• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Privilege levels 80386

Privilege levels 80386



Privilege levels_80386

Privilege levels_80386



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.


11 of 1 previous next

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • cb
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Privilege levels 80386 Privilege levels 80386 Presentation Transcript

    • Privilege Levels
    • Computer system security measures prevent
      • Users from interfering with one another
      • Users from examining secure data
      • Program bugs from damaging other programs
      • Program bugs from damaging data
      • Malicious attempts to compromise system integrity
      • Accidental damage to data
    • Privilege protection
      • 80386 protection mechanism
        • Memory management
        • Privilege protection
      • 4 privilege level protection
        • PL0 (highest)
        • PL1
        • PL2
        • PL3(lowest)
      • A numerically
      • Smaller PL means a
      • Higher privilege.
      • When running in protected mode, the 80386 continually checks that the application is privileged enough to
        • Execute certain instructions.
        • Reference data other than its own.
        • Transfer control to code other than its own.
    • Executing privileged instructions
      • Privilege instructions
        • Modify interrupt flag
        • Alter segmentation
        • Affect protection mechanism
      • They are allowed only if the program is running at PL0
    • References to other data
      • Shared data
      • Programs are not allowed to read or write data items that have a higher privilege level.
    • Transferring control to other code
      • Programs are not allowed to CALL or JMP to code that does not have exactly the same privilege level that they do.
    • Defining privilege levels
      • Privileges are assigned by segment.
      • Everything contained in a segment have same privilege.
      • The privilege level is defined in the segment descriptors.
      • The privilege level of the code segment determines the current privilege level(CPL).
    • Privileged instructions
      • 19 instructions
      • Privilege instructions are those
        • That affect the segmentation and protection mechanism CPL=0
        • Alter interrupt flag
        • Perform peripheral I/O CPL <IOPL
        • numerically
      A numerically smaller PL means a higher privilege level
    • Privileged instructions
      • HLT (Halts the processor)
      • CLTS (Clear task switch flag)
      • LGDT,LIDT,LLDT(Loads GDT,IDT,LDT register)
      • LTR (Load task register)
      • LMSW (Load machine status word)
      • Mov CRn,…. (moves to control register)
      • Mov DRn,.. (moved to debug registers)
      • Mov TRn,…. (moves to test registers)
    • IOPL sensitive instructions
      • CLI Disables interrupts
      • STI Enables interrupts
      • IN Inputs data from I/O port
      • Out Outputs data to output port
    • Privildged Data References
      • Second type of privilege checking
      • DPL of code segment descriptor must have smaller value (higher privilege)than DPL of data segment descriptor.
      • After u have placed each descriptor in a descriptor table, you need to inform the processor
      • U can place theses tables anywhere in the processor’s address space and u need not keep them together.
      • To allow processor to locate the GDT, IDT and current LDT, u load three special purpose registers, GDTR, IDTR,LDTR resply.
    • GDTR,IDTR,LDTR contains
      • Base address of table
      • Limit
    • Segment Selectors
      • Once the descriptors are defined , how does the processor make use of them?
      • Any 16 bit value that u write into a segment register is called a selector, because it selects a segment descriptor from a descriptor table.
      • 15 2 1 0
    • 80386 segment registers
      • 80386 has 6 segment registers
        • One for current code segment(CS)
        • One for current stack segment (SS)
        • Four for general data segments (DS, ES,FS,GS)
      • Segment registers select segment descriptors:
        • Thirteen bits select descriptors
        • One bit selects descriptor table
        • Two bits privilege checking
    • Loading Segment Selectors
      • Any given selector value selects one and only one descriptor
      • When loading segment selector ,the 80386 check that
        • The selector index is within the descriptor table limit
        • The selector references the correct descriptor table
        • The descriptor is of correct type
        • The selector uses the correct privilege level
    • GDT GDT 0 GDT 1 GDT 2 GDTR Offset Index 2 1 0 TI RPL
    • SEGMENTATION Addressing GDT Prog GDT Main Memory Index 2 1 0 TI RPL GD 0 GD 1 GD 2 GDTR Offset
    • Addressing GDT GD 0 GD 1 GD 2 Main Memory Base Address Seg Limit Attrib Index 3 2 1 0 TI RPL GDTR Offset
    • GD 0 GD 1 GD 2 GDTR Index 2 1 0 TI RPL GDT Base Address Seg Limit Attrib + Offset
    • Local Descriptor Tables(LDT’s)
      • LDT’s act like extension to GDT
      • Are assigned to individual tasks when task switching is done.
      • While running, any program can assess descriptors from GDT and LDT
      • The way in which the processor locates LDT’s is much different, however.
    • Descriptor LDT Descriptor Descriptor Descriptor Data Descriptor Descriptor GDT LDT GDTR LDTR 1 DS ESI
    • Local Descriptor table
      • Hold segment descriptors
      • May be used in addition to the global descriptor table
      • Are defined by special “system descriptor” in GDT.
      • May be larger or smaller than GDT.
      • May not be define other LDTs