A method and system for providing secure, direct access to computer system resources, such as system memory, by a non-trusted processing entity running in an unprivileged state that request access to the resource through a device that directly accesses the resource. The device includes access-right-checking logic and is configured to verify access rights of non-trusted processing entities that attempt to access the resource through the device. By checking access rights, the device ensures that non-trusted processing entities access only those particular portions of the resource authorized for access by the secure kernel.