An apparatus has processing circuitry for performing data processing in response to software processes and memory access circuitry for enforcing ownership rights for memory regions. A given memory region is associated with an owner realm specified from a multiple realms with each realm corresponding to a portion of at least one software process. The owner realm has a right to exclude other realms from accessing data stored in the given memory region (including realms executed at a higher privilege level). The realms are managed according to a realm hierarchy in which each realm other than a root realm is a child realm initialised in response to a command triggered by its parent realm. In response to an invalidation command, a realm management unit makes the target realm and any descendant realm of the target realm inaccessible to the processing circuitry.
展开▼