Some quick thoughts on this subject regarding x86 architecture: - I think we need to define better the term segment, because you also have selectors in case of flat mode - secondly you can provide some protection mechanism using not only rings but also memory pages and descriptor check, page directory check and page check itself - it's not only the problem of protecting memory areas but also what is a privilege instruction - for example sidt or sldt opcodes used today for identifying VMWare-alike environments - accessing other ranges of memory like I/O ports
Just my 2 cents... Regards, Alex Czarnowski AVET INS _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php