1. Technical Field
The present invention relates in general to improved memory protection and in particular to improved object-based memory protection. Still more particularly, the present invention relates to providing key-controlled object-based memory protection, where keys are assigned at a page level granularity to indicate page association with a data object and each module is allowed access to the pages assigned to at least one data object.
2. Description of the Related Art
It is common for computer software to be programmed to use a flat address space within memory. In particular, the flat address space may be implemented within a global address space that is shared among multiple software components. The global address space provides an easy programming mode and efficient memory access performance.
Within a computer system, it is important that the components of an operating system and other program components are protected from one another's activities. In particular, when a global address space is shared among multiple software components, it is important to ensure that memory, files, and other objects can be operated on by only those components that have gained proper authorization from the operating system.
One reason that protection of memory and other objects is important is that there is a need to prevent mischievous, intentional violation of memory and other objects. In addition, protection of memory and other objects is important to protect against accidental memory overlays that degrade data.
One method of providing memory protection for a flat address space is by updating page table entries holding a memory address for each page of memory with a page protector specifying the access allowed to each page by a current module as that module is loaded for execution. Changing memory protection by changing page protectors in page table entries, however, is extremely time consuming. In particular, the page protector for a single page may be stored in multiple locations, such as a translation lookaside buffer, cache, and page table, wherein changing the protection levels of memory requires changing the page protector value in multiple buffers and memory locations which is both time consuming and an inefficient manner of changing memory protection.
To avoid the time consuming nature of changing memory protection at the page table level, some operating systems implement memory hierarchies for memory protection. In particular, in a hierarchical memory scheme, memory is arranged in a hierarchy, such that each software component can be programmed to have access to a particular ring within the hierarchy and all rings surrounding the particular ring. A core component, such as an operating system kernel may be programmed to be fully addressable, with access to the core of the hierarchical rings access to all memory rings; other components are programmed to have limited addressability to a particular ring or rings.
Within a hierarchical memory protection scheme, memory protection can be adjusted by changing the memory included in a ring, without requiring updates to the page table and buffers, however existing software components are not organized to support hierarchical memory. Thus, hierarchical memory schemes are limited because software modules must be restructured to fit into a hierarchical memory protection scheme. In addition, organizing memory in a hierarchical fashion is limited because the way that memory must be grouped into protection levels does not necessarily correlate with object-oriented software components.
Therefore, in view of the foregoing, there is a need for a method, system, and program for an efficient and inexpensive memory protection scheme that organizes and protects pages of memory allocated within a flat, global address space. In particular, there is a need for a method, system, and program to quickly change the protection level of a page of memory without requiring a change of a protection key in the page table and buffers.