Network data communication between computers allows a first application program to access the data of a second application program. In conventional application-to-application communication, the time spent passing messages between applications includes the overhead of crossing interfaces between the operating system, a device driver, and the network interface hardware. These overhead functions have been reduced to some extent by an interface design of the type referred to generally as virtual interface (VI) and described for example in “Virtual Interface Architecture Specification”, Version 1.0, Dec. 16, 1997, Compaq Computer Corp., Intel Corp., Microsoft Corps., pp. 1-83. A conventional VI is implemented with a network interface controller in the computer that hosts the first application and a second network interface controller in the computer that hosts the second application. Each network interface controller maintains work queues for transmit and receive functions.
Conventional protection mechanisms do not provide sufficient isolation between application programs. In particular, it is desirable to prevent access to work queues except by the application program that is primarily associated with such work queues. Inadvertent or intentional access and modification of work queues may initiate a chain of events that leads to improperly overwriting data or program storage with the possibility of erroneous program results, unreliable computer operation, and/or unstable network conditions