Unit-4 protection ppt of database m.pptx

yashdongare22 16 views 21 slides May 17, 2024
Slide 1
Slide 1 of 21
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21

About This Presentation

Ppt of protection mode

Size: 1.25 MB
Language: en
Added: May 17, 2024
Slides: 21 pages

Slide Content

Unit - 4 Protection Computer engineering department,PCCoE

Need of protection Problem may occur in a multitasking operating systems or multi user systems when two or more users attempt to read and change the contents of a memory location at the same time. The section of a program where the value of a variable is being read and changed(critical section) must be protected from access by other tasks until the operation is complete. Another region that requires protection is the operating system code. The incorrect address in a user program may cause program to write over the critical sections of the operating system corrupting the operating system code and data areas. The system then ‘locks-up’ and the only way to get control again is to reboot the system. In a multitasking system this is intolerable, so several methods are used to protect the operating system. Computer engineering department,PCCoE

Overview of 80386DX Protection Mechanisms The 80386 uses segment level protection and page level protection mechanisms to protect critical sections. Protection in the 80386 has five aspects:- Type checking Limit checking Restriction of addressable domain Restriction of procedure entry points Restriction of instruction set Computer engineering department,PCCoE

Each reference to memory is checked by the hardware to verify that it satisfies the protection criteria. All these checks are made before the memory cycle is started; any violation prevents that cycle from starting and results in an exception. Since the checks are performed concurrently with address formation, there is no performance penalty. Computer engineering department,PCCoE

Segment Level Protection All five aspects of protection apply to segment translation: Type checking Limit checking Restriction of addressable domain Restriction of procedure entry points Restriction of instruction set The segment is the unit of protection, and segment descriptors store protection parameters. Computer engineering department,PCCoE

Protection checks are performed automatically by the CPU when the selector of a segment descriptor is loaded into a segment register and with every segment access. Segment registers hold the protection parameters of the currently addressable segments. When an attempt is made to access a segment first of all, the 80386 checks to see if the descriptor table indexed by the selector contains a valid descriptor for that selector. If the selector attempts to access a location outside the limit of the descriptor table or the location indexed by the selector in the descriptor table does not contain a valid descriptor, then an exception is produced. Computer engineering department,PCCoE

The 80386 also checks to see if the segment descriptor is of the right type to be loaded into the specified segment register cache. The descriptor for a read only data segment, for example cannot be loaded into the SS register, because a stack must be able to be written to. A selector for a code segment which has been marked “execute only” cannot be loaded into the DS register to allow reading the contents of the segment. If all above protection conditions are met, the limit, base, and access rights bytes of the segment descriptor are copied into the hidden part of the segment register. The 80386 then checks the P(present) bit of the access byte to see if the segment for that descriptor is present, a type 11 exception is generated. After a segment selector and descriptor are loaded into a segment register, further checks are made each time a location in the actual segment is accessed. These checks are type checking and limit checking. Computer engineering department,PCCoE

Type checking Type field of the descriptor specifies. Type of the descriptor and Intended usage of the segment. As mentioned in the previous section, W (Writeable), R (Readable), C(Conforming), A(Accessed) and, E(Expanded-Down) bits from type field specify the usage of the segment and restrict segment for particular use only. For example, if R bit is 1, the segment is read only segment. Its access is limited to only reading purpose. Type checking is used to detect whether any program is attempting to use segments in ways not intended by the programmer. Computer engineering department,PCCoE

Limit checking The 80386DX uses limit field of a segment descriptor to prevent programs from addressing outside the segments. It interprets limit field depending on the setting of the G(granularity) bit, which specifies whether limit value counts 1 byte or 4 kbytes . In case of data segments processor also checks ED(Expansion Direction) bit and B (Big) bit. For all types of segments expand-down data segment, the value of the limit is one less than the size (expressed in bytes) of the segments. Computer engineering department,PCCoE

The 80386DX causes a general protection exception when program attempts to :- Access memory byte at an address > limit Access memory word at an address >= limit Access memory Dword at an address >= (limit-2) For expand-down data segments, the limit is interpreted differently. In these cases the range of valid addresses is from limit +1 to either 64 K or 2 31 -1(4 Gbyte ) depending on the B bit. Computer engineering department,PCCoE

