1. Field of the Invention
The present invention relates generally to systems and methods for implementing multi-level protection of memory domains, and more particularly to implementing N levels of memory domain protection on hardware that only supports two levels of memory domain protection.
2. Discussion of Background Art
Memory domain protections are a necessary part of any computer architecture. Traditionally, computer architectures have illustrated protection of memory domains with a set of concentric circles, i.e. memory domain rings, centered around an operating system. The operating system controls access to a computer's peripheral devices, internal memory, and processing unit. The operating system controls the most trusted memory domain within a computer. Moving from the operating system outward, each memory domain ring represents a memory domain which is a less trusted than the memory domain which it encloses. Finally, at the outer periphery of the memory domain rings is a memory domain containing user code. User code consists of any number of application programs that a user typically interacts with directly via a keyboard or some input device. User code represents the least trusted memory domain within the computer.
Typically, a large portion of the operating system is written to protect the computer from blindly executing programming instructions contained in the less trusted memory domains. These protections however, not only increase the size of the operating system code but also severely slow down the computer's operation regardless of the level of trust from which the programming instructions originated.
The memory domain ring concept recognizes the fact that some code is more trusted and thus need not be subject to rigorous operational checks by the operating system. As a result, computer architectures implemented with memory domain rings may operate faster since more trusted code is spared protective computer checks before the computer is commanded to perform various operations.
The current memory domain ring concept, however, does not support cases where co-dependent applications are equally trusted, and thus the operating system would still perform its rigorous checks that the co-dependent applications communicated with each other, even though such checks would be unnecessary.
Additionally, only hardware implementations of the memory domain concept exist. Thus, to achieve three levels of memory domain protection, the computer's hardware must be set up specifically for three levels of protection. And, to achieve ten levels of memory domain protection, the computer's hardware must be set up specifically for ten levels of protection. Due to the expense and complexity of implementing such specific multilevel protection in hardware, only the most expensive or specialized of computers support more than two levels of protection. The two levels support a most trusted memory domain for the operating system and a less trusted memory domain for user application programs.
Today, with the increasing complexity of computer system operation and the tendency toward developing specialized software that is much more trusted than a typical user application, there is a need for a computer supporting multiple levels of memory domain protections without increasing the computer's hardware complexity.
More specifically, what is needed is a better system and method for implementing N levels of memory domain protection.