1. Field of the Invention
This invention relates generally to a data processor, and, more particularly, to a method and apparatus for ensuring secure operation of the data processor.
2. Description of the Related Art
General purpose computing systems, such as personal computers have evolved from single task devices to multitask devices. Multitasking devices require security and protection services to protect their operating system from user processes, and to protect the processes from each other. Without protections, a rogue program, for example, could intentionally or inadvertently destroy the program code or data in the memory space belonging to the operating system or to another process.
Generally, in x86 microprocessor environments, different types of software run at varying privilege levels, and thus, have varying access to the resources of the computing system. For example, the operating system runs at the highest privilege level (Ring 0), which means that the operating system is generally free to access virtually any of the system resources. Additionally, software drivers also have a relatively high privilege level and have generally unlimited access to the resources of the computing system.
The most recent version of Microsoft's Windows® operating system, Windows 2000®, now has over one million lines of code contained in its kernel and associated kernel-mode drivers. Thus, more than one million lines of code have generally free access to the system resources. There is a significant likelihood that some security defects or other bugs exist within this massive program. Thus, it may be possible for an application program running at a relatively low privilege level to breach the security afforded by the operating system through one or more of these bugs or security defects. Alternatively, a rogue driver may also access and alter data stored in the system resources. Once allowed access to otherwise unavailable resources, such as the page table, the application program may intentionally modify data stored in memory, including the page tables. Once the page tables are modified, it may be possible to redirect the operation of the computer system to execute code from memory not originally intended. Alternatively, even an unintentional modification of the page tables could cause an application program or even the operating system to be redirected to otherwise unauthorized or unintended portions of the memory. These forays into unauthorized sections of the memory can result in one application program overwriting critical data used by another program.
In some systems, it may be useful to divide the memory into a plurality of segments, such as pages, that may have security information associated therewith. As the granularity of this information becomes greater, the amount of security data becomes greater, and thus more difficult to manage and access. For example, the time required to access a highly granular security scheme may render the operation of the system so slow that it is unworkable.
The present invention is directed to overcoming, or at least reducing the effects of, one or more of the problems set forth above.