The concept of virtual memory allows a computer system to have more addressable memory (e.g., four gigabytes) than is physically present in the computer system (e.g., 256 megabytes). To this end, each process has a memory map associated with it that maps virtual addresses allocated to that process to actual physical memory addresses. So that the physical memory can be shared without losing its contents, a memory manager trims (pages) the physical memory contents of one process to disk when the physical memory is needed by another process.
A contemporary microprocessor such as of the x86 family of microprocessors has user mode memory and kernel mode memory, and do not allow user mode processes to access kernel mode memory. Because the operating system allocates memory to user mode processes, the operating system works with the CPU to prevent memory conflicts and ensure security by prohibiting each user process from accessing the address space of other user processes. Further, different kinds of access to memory ranges, e.g., read and write access or read-only access, may be granted when memory is allocated to a process.
However, the operating system and other privileged kernel mode programs may access any memory addresses, including the memory of user mode processes. Among other things, this means that kernel mode code such as drivers can easily copy proprietary or confidential data (e.g., copyrighted content such as music or a movie) from any other process. Because contemporary operating systems are based on having freely installable drivers, of which a large existing base is available, it is not considered practical to prevent such access without entirely revising the existing model, such as by verifying the kernel mode components and not allowing other kernel mode components to be added. However, providing a verified operating system that does not allow for the installation of privileged drivers is highly impractical. As a result, a fundamental change to microprocessors that denies unrestricted memory access to all but certain trusted and verified code (e.g., a verified operating system) is considered necessary to provide content security. However, even at significant expense, such a microprocessor will not be available for a number of years.