Embodiments of the present invention are directed to computer systems, and more particularly to protecting access to memory regions.
Memory-based attacks are a threat to the security of computer systems. Certain attacks involve storing malicious code such as a virus or a worm in the memory of a system, and then exploiting bugs and/or buffer overflows while running legitimate programs to transfer control to the malicious code. One approach to preventing this type of attack is to include an “execute disable” bit in a page table entry that may be used to designate pages where data is stored as non-executable, so that malicious code cannot be stored and subsequently executed from such memory spaces. However, memory based-attacks are becoming increasingly sophisticated, and additional approaches to preventing such attacks are needed. This includes protection from buffer overflows that execute existing code or corrupt memory, malicious kernel or application components, root-kits, spyware, and computer viruses.
Various protection measures exist in today's systems. For example, processes can be separated into user level processes and system level processes. These processes operate at different privilege levels and accordingly provide some measure of protection. However, these and other protection measures are implemented at a high level and provide for only coarse-grained protection, as these measures operate at process level and do not provide protection at finer grains such as at memory region levels, (e.g., at memory page level), or protect portions of processes from each other. At the same time, the various protection measures can raise complexity and impede the progress of efficient operation.