The RAM can be divided into two parts. The kernel space and user space. The kernel runs in the kernel space, which no other programs can access. User programs have to run in user space. User space is a form of sand-boxing, where user programs can only access to memory that allocated to them so that they can't mess up other programs and the kernel. To use the system resource, a program uses system calls to access a certain part of the kernel space and back to user space when the call return.