Microprocessor system architectures – IA32 security

Slides:



Advertisements
Similar presentations
Types of Code Segments Conforming Code Segment
Advertisements

Introduction to The x86 Microprocessor
FEATURES OF 80386: Two versions of are commonly available: 1) 80386DX
Unit 4 Chapter-1 Multitasking. The Task State Segment.
Microprocessors system architectures – IA32 real and virtual-8086 mode Jakub Yaghob.
Microprocessor system architectures– IA32 debugging and performance monitoring Jakub Yaghob.
Operating Systems: Segments 1 Segmentation Hardware Support single user program system: – wish somehow to relocate address 0 to after operating system.
X86 segmentation, page tables, and interrupts 3/17/08 Frans Kaashoek MIT
Linux Operating System
Microprocessor Systems Design I Instructor: Dr. Michael Geiger Fall 2012 Lecture 15: Protected mode intro.
8086 emulation Using Virtual-8086 mode to execute real-mode procedures in a protected-mode environment.
UNIT 2 Memory Management Unit and Segment Description and Paging
Intel IA32 OS Support -Refresh
1 CS503: Operating Systems Part 1: OS Interface Dongyan Xu Department of Computer Science Purdue University.
Intel
80386DX.
OPERATING SYSTEM OVERVIEW. Contents Basic hardware elements.
Microprocessor system architectures – IA32 segmentation Jakub Yaghob.
The Pentium Processor.
The Pentium Processor Chapter 3 S. Dandamudi To be used with S. Dandamudi, “Introduction to Assembly Language Programming,” Second Edition, Springer,
Multitasking Mr. Mahendra B. Salunke Asst. Prof. Dept. of Computer Engg., STES SITS, Narhe, Pune-41 STES Sinhgad Institute of Tech. & Science Dept. of.
Microprocessor system architectures – IA32 introduction Jakub Yaghob.
80386DX.
資工系網媒所 NEWS 實驗室 /450 What is Virtualization ? etc Virtualization Running Applications (x-platform) Running Applications (x-platform) Security Sharing Hardware.
1 i386 Memory Management Professor Ching-Chi Hsu 1998 年 4 月.
1 iAPX86 Protection Electronic Computers M. 2 Protection The protection mechanism is active only after PE setting in CR0 and is used before any access.
Virtual 8086 Mode  The supports execution of one or more 8086, 8088, 80186, or programs in an protected-mode environment.  An 8086.
Operating Systems Engineering Based on MIT (2012, lec3) Recitation 2: OS Organization.
EFLAG Register of The The only new flag bit is the AC alignment check, used to indicate that the microprocessor has accessed a word at an odd.
Microprocessor system architectures – IA32 tasks Jakub Yaghob.
80386DX. Programming Model The basic programming model consists of the following aspects: – Registers – Instruction Set – Addressing Modes – Data Types.
Segment Descriptor Segments are areas of memory defined by a programmer and can be a code, data or stack segment. In segments need not be all the.
80386DX.
D P L s G D X U P Segment Descriptor A T Y P E
1 Microprocessors CSE Protected Mode Memory Addressing Remember using real mode addressing we were previously able to address 1M Byte of memory.
Page Replacement Implementation Issues Text: –Tanenbaum ch. 4.7.
10. Epilogue ENGI 3655 Lab Sessions.  We took control of the computer as early as possible, right after the end of the BIOS  Our multi-stage bootloader.
Information Security - 2. Task Switching Every process has an associated Task State Segment, whose starting point is stored in the Task register. A task.
Memory Management Unit and Segment Description and Paging
Information Security - 2. Descriptor Tables There are two descriptor tables – Global Descriptor Tables – Local Descriptor Tables The global descriptor.
Information Security - 2. Descriptor Tables Descriptors are stored in three tables: – Global descriptor table (GDT) Maintains a list of most segments.
Microprocessor system architectures – IA32 paging Jakub Yaghob.
Information Security - 2. CISC Vs RISC X86 is CISC while ARM is RISC CISC is Compiler’s heaven while RISC is Architecture’s heaven Orthogonal ISA in RISC.
contains 8086 processor and several additional functional chips: –clock generator –2 independent DMA channels –PIC –3 programmable 16-bit.
Privilege Check for Control Transfer(Code Access) Control transfers (except interrupts) are accomplished by the instructions JMP, CALL, and RET The "near"
Microprocessor Architecture
Virtualization D. J. Foreman 2009.
Homework / Exam Return and Review Exam #1 Reading Machine Projects
Protection in Virtual Mode
An Interrupt is either a Hardware generated CALL (externally derived from a hardware signal) OR A Software-generated CALL (internally derived from.
Introduction to The x86 Microprocessor
Descriptor Table & Register
16.317: Microprocessor System Design I
Microprocessor and Assembly Language
Operating Systems Engineering
Anton Burtsev February, 2017
Privilege Levels.
Electronic Computers M
143A: Principles of Operating Systems Lecture 5: Address translation
Protection UQ: Explain the protection mechanism of X86 Intel family microprocessor(10 Marks)
Information Security - 2
contains 8086 processor and several additional functional chips: clock generator 2 independent DMA channels PIC 3 programmable 16-bit timers.
x86 segmentation, page tables, and interrupts
System Segment Descriptor
Page Replacement Implementation Issues
Page Replacement Implementation Issues
Information Security - 2
80386 Instruction Set.
Computer Organization
CS444/544 Operating Systems II Virtual Memory
Presentation transcript:

