Your SlideShare is downloading. ×
  • Like
A Hardware Architecture For Implementing Protection Rings
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

A Hardware Architecture For Implementing Protection Rings


My take on this famous paper on protection rings made for my graduate OS class

My take on this famous paper on protection rings made for my graduate OS class

Published in Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On SlideShare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. A Hardware Architecture for Implementing Protection Rings Schroeder & Saltzer: Mighty Institute of Terminology (m.i.t.) Brought to you by: Chris Sosa I <3 Cornell
  • 2. Overview
    • Introduction of Protection Rings
      • Allows multiple domains to be associated with a process and process domain movement during execution
    • Hardware a.k.a. Computer Architecture Implementation of Protection Rings for Multics
  • 3. Motivation
    • Basic access control mechanisms only allow one set of access permissions (a domain) for a user per resource
    • Intrinsic need to change access capabilities of a user as his/her process runs
      • User A may wish to allow user B to access sensitive data but only through a special program
  • 4. Four Sets of Criteria to Judge Protection Mechanisms
    • Functional Capability
    • Economy
    • Simplicity
    • Programming Generality
  • 5. What is a Protection Ring?
    • This does not meet our economy criteria!
    • … let’s try again
  • 6. Protection Rings
    • Each process associated with 0 -> r-1 of domains called rings
      • Concentric = subset of privileges of n for m when m > n
    • Ring 0 =
  • 7. Protection Rings (cont’d)
    • Typical R/W/E privileges divided into brackets
    • R/W brackets must start at ring 0, why?
    • Allows for lowest-numbered ring of execution to be specified (not necessarily 0). Why might this be a good thing?
  • 8. Moving Between Protection Rings
    • Downward movement restricted to “gates”
      • Specific program locations
      • During execution allows a process to enter a lower domain
      • Example of gates?
    • Upward movement is unrestricted (but you must use a special call to do it)
  • 9. Revisiting Gate Extension
    • Bracket that defines from which rings gate movement is allowed
    • Possible use of this in Windows?
  • 10. Call and Return
    • Procedure transfer = subroutine call
    • Easy to validate protection rings
    • If Call goes through gate => validate caller’s ring w.r.t. gate extension
    • Return restores caller’s ring
  • 11. Three Issues with Downward Calls
    • Find new stack area
      • Each process has a stack segment per ring
    • Argument validation
      • Procedure assumes more restricted access capabilities of caller when accessing operand references
    • Knowledge of caller’s ring
      • Processor leaves this in a read-only register
  • 12. Other calls?
    • Dealing with a call and return that doesn’t change rings is trivial … duh!
    • Upward calls are hard
      • Their solution, let’s not support it!
      • What’s wrong with keeping the protection ring of the caller?
        • Internet Explorer bugs anyone?
  • 13. Computer Architecture Support
    • Hot or Not?
  • 14. Quick Review of the Multics before Protection Rings
    • Each user has individual VM
    • A segment is the unit of Access Control
    • Users has R/W/E privileges defined per segment (flags)
    • Flags stored in with segment descriptor in H/W
    • … for more information of hardware: see paper  (for those Clint’s out there)
  • 15. Quick Review of Multics AFTER Protection Rings
    • Eight Rings
    • Modification of SDW to include three 3-bit values for bracket management
      • R0 -> SDW.R1 = Write
      • SDW.R1 -> SDW.R2 = Execute
      • SDW.R2+1 -> SDW.R3 = Gate Extension
      • Read = Execute, loses some flexibility
    • Other modifications that only involve adding a 3-bit ring field denoting required or current ring
  • 16. An Example
    • Retrieval of Next Instruction to be executed
  • 17. Issues
    • Complicated to design user programs with rings
    • Rare to see more than two rings used
      • We have seen some exceptions … see Xen
    • Implementation lacked some features
      • Execution end bracket same as read bracket
      • Didn’t implement upward movement in terms of ring movement
  • 18. Questions?