{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

Operating system security, memory protection

Security in Computing (3rd Edition)

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
CS 161 Computer Security Fall 2005 Joseph/Tygar/Vazirani/Wagner Notes 29 1 Operating System Security Goals: • Protecting different applications running on the same machine at the same time from each other Keep malicious/buggy user programs from crashing OS Keep malicious/buggy user programs from crashing each other • Control over what applications run on a platform Need a secure environment from HW to OS levels Today’s topics: • Hardware support for protection • Creating secure systems 2 Hardware support for protection Hardware provides two things to help isolate a program’s effects to within just that program : • Address translation Non-executable regions • Dual mode operation 2.1 Address translation What is an Address Space? • Literally, all the memory addresses a program can touch. • All the state that a program can affect or be affected by. Achieve protection by restricting what a program can touch! Hardware translates every memory reference from virtual addresses to physical addresses; software sets up and manages the mapping in the translation box (see Figure 1). CS 161, Fall 2005, Notes 29 1
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
CPU Translation Box (MMU) Physical Memory Virtual Address Physical Address Data read or write (untranslated) Figure 1: Address Translation in Modern Architectures. Two views of memory: • View from the CPU — what program sees, virtual memory • View from memory — physical memory Translation box (also called a memory management unit ) converts between the two views. Translation helps implement protection because there is no way for a program to even talk about other program’s addresses; no way for it to touch operating system code or data (see Figure 2). Translation also helps with the issue of how to stuff multiple programs into memory. Translation is implemented using some form of table lookup. Separate table for each user address space. 2.2 Dual mode operation Can an application modify its own translation tables? If it could, then it could get access to all of physical memory. Has to be restricted somehow. Dual-mode operation • When in the OS, can do anything (called “kernel mode”, “supervisor mode”, or “protected mode”) • When in a user program, restricted to only touching that program’s memory (user-mode) Implemented by setting a hardware-provided bit. Restricted operations can only be performed when the
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}