CSCI-620-deck4(1).pdf - CSCI-620 Virtualization Role of the...

This preview shows page 1 - 10 out of 34 pages.

CSCI-620 Virtualization
Image of page 1

Subscribe to view the full document.

Role of the OS I A major job of the OS is to enforce protection I Prevent malicious (or buggy) programs from: I Allocating too many resources (denial of service) I Corrupting or overwriting shared resources (files, shared memory,...) I Prevent different users, groups, etc. from: I Accessing or modifying private state (files, shared memory,...) I Killing each other’s processes I Prevent viruses, worms, etc. from exploiting security holes in the OS I Overrunning a memory buffer in the kernel can give a non-root process root privileges
Image of page 2
Role of the OS I Operating system still need to do most of these things I Allocating resources I Writing shared resources I Accessing private state I Killing processes I How does the OS enforce protection boundaries? I 2-level protection: kernel and user mode I Multilevel protection: Ring 0-3 on Intel, and 0-63 (!) on Multics I Most operating systems use only two levels (0 and 3 on Intel) I IBM OS/2 used 3 levels (0, 2, and 3)
Image of page 3

Subscribe to view the full document.

Kernel and User Mode I What makes the kernel different from user mode? I Kernel can execute special privileged instructions I Examples of privileged instructions are: I Access to I/O devices I Manipulate memory management: set up page tables, load/flush the CPU cache, etc I Call halt instruction: put CPU into low-power or idle state until next interrupt
Image of page 4
Multilevel Protection: Rings Image courtesy of Wikipedia I Ring 0: kernel I Rings 1-2: third-party drivers (less privileged OS code), or user applications that require direct I/O (on OS/2) I Ring 3: application code
Image of page 5

Subscribe to view the full document.

Multilevel Protection: Rings I On Intel CPUs, each memory segment has an associated privilege level (0 through 3)
Image of page 6
Multilevel Protection: Rings I On Intel CPUs, each memory segment has an associated privilege level (0 through 3) I The CPU has a Current Protection Level (CPL) I Usually the privilege level of the segment where the program’s instructions are being read from
Image of page 7

Subscribe to view the full document.

Multilevel Protection: Rings I On Intel CPUs, each memory segment has an associated privilege level (0 through 3) I The CPU has a Current Protection Level (CPL) I Usually the privilege level of the segment where the program’s instructions are being read from I A process can read/write data in segments of lower privilege than CPL I For example, Kernel can read/write user memory
Image of page 8
Multilevel Protection: Rings I On Intel CPUs, each memory segment has an associated privilege level (0 through 3) I The CPU has a Current Protection Level (CPL) I
Image of page 9

Subscribe to view the full document.

Image of page 10
  • Spring '18
  • virtual machine

{[ snackBarMessage ]}

Get FREE access by uploading your study materials

Upload your study materials now and get free access to over 25 million documents.

Upload now for FREE access Or pay now for instant access
Christopher Reinemann
"Before using Course Hero my grade was at 78%. By the end of the semester my grade was at 90%. I could not have done it without all the class material I found."
— Christopher R., University of Rhode Island '15, Course Hero Intern

Ask a question for free

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern