to detect an anomaly following a compromisation of the device. The security monitoring and control circuit is arranged to treat the REE as an untrusted component and in response to a detection of a compromisation of the REE or a component in the device that is accessible by the REE by the analytics circuit, the security monitoring and control circuit is configured to re-establish a secure connection to the remote server that tunnels through the REE and at least partially removes the compromisation from the device.

Abstract: A device and methods are described that comprise at least one host application and a rich execution environment. At least one interface is operably coupled to the REE for communicating with a remote server. A security sub-system comprises a security monitoring and control circuit coupled to the REE and connectable to the remote server via the REE and the at least one interface. The security monitoring and control circuit comprises an analytics circuit configured to detect an anomaly following a compromisation of the device. The security monitoring and control circuit is arranged to treat the REE as an untrusted component and in response to a detection of a compromisation of the REE or a component in the device that is accessible by the REE by the analytics circuit, the security monitoring and control circuit is configured to re-establish a secure connection to the remote server that tunnels through the REE and at least partially removes the compromisation from the device.