The architecture of most current personal computer (PC) systems, from desktop to server, may be conceptually and schematically illustrated by FIG. 1, to which reference is now made.
PC system 10 typically includes memory 20, which may be comprised within one or more processing units 12, or may be separate therefrom. Processing units 12 are typically coupled with IO devices 14[1]-14[i] via one or more IO buses 16, e.g., peripheral component interconnect (PCI) buses. Optionally, in order to make the connection between processing units 12 and IO devices 14[1]-14[i] quicker, PC system 10 may also include one or more components that communicate with the processing units 12 and control the interaction with memory 20, and the IO buses 16, e.g., a north bridge unit 18.
Typically, IO bus 16 has a flat memory and IO address space. An IO device search is done, typically at boot time, and each IO device found is mapped into the physical memory space and IO address space.
This PC architecture has several shortcomings: it does not scale well with system size, it makes it difficult to interconnect with other IO busses belonging to different PC's, and it offers very limited IO device protection, if any at all.
In theory, a Memory Management Unit (MMU) 24 which is typically coupled with CPU 26 of processing unit 12, may be used to protect the memory space of IO devices 14[1]-14[i]. 
However, typically the IO address space is not managed by the MMU 24 and, therefore, the IO address space is not protected. Moreover, in a system with multiple CPUs, or in a virtualized system with multiple partitions, each CPU or partition typically has complete access to the IO bus. Thus, any process with privileged permission, e.g., an operating system process, may access any IO device.
One known way of solving this problem is to pass all the requests to IO devices through a hosting partition. In this case, the devices are protected because the hosting partition is a trusted entity, and only it is permitted to access the devices. A second known way is to use multiple IO devices, each assigned to a different partition. In this case, the operating system is trusted not to access the devices that are not assigned to it. The hosting partition solution typically taxes the system resources, while the solution of assigning the IO devices to different partitions fails in the event of a rogue operating system, of innocent mis-configuration, or of buggy code.
Other attempts to protect the IO devices may be made by using IO memory management units (IOMMU) and/or access lists that typically record the IO access rights given to any process.