Some operating systems set up a different address space for each process, which provides hard memory protection boundaries.
On some systems a guard page may be used, either for error detection or to automatically grow data structures.
Simulation is the use of a monitoring program to interpret the machine code instructions of some computer architectures.
The simulator must calculate the target address and length and compare this against a list of valid address ranges that it holds concerning the thread's environment, such as any dynamic memory blocks acquired since the thread's inception, plus any valid shared static memory slots.
[citation needed] It is generally not advisable to use this method of memory protection where adequate facilities exist on a CPU, as this takes valuable processing power from the computer.
Capability-based addressing is a method of memory protection that is unused in modern commercial computers.
In this method, pointers are replaced by protected objects (called capabilities) that can only be created using privileged instructions which may only be executed by the kernel, or some other process authorized to do so.
Only a few commercial products used capability based security: Plessey System 250, IBM System/38, Intel iAPX 432 architecture and KeyKOS.
Capability approaches are widely used in research systems such as EROS and Combex DARPA browser.
Currently, the DARPA-funded CHERI project at University of Cambridge is working to create a modern capability machine that also supports legacy software.
Dynamic tainting is a technique for protecting programs from illegal memory accesses.
Taint marks are then suitably propagated while the program executes and are checked every time a memory address m is accessed through a pointer p; if the taint marks associated with m and p differ, the execution is stopped and the illegal access is reported.
Oracle markets this feature as Silicon Secured Memory (SSM) (previously branded as Application Data Integrity (ADI)).
[9] The lowRISC CPU design includes dynamic tainting under the name Tagged Memory.
[10] The protection level of a particular implementation may be measured by how closely it adheres to the principle of minimum privilege.
On prior systems, such lack of protection was even used as a form of interprocess communication, by sending a pointer between processes.