Process Isolation Using Protection Domains
First Claim
Patent Images
1. A method of isolating a plurality of operating system processes, the method comprising:
- using software protection to prevent each process of the plurality of operating system processes from accessing memory assigned to the other processes of the plurality of operating system processes;
grouping one or more processes of the plurality of operating system processes into a protection domain; and
using hardware protection to prevent the one or more processes from accessing memory assigned to the other processes of the plurality of operating system processes.
2 Assignments
0 Petitions
Accused Products
Abstract
A first plurality of operating system processes is assigned to a first protection domain, and a second plurality of operating system processes is assigned to a second protection domain. One or more hardware protection mechanisms are used to prevent the first plurality of operating system processes from accessing the memory space of the second plurality of operating system processes, and also to prevent the second plurality of operating system processes from accessing the memory space of the first plurality of operating system processes.
160 Citations
20 Claims
-
1. A method of isolating a plurality of operating system processes, the method comprising:
-
using software protection to prevent each process of the plurality of operating system processes from accessing memory assigned to the other processes of the plurality of operating system processes; grouping one or more processes of the plurality of operating system processes into a protection domain; and using hardware protection to prevent the one or more processes from accessing memory assigned to the other processes of the plurality of operating system processes. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. One or more computer readable media having stored thereon a plurality of instructions that, when executed by one or more processors, causes the one or more processors to:
-
assign a first plurality of operating system processes to a first protection domain; assign a second plurality of operating system processes to a second protection domain; and using one or more hardware protection mechanisms to prevent the first plurality of operating system processes from accessing a memory space of the second plurality of operating system processes, and to prevent the second plurality of operating system processes from accessing a memory space of the first plurality of operating system processes. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A computing device comprising:
-
a processor; and a memory, coupled to the processor, the memory storing a plurality of instructions that, when executed by the processor, cause the processor to isolate a plurality of operating system processes from each other by; using software protection to prevent each process of the plurality of operating system processes from accessing memory spaces of the other processes of the plurality of operating system processes; grouping one or more processes of the plurality of operating system processes into a protection domain; and using hardware protection to prevent the one or more processes from accessing the memory spaces of the other processes of the plurality of operating system processes. - View Dependent Claims (17, 18, 19, 20)
-
Specification