Memory ProtectionBy Justin Poirier
This article requires an understanding of segmentation, which is described by example in Classroom306's article on Pentium modes for memory addressing; and virtual memory, as described in Classroom306's article on the subject.
Of systems using segmentation, only those in protected mode can have memory protection. Descriptor tables keep track of the process(es) that has permission to access a segment, and test this against each process that tries to access it. If they are different, a general protection fault is raised.
For systems with paging, either each process will have its own virtual address space, in which case a process attempting to access an address without permission simply won't have a page mapped for that address; or programs will share an address space, in which case the table entry for the page of an address that a process is illegally attempting to access will indicate that the process does not have permission. Either way, a special kind of page fault called a protection fault is thrown. The operating system code to handle page faults must identify it as a protection fault and deal with it accordingly.
The above methods protect all process memory, including dynamically-allocated memory.
Memory protection only protects memory of one process from direct access by another process. A process's memory can still be corrupted by malicious input to the program. This can occur via techniques like stack buffer overflows and heap overflows.