This invention relates generally to systems for protecting privileged components of a computer system.
In conventional computer systems, a ring architecture is utilized. Level 0, the most privileged level, generally is occupied by the operating system kernel. Level 1 may be occupied by operating system services while level 2 may be occupied by device drivers. Level 3, the least privileged ring, may be occupied by applications.
The various applications occupying level 3 may need to interact with the kernel at level 0. As a result, a fault in an application may result in failure of the operating system. In Windows® operating systems, third party drivers that support various devices associated with the computer system reside in the same privileged address space as the rest of the kernel. When a driver has defects resulting in a processor crash, an entire operating system must be shut down to correct the problem.
Thus there is a need for better ways to protect the operating system kernel from the adverse consequences of defects arising in drivers and particularly in so-called third party drivers supplied by vendors other than the supplier of the operating system.