Page 274 - DCAP103_Principle of operating system
P. 274
Unit 8: System Protection
performing user level processing. A purely physical, and very reliable method must be used Notes
for most real-world applications.
A physical means for implementing protection is typically provided by architectural features
of computer hardware. In order to provide physical partitioning, we must assure that there
is no path through which information can flow between users. In the hardware domain,
information is typically processed by finite state machines (FSMs) which maintain a state,
and transform inputs combined with state information into outputs and changes in state
[ ]. The only information that persists in such a system is state information, and thus we
can protect information from flowing between domains by keeping their state information
separate. This is just like OSs based on a sign-up sheet, wherein each user has full access
to the machine over a different period of time.
A typical model for a computer system is the Von Neumann model in which a machine consists
of a control unit (C), an input and output unit (I/O), an arithmetic logic unit (ALU), and a
memory unit (M) VonNeumann63. The machine fetches instructions telling it what to do next
from the memory. The control unit which consists of FSMs then controls M, I/O, ALU, and C
to implement the instructions. In most such machines, state information is maintained in a set
of special memory elements called “registers”, in M, and in peripheral devices such as disks
and tapes.
There are generally two classes of these registers. One class is used primarily by C for
remembering the instruction being performed, the portion of the instruction currently under
way, the conditions of the ALU, the memory location of the next instruction to be performed,
and other control related information. The other class is used to store the current values of data
registers associated with user programs including the result of the last arithmetic operation, the
user’s general purpose registers, and other user data.
Registers are generally quite expensive to implement compared to the state information stored
in M and I/O devices, they operate at extremely high speeds compared to state information
stored M and I/O, and they are central to the interpretation of instructions, so they must be
connected to many other devices using specially designed complex switching devices. As a
result, it is generally not cost or performance effective to provide enough sets of registers to
store state information for all of the processes that could possibly coexist on a typical machine.
As an alternative, designers provide two sets of registers that can be stored in and reloaded
from M, the set of registers in use at any given time being associated with the protection state
of the machine.
When the OS is executing its ‘kernel’ program, it uses a completely independent set of state
information from that used by any other process, and it generally has access to the full range of
hardware instructions available to the physical machine. When any other program is operating, it
generally uses limited state information, and has access to only a limited number of instructions
that effect the physical machine. When the machine is using the kernel registers and has full
access, we will say the machine is running in the kernel state, or kernel mode, and when the
other state registers are used and limited instructions are allowed, we say the machine is in the
user state, or user mode. Several citations are given in [ ] for protected hardware states, but as
yet, the originator of this concept has not been identified.
In user mode, machine instructions that are only allowed to kernel mode cannot be executed,
so a typical method for providing these services to users is through ‘system calls’. A system
call is typically implemented by executing an instruction which is not allowed in user mode.
This causes an error which the hardware interprets as a request to change to the kernel mode.
LOVELY PROFESSIONAL UNIVERSITY 267
