protection ring
リングプロテクション
Call gate
(Intel)
Memory segmentation
protected mode
– available on x86-compatible 80286 CPUs and newer
IOPL (CONFIG.SYS directive) – an OS/2 directive to run DLL code at ring 2 instead of at ring 3
Segment descriptor
Supervisor Call instruction
System Management Mode
(SMM)
Principle of least privilege
https://en.wikipedia.org/wiki/Protection_ring