摘要 |
<p>In a data/information processing system, a nested privilege protection is employed to protect the system when executing instructions. A first privilege protection having at least two privilege levels is enforced. Additionally, a second privilege protection having at least two sub-privilege levels is further enforced for at least one privilege level of the first privilege protection to further differentiate the privileges otherwise afforded. In one embodiment, core system services, programming language runtime support and application programs are afforded the same privilege level of the first privilege protection, and the different types of programs are afforded different sub-privilege levels of the second privilege protection to differentiate the privileges afforded by the first privilege protection. In one embodiment, the differential sub-privilege level protection is further extended to application programs of different sources, making the sytem particularly suitable for networked applications, such as accessing web servers on the Internet. In one embodiment, the first privilege protection is hardware facilitated, while the second privilege protection is software facilitated.</p> |