Microprocessor system architectures – IA32 security Jakub Yaghob

Segment protection

Protection checks in the segmentation Segment registers load (including selector as instruction operand) Type checking Privilege level checking Null segment checking Memory access (including instruction fetching) Limit checking

Privilege level checking – jumps between segments Direct jump (CALL, JMP) Nonconforming segment CPL = DPL RPL ≤ CPL CPL remains Conforming segment Code modules as part of OS supporting applications without protected system facilities (math library) DPL represents numerically lowest CPL, which can call conforming segment CPL ≥ DPL RPL ignored CPL remains (even if DPL is not equal)

RET with privilege level change CPL ≤ DPL of target (returning to less privileged level) Using RPL from CS saved on stack Loads CS:EIP/RIP from the stack Adds parameter count to ESP/RSP Number in bytes obtained from RET Loads SS:ESP/RSP – see above Again adds parameter count to ESP/RSP Check DS, ES, FS, GS If DPL< CPL, then load null segment

System and control registers EFLAGS Changes in system parts silently ignored for CPL>0 IOPL, VM Changes working only during IRET for CPL=0 (return from interrupt or task) VM, RF Changes invoke #GP IF Control registers Only system instruction (CPL=0) excluding SMSW

System instructions LLDT, SLDT LGDT, SGDT LTR, STR LIDT, SIDT MOV CRn LMSW, SMSW CLTS ARPL, LAR, LSL VERR, VERW MOV DRn INVD, WBINVD INVLPG HLT LOCK (Prefix) RSM RDMSR, WRMSR RDPMC, RDTSC IN, OUT, INS, OUTS CLI, STI IRET

Paging protection U/S flag R/W flag NX/XD flag =0 – supervisor mode CPL 0-2 =1 – user mode CPL 3 R/W flag =0 – read-only Not used in supervisor mode, until flag WP (CR0[16]) is set =1 – read/write NX/XD flag =0 – can execute =1 – no execute

I/O protection Memory mapped I/O I/O space Segment or paging protection I/O space CPL ≤ IOPL for all ports I/O permission bitmap in the TSS for CPL > IOPL or VM=1

IDT protection Depends on the source of interrupt HW interrupt or an exception Ignore DPL in the proper IDT descriptor SW interrupt CPL ≤ DPL Interrupt vector number > IDT limit #GP exception

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.