Closely related to relocation is protection which is needed to prevent accidents or malicious interference, such as when a program overwrites memory belonging to another program. Surprisingly, a user program can never harm a program "downwind" of it, that is, any program whose base address is lower than its own base address, because that would require negative addresses, and all addresses are interpreted as unsigned, binary numbers.

Several different protection schemes exist. IBM mainframes use key-controlled memory protection. Each user program is assigned a key, which is a small unsigned binary number, usually 4-bits long. Main memory is divided into sections called banks which are equal sized, such as 4 Kilobytes long. A user program is allocated as many of these banks as were needed to store its instructions and data. When an address is generated by an instruction, the key is sent to the memory system along with the address and the memory compares that key value with the key associated with the desired bank of memory hardware. If they are different, an error is signaled. A key value of 0 is reserved for the operating system, which is allowed to tamper with any part of memory.