Your SlideShare is downloading. ×
Privilege levels 80386
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Privilege levels 80386

2,069
views

Published on

Privilege levels_80386

Privilege levels_80386

Published in: Technology

1 Comment
3 Likes
Statistics
Notes
No Downloads
Views
Total Views
2,069
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
140
Comments
1
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Privilege Levels
  • 2. Computer system security measures prevent
    • Users from interfering with one another
    • Users from examining secure data
    • Program bugs from damaging other programs
    • Program bugs from damaging data
    • Malicious attempts to compromise system integrity
    • Accidental damage to data
  • 3. Privilege protection
    • 80386 protection mechanism
      • Memory management
      • Privilege protection
    • 4 privilege level protection
      • PL0 (highest)
      • PL1
      • PL2
      • PL3(lowest)
    • A numerically
    • Smaller PL means a
    • Higher privilege.
  • 4.
    • When running in protected mode, the 80386 continually checks that the application is privileged enough to
      • Execute certain instructions.
      • Reference data other than its own.
      • Transfer control to code other than its own.
  • 5. Executing privileged instructions
    • Privilege instructions
      • Modify interrupt flag
      • Alter segmentation
      • Affect protection mechanism
    • They are allowed only if the program is running at PL0
  • 6. References to other data
    • Shared data
    • Programs are not allowed to read or write data items that have a higher privilege level.
  • 7. Transferring control to other code
    • Programs are not allowed to CALL or JMP to code that does not have exactly the same privilege level that they do.
  • 8. Defining privilege levels
    • Privileges are assigned by segment.
    • Everything contained in a segment have same privilege.
    • The privilege level is defined in the segment descriptors.
    • The privilege level of the code segment determines the current privilege level(CPL).
  • 9. Privileged instructions
    • 19 instructions
    • Privilege instructions are those
      • That affect the segmentation and protection mechanism CPL=0
      • Alter interrupt flag
      • Perform peripheral I/O CPL <IOPL
      • numerically
    A numerically smaller PL means a higher privilege level
  • 10. Privileged instructions
    • HLT (Halts the processor)
    • CLTS (Clear task switch flag)
    • LGDT,LIDT,LLDT(Loads GDT,IDT,LDT register)
    • LTR (Load task register)
    • LMSW (Load machine status word)
    • Mov CRn,…. (moves to control register)
    • Mov DRn,.. (moved to debug registers)
    • Mov TRn,…. (moves to test registers)
  • 11. IOPL sensitive instructions
    • CLI Disables interrupts
    • STI Enables interrupts
    • IN Inputs data from I/O port
    • Out Outputs data to output port
  • 12. Privildged Data References
    • Second type of privilege checking
    • DPL of code segment descriptor must have smaller value (higher privilege)than DPL of data segment descriptor.
  • 13.
    • After u have placed each descriptor in a descriptor table, you need to inform the processor
    • U can place theses tables anywhere in the processor’s address space and u need not keep them together.
    • To allow processor to locate the GDT, IDT and current LDT, u load three special purpose registers, GDTR, IDTR,LDTR resply.
  • 14. GDTR,IDTR,LDTR contains
    • Base address of table
    • Limit
  • 15. Segment Selectors
    • Once the descriptors are defined , how does the processor make use of them?
    • Any 16 bit value that u write into a segment register is called a selector, because it selects a segment descriptor from a descriptor table.
    • 15 2 1 0
    INDEX RPL TI
  • 16. 80386 segment registers
    • 80386 has 6 segment registers
      • One for current code segment(CS)
      • One for current stack segment (SS)
      • Four for general data segments (DS, ES,FS,GS)
    • Segment registers select segment descriptors:
      • Thirteen bits select descriptors
      • One bit selects descriptor table
      • Two bits privilege checking
  • 17. Loading Segment Selectors
    • Any given selector value selects one and only one descriptor
    • When loading segment selector ,the 80386 check that
      • The selector index is within the descriptor table limit
      • The selector references the correct descriptor table
      • The descriptor is of correct type
      • The selector uses the correct privilege level
  • 18. GDT GDT 0 GDT 1 GDT 2 GDTR Offset Index 2 1 0 TI RPL
  • 19. SEGMENTATION Addressing GDT Prog GDT Main Memory Index 2 1 0 TI RPL GD 0 GD 1 GD 2 GDTR Offset
  • 20. Addressing GDT GD 0 GD 1 GD 2 Main Memory Base Address Seg Limit Attrib Index 3 2 1 0 TI RPL GDTR Offset
  • 21. GD 0 GD 1 GD 2 GDTR Index 2 1 0 TI RPL GDT Base Address Seg Limit Attrib + Offset
  • 22. Local Descriptor Tables(LDT’s)
    • LDT’s act like extension to GDT
    • Are assigned to individual tasks when task switching is done.
    • While running, any program can assess descriptors from GDT and LDT
    • The way in which the processor locates LDT’s is much different, however.
  • 23. Descriptor LDT Descriptor Descriptor Descriptor Data Descriptor Descriptor GDT LDT GDTR LDTR 1 DS ESI
  • 24. Local Descriptor table
    • Hold segment descriptors
    • May be used in addition to the global descriptor table
    • Are defined by special “system descriptor” in GDT.
    • May be larger or smaller than GDT.
    • May not be define other LDTs