Microsoft Corporation
Protection domains for processes in shared address space

Abstract:

Methods, systems and computer program products provide protection domains for processes in shared address space. Multiple processes may share address space, for example, in a software isolated process running on top of a library operating system (OS). A protection domain (PD), such as a Protection Key (PKEY), may be assigned to a process to protect its allocated address spaces from access by other processes. PDs may be acquired from a host OS. A library OS may manage PDs to protect processes and/or data. A PD may be freed and reassigned to a different process or may be concurrently assigned to multiple processes, for example, when the number of processes exceeds the number of protection domains. Threads spawned by a process may inherit protection provided by a PD assigned to the process. Process PDs may be disassociated with address spaces as they are deallocated for a process or its threads.