The audit module of the Security Manager performs behaviour logging of application deviating from their intended resource access: (1) when a software attempts an illegal peripheral access, a MemManage fault is triggered, which invokes TEE-Watchdog’s audit module, and (2) the audit module reads from the MemManage fault register to locate the violation and (3) populates the log file based on the active application and the type of access violation.