Privilege Levels.

Slides:

Advertisements

Similar presentations

Processor Privilege-Levels

Advertisements

Types of Code Segments Conforming Code Segment

1/1/ / faculty of Electrical Engineering eindhoven university of technology Memory Management and Protection Part 3:Virtual memory, mode switching,

Unit 4 Chapter-1 Multitasking. The Task State Segment.

Microprocessors system architectures – IA32 real and virtual-8086 mode Jakub Yaghob.

Operating Systems: Segments 1 Segmentation Hardware Support single user program system: – wish somehow to relocate address 0 to after operating system.

Processor Privilege-Levels How the x86 processor accomplishes transitions among its four distinct privilege-levels.

X86 segmentation, page tables, and interrupts 3/17/08 Frans Kaashoek MIT

Microprocessor Systems Design I Instructor: Dr. Michael Geiger Fall 2012 Lecture 15: Protected mode intro.

UNIT 2 Memory Management Unit and Segment Description and Paging

1 Computer System Overview Chapter 1. 2 n An Operating System makes the computing power available to users by controlling the hardware n Let us review.

Microprocessor system architectures – IA32 segmentation Jakub Yaghob.

Multitasking Mr. Mahendra B. Salunke Asst. Prof. Dept. of Computer Engg., STES SITS, Narhe, Pune-41 STES Sinhgad Institute of Tech. & Science Dept. of.

CSC 660: Advanced Operating SystemsSlide #1 CSC 660: Advanced OS Memory Addressing / Kernel Modules.

System Address Registers/Memory Management Registers Four memory management registers are used to specify the locations of data structures which control.

1 i386 Memory Management Professor Ching-Chi Hsu 1998 年 4 月.

1 iAPX86 Protection Electronic Computers M. 2 Protection The protection mechanism is active only after PE setting in CR0 and is used before any access.

Virtual 8086 Mode  The supports execution of one or more 8086, 8088, 80186, or programs in an protected-mode environment.  An 8086.

Microprocessor system architectures – IA32 tasks Jakub Yaghob.

Segment Descriptor Segments are areas of memory defined by a programmer and can be a code, data or stack segment. In segments need not be all the.

D P L s G D X U P Segment Descriptor A T Y P E

The LC-3 – Chapter 5 COMP 2620 Dr. James Money COMP

1 Microprocessors CSE Protected Mode Memory Addressing Remember using real mode addressing we were previously able to address 1M Byte of memory.

Page Replacement Implementation Issues Text: –Tanenbaum ch. 4.7.

Microprocessor system architectures – IA32 security

Introduction to Intel IA-32 and IA-64 Instruction Set Architectures.

Information Security - 2. Task Switching Every process has an associated Task State Segment, whose starting point is stored in the Task register. A task.

Memory Management Unit and Segment Description and Paging

Information Security - 2. Descriptor Tables There are two descriptor tables – Global Descriptor Tables – Local Descriptor Tables The global descriptor.

Information Security - 2. Descriptor Tables Descriptors are stored in three tables: – Global descriptor table (GDT) Maintains a list of most segments.

Information Security - 2. CISC Vs RISC X86 is CISC while ARM is RISC CISC is Compiler’s heaven while RISC is Architecture’s heaven Orthogonal ISA in RISC.

contains 8086 processor and several additional functional chips: –clock generator –2 independent DMA channels –PIC –3 programmable 16-bit.

Privilege Check for Control Transfer(Code Access) Control transfers (except interrupts) are accomplished by the instructions JMP, CALL, and RET The "near"

32- bit Microprocessor-Intel 80386

Protection in Virtual Mode

Introduction to The x86 Microprocessor

Assembly language.

Descriptor Table & Register

16.317: Microprocessor System Design I

Microprocessor and Assembly Language

Operating Systems Engineering

Segment Definition The CPU has several segment registers:

Microprocessor Systems Design I

Anton Burtsev February, 2017

Day 08 Processes.

Day 09 Processes.

Electronic Computers M

143A: Principles of Operating Systems Lecture 5: Address translation

Protection UQ: Explain the protection mechanism of X86 Intel family microprocessor(10 Marks)

Information Security - 2

x86 segmentation, page tables, and interrupts

System Segment Descriptor

Page Replacement Implementation Issues

Introduction to Assembly Language

Intel Microprocessor.

Operating Modes UQ: State and explain the operating modes of X86 family of processors. Show the mode transition diagram highlighting important features.(10.

Introduction to Intel IA-32 and IA-64 Instruction Set Architectures

Page Replacement Implementation Issues

Architectural Support for OS

Information Security - 2

UNIT-VII Advanced Micro Processors Introduction to 80286

Architectural Support for OS

Computer Architecture and System Programming Laboratory

CS444/544 Operating Systems II Virtual Memory

Procedures and Macros.

Presentation transcript:

Privilege Levels

Current Privilege Level(CPL) Also called Task Privilege Level It specifies privilege level of currently executing task A task’s CPL can only be changed by control transfers through gate descriptors to a code segment with a different privilege level. E.g. an application program running at PL = 3 may call an OS routine at PL = 1 (via a gate) which would cause the task's CPL to be set to 1 until the OS routine is finished.

Current Privilege Level(CPL) Normally, CPL = DPL of the segment that the processor is currently executing. CPL changes as control is transferred to segments with differing DPLs.

Requestor Privilege Level (RPL) RPL is the two least significant bits of selector RPL is used to establish a less trusted privilege level than CPL for the use of a segment and this level is called the task's Effective Privilege Level (EPL). EPL is defined as EPL = max { RPL,CPL } (numerically) Thus the task becomes less privileged E.g. If RPL = 2 and CPL = 1, EPL = 2  task becomes less privileged

Descriptor Privilege Level (DPL) It is the least privileged level at which a task may access that descriptor and the segment associated with that descriptor It is contained in the access right byte of the descriptor of the segment

Restricting Access to Data To address operands an 80386 program must load the selector of a data segment into a data-segment register (DS, ES, FS, GS, SS). The processor automatically evaluates access to a data segment by comparing privilege levels. The evaluation is performed at the time a selector for the descriptor of the target segment is loaded into the data-segment register.

Restricting Access to Data Three different privilege levels enter into this type of privilege check: 1. CPL 2. RPL of the selector of target segment 3. DPL of the descriptor of the target segment Instructions may load a data-segment register only if DPL(data) ≥ max {CPL(proc),RPL} numerically A procedure can only access data that is at the same or less privileged level.

Privilege Check for Data Access

Privilege Check for Control Transfer(Code Access) Control transfers (except interrupts) are accomplished by the instructions JMP, CALL, and RET The "near" forms of JMP, CALL, and RET transfer within the current code segment and hence does not require privilege checks. The "far" forms of JMP and CALL refer to other segments and hence requires privilege checking.

Privilege Check for Control Transfer There are two ways a JMP or CALL can transfer to another segment 1. Without call gate 2. With call gate

Types of Code Segments Conforming Code Segment There are two types of code segments: Conforming Code Segment Nonconforming Code Segment

Conforming Code Segment An executable segment whose descriptor has the conforming bit set It permits sharing of procedures that may be called from various privilege levels but should execute at the privilege level of the calling procedure. Example: math libraries When control is transferred to a conforming segment, the CPL does not change