Ring of protection

A ring of protection (or boxing ring ) one of the levels of privileges is imposed by the architecture of a Processeur.

Many modern architectures of processors (architectures among which one finds popular the Intel X86) include the certain shape of protection out of ring, although the operating softwares always entirely do not exploit it.

The boxing rings were among the most revolutionary concepts implemented by the Operating system Multics, a strongly protected predecessor of the current family of the operating systems UNIX.

Description

The rings are arranged in a hierarchy going from most privileged (that which is protected, usually the number zero known as Ring0 ) at least privileged (protected, usually the highest ring). The operating system original Multics had eight rings, but much of modern systems have some less. The material knows the ring of current privilege of the instructions which are carried out constantly, thanks to special registers of the machine.

The material severely limits the ways in which the hand can be last from one ring to another, and also imposes restrictions on the types of access report which can be carried out through rings. In general there is a special instruction of call which transfers control in a protected way towards preset entrance points in rings moreover low levels (protected); this functions as a call supervised in many operating systems which employ architecture out of ring, these material restrictions being conceived to limit the occasions of accidental or malevolent infringements towards the safety of the system.

The effective use of architecture out of ring requires a close co-operation between the material (the processor) and the operating system. The latter, most of the time, exploit only two types of ring of safety, the " mode; utilisateur" and the " mode; noyau" (known as mode kernel ).

The " term; ring of protection" comes owing to the fact that one can see the various modes of privilege like concentric circles or the most privileged mode is inside and the less privileged modes go towards outside.

The processors x86

The processors of the x86 family implement four rings of privileges but in the large majority of the cases, only two are really exploited by the current operating systems (such as Microsoft Windows or derivatives of UNIX).

These two rings of protections are the ring0, the ring of protection having the most privileges, and which is the ring under which functions the system center of exploitation as well as the ring3 under which the software users functions.

The transition from a mode to another is ensured by the instruction in language Assembleur SYSENTER.

Random links: