1. Field of the Invention
This invention relates generally to a data processor, and, more particularly, to a method and apparatus for ensuring secure operation of the data processor.
2. Description of the Related Art
General purpose computing systems, such as personal computers have evolved from single task devices to multitask devices. Multitasking devices require security and protection services to protect their operating system from user processes, and to protect the processes from each other. Without protections, a rogue program, for example, could intentionally or inadvertently destroy the program code or data in the memory space belonging to the operating system or to another process.
In some systems, at least a portion of the security is obtained by implementing a memory management scheme that divides memory into sections typically known as pages. Access to these pages may then theoretically be limited or controlled by the operating system. FIG. 1 generally illustrates a block diagram representation of a typical system 100 for organizing memory based on a paging scheme. The system 100 receives a virtual address and converts the virtual address to a physical address using a multi-level lookup table.
The virtual address is composed of a page portion 102 and an offset portion 104. The page portion 102 is further broken down into a directory portion and a page table portion, which are used in a multi-table lookup process. The first table is a directory table 106, which has stored therein the addresses for a plurality of second tables, which includes a page table 108. Only one of the page tables 108 is shown herein for ease of illustration. The directory portion of the virtual address is used as a pointer into the directory table 106 to retrieve the starting address for the page table that corresponds to the particular virtual address. The page table portion of the virtual address is added to the starting address retrieved from the directory table 106 to point to a particular location within the identified page table 108. The particular location within the identified page table 108 contains a starting address of the corresponding page in physical memory 110. The offset portion 102 of the virtual address is added to the starting address of the corresponding page in physical memory 110 to arrive at the physical address that corresponds with the virtual address.
Generally, in ×86 microprocessor environments, different types of software run at varying privilege levels, and thus, have varying access to the resources of the computing system. For example, the operating system runs at the highest privilege level (Ring 0), which means that the operating system is generally free to access virtually any of the system resources. Additionally, software drivers also have a relatively high privilege level and have generally unlimited access to the resources of the computing system.
The most recent version of Microsoft's Windows® operating system, Windows 2000®, now has over one million lines of code contained in its kernel and associated kernel-mode drivers. Thus, more than one million lines of code have generally free access to the system resources. There is a significant likelihood that some security defects or other bugs exist within this massive program. Thus, it may be possible for an application program running at a relatively low privilege level to breach the security afforded by the operating system through one or more of these bugs or security defects. Once allowed access to otherwise unavailable resources, such as the page table, the application program may intentionally modify data stored in memory, including the page tables. Once the page tables are modified, it may be possible to redirect the operation of the computer system to execute code from memory not originally intended. Alternatively, even an unintentional modification of the page tables could cause an application program or even the operating system to be redirected to otherwise unauthorized or unintended portions of the memory. These forays into unauthorized sections of the memory can result in one application program overwriting critical data used by another program.
The present invention is directed to overcoming, or at least reducing the effects of, one or more of the problems set forth above.