METHOD OF CONTROLLING MEMORY ACCESS
First Claim
1. A method of controlling memory access in a system including a first layer element executed in a privileged mode having a first priority of permission to access an entire region of a memory and second and third layer elements executed in an unprivileged mode having a second priority of permission to access a partial region of the memory, the method comprising:
- determining whether the memory is accessible for each page that is an address space unit, based on which mode a layer element currently accessing the memory is executed in between the privileged mode and the unprivileged mode; and
determining whether the memory is accessible based on which one of the first, second and third layer elements corresponds to a domain currently being attempted to be accessed from among a plurality of domains of the memory.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided is a method of controlling memory access. In a system including a first layer element executed in a privileged mode having a first priority of permission to access the entire region of a memory and second and third layer elements executed in an unprivileged mode having a second priority of permission to access a partial region of the memory, the method of controlling memory access determines whether the memory is accessible for each page that is an address space unit, based on which mode a layer element currently accessing the memory is executed in between the privileged mode and the unprivileged mode; and determines whether the memory is accessible based on which one of the first, second and third layer elements corresponds to a domain currently being attempted to be accessed from among a plurality of domains of the memory. Accordingly, a memory domain allocated to a guest operating system kernel is effectively protected from an application executed in the unprivileged mode in which the guest operating system kernel is executed.
76 Citations
19 Claims
-
1. A method of controlling memory access in a system including a first layer element executed in a privileged mode having a first priority of permission to access an entire region of a memory and second and third layer elements executed in an unprivileged mode having a second priority of permission to access a partial region of the memory, the method comprising:
-
determining whether the memory is accessible for each page that is an address space unit, based on which mode a layer element currently accessing the memory is executed in between the privileged mode and the unprivileged mode; and determining whether the memory is accessible based on which one of the first, second and third layer elements corresponds to a domain currently being attempted to be accessed from among a plurality of domains of the memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer readable storage medium storing a program for executing a method of controlling memory access in a system including a first layer element executed in a privileged mode having a first priority of permission to access an entire region of a memory and second and third layer elements executed in an unprivileged mode having a second priority of permission to access a partial region of the memory, the method comprising.
determining whether the memory is accessible for each page that is an address space unit, based on which mode a layer element currently accessing the memory is executed in between the privileged mode and the unprivileged mode; - and
determining whether the memory is accessible based on which one of the first, second and third layer elements corresponds to a domain currently being attempted to be accessed from among a plurality of domains of the memory.
- and
-
12. A system including a first layer element executed in a privileged mode having a first priority of permission to access an entire region of a memory and second and third layer elements executed in an unprivileged mode having a second priority of permission to access a partial region of the memory, the system comprising:
-
the memory; and a processor which determines whether the memory is accessible for each page that is an address space unit based on which mode a layer element currently accessing the memory is executed in between the privileged mode and the unprivileged mode, and which determines whether the memory is accessible based on which one of the first, second and third layer elements corresponds to a domain that is currently being accessed from among a plurality of domains of the memory. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
Specification