Worms, viruses, and other forms of malware are increasingly abundant in today's digital environment. They are becoming increasingly stealthy and modular with attacks being delivered silently via applications such as browsers and through the use of drive-by downloads, where a user is directed to an infected web server hosting malicious code. Such malicious software, firmware, etc., when included into a computer system, can bring about harmful results. Worms and viruses are now capable of modifying critical kernel and/or user-space components of a computer system while the components are loaded into a memory. The effects can decrease efficiency of a system, destroy information, leak private information, infect a system, and otherwise make a computer system unstable.
While sandboxing schemes are aimed at providing protection, current sandboxing schemes cannot protect the operating system (OS), applications, or trusted drivers in the OS from other drivers or other privileged services running at the same privilege level. For example, in the ubiquitous Window computing environment, a kernel level or ring-0 program can be monitored, altered, or controlled by various other kernel level or ring-0 programs. Consequently, once malicious code is loaded, it may have access and the ability to modify or alter other critical components regardless of their ring levels.