Page 287 - DCAP103_Principle of operating system
P. 287
Principles of Operating Systems
Notes the level of the process dominates the level of the segment. Domination is a reflexive relation,
so that both read and write are permitted if the two levels are identical. (The DoD policy).
A capability is a communicable, unforgeable token of authority. It refers to a
value that references an object along with an associated set of access rights.
Describe the DoD policy in term of Protection.
OS Rings in System Protection
n practice, this means that formal mechanisms must be in place to segregate the trusted
operating system from untrusted user programs. The most reliable way to accomplish
Ithis is in hardware. If the segregation occurs in software, a software failure (such as a
buffer overflow) can be used to compromise the system. The first system to support rings
in hardware was the MULTICS time-sharing system in the 1960s, which included eight
rings. This approach of hardware-enforced rings has been almost universally adopted by
later architectures.
The most common CPU architecture in use today is the x86 compatible architecture. Beginning
with the 80286 chipset, the x86 family has provided two main methods of addressing
memory—real mode and protected mode. Real mode, limited to a single megabyte of
memory, quickly became obsolete. Protected mode provided numerous new features to
support multitasking. These included segmenting processes, so that they could no longer
write outside their address space, along with hardware support for virtual memory and
task switching.
In the x86 family, protected mode uses four priority levels, numbered 0 to 3. System memory
is divided into segments, and each segment is assigned a priority level. The processor uses the
priority level to determine what can and cannot be done with code or data within a segment.
The term rings comes from the MULTICS system, where privilege levels were visualized as
a set of concentric rings. Ring 0 is considered to be the innermost ring, with total control of
the processor. Ring 3, the outermost ring, is provided only with restricted access.
Windows, Linux, and most Unix variants all use rings, although they have generally dropped
the four-ring structure and instead adopted a two-layer approach that uses only rings 0 and
3. Security mechanisms in the hardware enforce restrictions on ring 3 by limiting code access
to segments, paging, and input/output. If a user program running in ring 3 tries to address
memory outside of its segments, hardware interrupt stops code execution. Some assembly
language instructions are not even available for execution outside of Ring 0.
Questions:
1. Which was the first system to use rings as hardware for system protection?
2. How rings can be used in system protection?
280 LOVELY PROFESSIONAL UNIVERSITY
