Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microprocessor system architectures – IA32 security

Published byLaureen Watkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Microprocessor system architectures – IA32 security"— Presentation transcript:

1 Microprocessor system architectures – IA32 security
Jakub Yaghob

2 Segment protection

3 Protection checks in the segmentation
Segment registers load (including selector as instruction operand) Type checking Privilege level checking Null segment checking Memory access (including instruction fetching) Limit checking

4 Privilege level checking – jumps between segments
Direct jump (CALL, JMP) Nonconforming segment CPL = DPL RPL ≤ CPL CPL remains Conforming segment Code modules as part of OS supporting applications without protected system facilities (math library) DPL represents numerically lowest CPL, which can call conforming segment CPL ≥ DPL RPL ignored CPL remains (even if DPL is not equal)

5 RET with privilege level change
CPL ≤ DPL of target (returning to less privileged level) Using RPL from CS saved on stack Loads CS:EIP/RIP from the stack Adds parameter count to ESP/RSP Number in bytes obtained from RET Loads SS:ESP/RSP – see above Again adds parameter count to ESP/RSP Check DS, ES, FS, GS If DPL< CPL, then load null segment

6 System and control registers
EFLAGS Changes in system parts silently ignored for CPL>0 IOPL, VM Changes working only during IRET for CPL=0 (return from interrupt or task) VM, RF Changes invoke #GP IF Control registers Only system instruction (CPL=0) excluding SMSW

7 System instructions LLDT, SLDT LGDT, SGDT LTR, STR LIDT, SIDT MOV CRn
LMSW, SMSW CLTS ARPL, LAR, LSL VERR, VERW MOV DRn INVD, WBINVD INVLPG HLT LOCK (Prefix) RSM RDMSR, WRMSR RDPMC, RDTSC IN, OUT, INS, OUTS CLI, STI IRET

8 Paging protection U/S flag R/W flag NX/XD flag =0 – supervisor mode
CPL 0-2 =1 – user mode CPL 3 R/W flag =0 – read-only Not used in supervisor mode, until flag WP (CR0[16]) is set =1 – read/write NX/XD flag =0 – can execute =1 – no execute

9 I/O protection Memory mapped I/O I/O space
Segment or paging protection I/O space CPL ≤ IOPL for all ports I/O permission bitmap in the TSS for CPL > IOPL or VM=1

10 IDT protection Depends on the source of interrupt
HW interrupt or an exception Ignore DPL in the proper IDT descriptor SW interrupt CPL ≤ DPL Interrupt vector number > IDT limit #GP exception

Download ppt "Microprocessor system architectures – IA32 security"

Similar presentations

Types of Code Segments Conforming Code Segment

Types of Code Segments Conforming Code Segment
Introduction to The x86 Microprocessor

Introduction to The x86 Microprocessor
FEATURES OF 80386: Two versions of are commonly available: 1) 80386DX

FEATURES OF 80386: Two versions of are commonly available: 1) 80386DX
Unit 4 Chapter-1 Multitasking. The Task State Segment.

Unit 4 Chapter-1 Multitasking. The Task State Segment.
Microprocessors system architectures – IA32 real and virtual-8086 mode Jakub Yaghob.

Microprocessors system architectures – IA32 real and virtual-8086 mode Jakub Yaghob.
Microprocessor system architectures– IA32 debugging and performance monitoring Jakub Yaghob.

Microprocessor system architectures– IA32 debugging and performance monitoring Jakub Yaghob.
Operating Systems: Segments 1 Segmentation Hardware Support single user program system: – wish somehow to relocate address 0 to after operating system.

Operating Systems: Segments 1 Segmentation Hardware Support single user program system: – wish somehow to relocate address 0 to after operating system.
X86 segmentation, page tables, and interrupts 3/17/08 Frans Kaashoek MIT

X86 segmentation, page tables, and interrupts 3/17/08 Frans Kaashoek MIT
Linux Operating System

Linux Operating System
16.317 Microprocessor Systems Design I Instructor: Dr. Michael Geiger Fall 2012 Lecture 15: Protected mode intro.

Microprocessor Systems Design I Instructor: Dr. Michael Geiger Fall 2012 Lecture 15: Protected mode intro.
8086 emulation Using Virtual-8086 mode to execute real-mode procedures in a protected-mode environment.

8086 emulation Using Virtual-8086 mode to execute real-mode procedures in a protected-mode environment.
UNIT 2 Memory Management Unit and Segment Description and Paging

UNIT 2 Memory Management Unit and Segment Description and Paging
Intel IA32 OS Support -Refresh

Intel IA32 OS Support -Refresh
1 CS503: Operating Systems Part 1: OS Interface Dongyan Xu Department of Computer Science Purdue University.

1 CS503: Operating Systems Part 1: OS Interface Dongyan Xu Department of Computer Science Purdue University.
Intel 80286.

Intel
80386DX.

80386DX.
OPERATING SYSTEM OVERVIEW. Contents Basic hardware elements.

OPERATING SYSTEM OVERVIEW. Contents Basic hardware elements.
Microprocessor system architectures – IA32 segmentation Jakub Yaghob.

Microprocessor system architectures – IA32 segmentation Jakub Yaghob.
The Pentium Processor.

The Pentium Processor.
The Pentium Processor Chapter 3 S. Dandamudi. 2005 To be used with S. Dandamudi, “Introduction to Assembly Language Programming,” Second Edition, Springer,

The Pentium Processor Chapter 3 S. Dandamudi To be used with S. Dandamudi, “Introduction to Assembly Language Programming,” Second Edition, Springer,

Similar presentations

Ads by Google