The present invention relates to a method for real-time monitoring of address regions in data processing machines, i.e. computers, particularly of such popular types as computers sold under the trademark "IBM" by International Business Machines Corp., Old Orchard Road, Armonk, N.Y. 10504 and compatibles, computers sold under the trademark "Apple" by Apple Computer, Inc., 20525 Mariani Avenue, Cupertino, Calif. 95014, computers sold under the trademark "Commodore" by Commodore Business Machines, Inc., 1200 Wilson Drive, Brandywine Industrial Park, West Chester, Pa. 19380, and computers and microcomputers sold under the trademarks "PDP," "LSI," and "VAX" by Digital Equipment Corp., 6 Tech Drive, Andover, Mass. 01810. The trademarks "PDP," "LSI," and "VAX" are acronyms standing for Programmable Data Processor, Large Scale Integration, and Virtual Address Extension, respectively. More particularly, the present invention relates to a method of real time monitoring of the address regions of memories of data processing devices wherein access to a system bus may be obtained. The method provides for protection of data processing machines and the data stored therein against unauthorized access as well as protection of their operating systems against modifications.
Prior art systems employ hierarchical levels for this purpose so as to prevent lower privilege levels from accessing higher ones. However, with skilled programming and if there are errors in the operating system, blockages between higher and lower levels can be circumvented. The basic problem in a conventional hierarchical structure is that the structure can be changed (and must be capable of change) by means of software; that is, during processing of programs, the processor operates in the various privilege levels which are changed by the software and by jump (go-to) instructions (e.g. by manipulation in the stack region of the computer memory). Although it is possible in principle to monitor important components as to whether any unauthorized modifications have been made, such monitoring takes up computer capacity and, again, can be circumvented by computer programs.