Database Reference
In-Depth Information
CPU ISA usually specifies two modes of operations, system (or supervisor/kernel/
privileged) mode and user mode (see Figure 16.12a). System mode allows a wide
accessibility to system components while user mode restricts such accessibility. In
an attempt to provide security and resource isolations, OSs in traditional systems
are executed in system mode while associated applications are run in user mode.
Some ISAs, however, support more than two rings. For instance, the Intel IA-32 ISA
supports four rings (see Figure 16.12b). In traditional systems, when Linux is imple-
mented on an IA-32 ISA, the OS is executed in ring 0 and application processes are
executed in ring 3.
A privileged instruction is defined as one that traps in user mode and does not trap
in system mode. A trap is a transfer of control to system mode, wherein the hyper-
visor (as in virtualization) or the OS (as in traditional OSs) performs some action
before switching control back to the originating process. Traps occur as side effects
of executing instructions. Overall, instructions can be classified into two different
categories:
sensitive
and
innocuous
. Sensitive instructions can be either
control-
sensitive
or
behavior-sensitive
. Control-sensitive instructions are those that attempt
to modify the configuration of resources in a system such as changing the mode of
operation or CPU timer. An example of control-sensitive instructions is load proces-
sor status word (LPSW) (IBM System/370). LPSW loads the processor status word
from a location in memory if the CPU is in system mode and traps otherwise. LPSW
contains bits that determine the state of the CPU. For instance, one of these bits is
the
P
bit, which specifies whether the CPU is in user mode or in system mode. If
executing this instruction is allowed in user mode, a malicious program can eas-
ily change the mode of operation to privileged and obtain control over the system.
Hence, to protect the system, such an instruction can only be executed in system
mode. Behavior-sensitive instructions are those whose behaviors are determined by
the current configuration of resources in a system. An example of behavior-sensitive
instructions is Pop Stack into Flags Register (POPF) (Intel IA-32). POPF pops the
flag registers from a stack held in memory. One of these flags, known as the interrupt
User level
(Apps)
User mode
(Apps)
Ring 0
(Kernel)
System
mode
(Kernel)
Ring 1
Ring 2
Ring 3
(a)
(b)
FIGURE 16.12
System modes of operation (or rings): (a) simple ISAs have two modes of
operation and (b) Intel's IA-32 allows four rings.
Search WWH ::
Custom Search