A data processing system having an architecture for protecting selected system files. The data processing unit includes a secure processing unit operating in a manner independent of the operation of the remainder of the data processing unit for storing and comparing system file attributes and user entity attributes. The comparison of attributes is performed in accordance with a table in the secure processing unit containing the security context. The secure processing unit alone is able to manipulate special data groups called distinguished data objects. The secure processing unti also manipulates a data object identifier that isolates the indentification of the system files from the actual memory storage locations. Apparatus and method are also disclosed for providing secure creation of protected system files that in part eliminates interruption of the data processing system in the process. The architecture also facilitates secure transfer of files between data processing systems.