Security is an important issue within the development of integrated circuits. Components and information within these integrated circuits require some way to provide access protection to protect the integrity of these systems. A security system of some form is usually implemented to prevent unauthorized access to particular locations or components of these integrated circuit. Typically, an integrated circuits is capable of executing software in a privileged mode and a non-privileged mode. Trusted software such as the operating system, interrupt handlers, and initialization routines execute in the privilege mode. Applications or user software typically execute in a non-privileged mode and have restricted access to hardware components and memory locations. In order to access privileged locations or components, application software makes a request to the operating system which services this request on behalf of the application software. This delineation of control is needed to prevent the non-privileged application software from accessing or modifying privileged data.
It is becoming increasingly important to protect privileged information against unauthorized access. Numerous methods have been used in the past to protect this information. One such method is to encrypt the information. Another such method is termed "security through obscurity", which means that data is secured through obscuring how it is secured.
Neither encryption nor security through obscurity is sufficient on its own to protect data. Encrypted data can be decrypted, and security through obscurity can be reverse engineered.
One of the basic protections in almost all data processing systems is to separate user data from operating system data and to restrict access to privileged information by use of memory protection techniques and devices controlled by an operating system. Therefore, one of the traditional methods of illegally gaining access to this privileged information has been to gain control of the operating system by a user program. A user program by some machinations gets itself in supervisory mode, and thus has access to the privileged information. A number of different techniques have been perfected through time to achieve this goal. Some of these techniques include redirecting interrupts, passing illegal parameters to interrupt handlers, memory overflows, and masquerading as a supervisory routine. Indeed, modem technology even allows a supervisory bit to be forced to a specific value. Significant effort is made in operating system design to thwart these sorts of unauthorized entries. However, a corresponding large effort is also made to overcome these new methods of detecting unauthorized entries into the operating system and supervisory mode.
Because of the ongoing race between system developers and system crackers, it would be advantageous to be able to restrict entry into the operating system and into supervisory mode by nonauthorized users regardless of how the supervisory mode is entered.