Protection levels- P rivilege L evel Protection The 80386 has four levels of protection which are optimized to support the needs of a multi tasking operating system to isolate and protect user programs from each other and the operating system. The four levels of protection are four privilege levels, numbered from 0 to 3. The value zero represents highest privilege level and value 3 represents lowest privilege level. The following figure shows how a 80386DX protected mode system can be set up with four privilege levels. It shows that operating system kernel is assigned with the highest privilege level, which is privilege level 0(PL0). The system services such as BIOS procedures are assigned with PL1, whereas custom device drivers are assigned with PL2 and finally application programs are assigned with PL3 . Computer engineering department,PCCoE

Concept of DPL,CPL,RPL and EPL The 80386DX assigns these levels to different objects such as descriptors and selectors. The assigned privilege levels are stored in the respective fields as given below. Computer engineering department,PCCoE

Descriptor Privilege Level Descriptor contain field called the Descriptor Privilege Level (DPL). It is the least privileged level at which a task may access that descriptor and the segment associated with that descriptor. It is contained in the access right byte of the descriptor of the segment. Computer engineering department,PCCoE

Current Privilege L evel The 80386DX stores the descriptors in the internal cache (hidden portion of the segment registers) for currently executing segments. Privilege levels for such descriptors are referred to as Current Privilege Level(CPL). This privilege level is also called Task Privilege Level. It specifies privilege level of currently executing task. A task’s CPL can only be changed by control transfers through gate descriptors to a code segment with a different privilege level. For example:- A n application program running at PL = 3 may call an OS routine at PL=1 (via a gate) which would cause the task’s CPL to be set to 1 until the OS routine is finished. Normally, CPL=DPL of the segment that the processor is currently executing. CPL changes as control is transferred to segments with differing DPLs. Computer engineering department,PCCoE

Requester Privilege Level Selectors contain field called the Requester’s Privilege Level(RPL). The RPL is intended to represent the privilege level of the procedure that originates a selector. RPL is the two least significant bits of selector. Computer engineering department,PCCoE

Effective Privilege Level ( EPL) When access to a new memory segment is desired, an Effective Privilege Level (EPL) is computed. This is the greater (least privileged) of CPL and RPL. EPL is defined as EPL= max {RPL,CPL} (numerically) Thus the task becomes less privileged For example:- if RPL=2 and CPL=1, EPL=2 -> task became less privileged Computer engineering department,PCCoE

Restricting Access to Data Program can load a data segment register only if the DPL of the target segment is numerically greater than or equal to the maximum of the CPL and the selector’s RPL. In other words, a procedure can only access data that is at the same or less privileged level. Following table gives idea about data access. Computer engineering department,PCCoE

Computer engineering department,PCCoE Restricting Access to Data

Accessing Data in Code Segments It is possible to read data from code segment. There are three ways of reading data from code segments. Load a data segment register with a selector of a non conforming, readable , executable segment. Load a data segment register with a selector of a conforming, readable, executable segment. Use a CS override prefix to read a readable, executable segment whose selector is already loaded in the CS register. I n case 1, procedure can only access data that is at the same or less privileged level. Case 2 is always valid because the privilege level of segment whose conforming bit is set. Case 3 is also always valid because the DPL of the code segment in CS is by definition, equal to CPL. Computer engineering department,PCCoE

Computer engineering department,PCCoE

Restricting C ontrol T ransfers The 80386DX can transfer program contro l with the help of JMP, CALL,RET,INT and IRET instructions. The “near” forms of JMP, CALL and RET transfer control within the current segment so these are subjected to only limit checking. But in case of far JMP, CALL and RET transfers, control is transferred to other segment. In such cases 80386DX performs privilege checking. To successfully transfer the control to other segment, both the RPL and the CPL must be a number less than or equal to the DPL of the segment. In other words, the privilege level of the requesting selector and current privilege level must both be greater than or equal to the privilege level of the desired segment. Max(CPL,RPL) <= DPL Computer engineering department,PCCoE
Tags
dbms
Categories
General
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 16
  • Slides 21
  • Age 562 days
Related Slideshows
Pray For The Peace Of Jerusalem and You Will Prosper 22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
Don_t_Waste_Your_Life_God.....powerpoint 26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf 31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
Fertility awareness methods for women in the society 14
Fertility awareness methods for women in the society
Isaiah47
29 views
Chapter 5 Arithmetic Functions Computer Organisation and Architecture 35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
syakira bhasa inggris (1) (1).pptx....... 5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views
View More in This Category