One problem associated with computer systems today is protecting information in a computer system from undesirable access which might be accidental or malicious. For example, it may not be desirable for users to be able to determine how certain code works, the data the code operates on, or the data structures in which the data is stored in. Information, as used herein, includes but is not limited to code, data, and/or the format that the data is stored in (also known as a “data structure”). Furthermore, for purposes of the present application, activities such as accessing, modifying and/or executing information shall be referred to hereinafter as “accessing.”
In computer terminology, “privilege” determines what actions code is allowed to perform on information in a computer system. In most operating systems, the actions that code is allowed to perform is determined by what the privilege level the code executes or resides in. For example, usually code executes in one of two privilege levels known as kernel and user. Further, code that resides in the kernel has an unlimited amount of power to perform actions, such as accessing information any where in the computer system. In contrast, code that resides in the user level has a limited amount of power to perform actions. For example, code in the user level can not access directly code or data in the kernel.
In computer terminology, “protection” refers to protecting information in the computer system from various actions being performed on that information. For example, code or data that resides in the kernel are protected from users of the computer system accessing that code or data either unintentionally or with malicious intent. Similarly, the code and data in the kernel are protected from being accessed directly by code in the user level. In contrast, code and data in the user level may be accessed by users either unintentionally or with malicious intent.
Typically, operating systems reside in the kernel and applications reside in the user level. Operating system code has a higher level of protection than user applications have. However, in general there is not a fine granularity of protection for either the operating system or for applications. For example, an application may include a set of modules and/or libraries. Some of these modules and/or libraries may come from a third party and therefore are not highly trusted. It would be desirable to provide protection in a flexible manner for certain modules and/or services in the libraries of the application in a flexible manner from other modules and/or services in the libraries.
In another example, vendor supplied application libraries typically contain critical data that might be corrupted by bad application code such as application code that de-references an un-initialized pointer. In these situations and others, it would be highly desirable to control the access of these modules as well as what these modules access whether unintentional or with malicious intent in order to provide more application robustness.