A system and method for protecting a defined range of hardware addresses or a defined set of processor instructions from being accessed or executed by unauthorized software modules. Abstraction layer code is given a range of software addresses that are permitted to access the protected addresses or execute the instructions. Authorized accesses must utilize service routines provided by the abstraction layer code. When an attempted access to a protected hardware address is detected, it is determined whether the access is from the abstraction layer code. If so, the access is permitted. If not, the access is prohibited, and an error message is generated. A basic set of authorized processor instructions and an extended set of processor instructions may be defined for a reference platform. Execution of processor instructions in the extended set is limited to authorized abstraction layers. Otherwise, the attempted execution is prohibited, and an error message is generated.