Information Technology Reference
In-Depth Information
Hardware support for operating systems
In this chapter, we have described a number of hardware mechanisms to support
operating systems:
Privilege levels: user and kernel
Privileged instructions: instructions available only in kernel mode
Memory translation: to prevent user programs from accessing kernel data struc-
tures, and to aid in memory management
Exceptions: trap to the kernel on a privilege violation or other unexpected event
Timer interrupts: return control to the kernel on time expiration
Device interrupts: return control to the kernel to signal I/O completion
Interprocessor interrupts: cause another processor to return control to the kernel
System calls: trap to the kernel to perform a privileged action on behalf of a user
program
Return from interrupt: switch from kernel-mode to user-mode, to a specific loca-
tion in a user program
Boot ROM: fixed code to load startup routines from disk into memory
To support threads, we will need one additional mechanism, described in a later chap-
ter:
Atomic instructions: instructions to atomically read and modify a memory location,
used to implement synchronization in multithreaded programs
installed on the system. In practice, however, complete process isolation is still
more of an aspiration than a reality. Most operating systems are vulnerable
to malicious applications, because the attacker can exploit any vulnerability in
the implementation. Although keeping your system up to date with the latest
patches provides some level of defense, it is still inadvisable to download and
install untrusted software off the web.
In the future, we are likely to see three complementary trends:
Operating system support for fine-grained protection. Process
isolation is evolving to be more flexible and fine-grained, to reflect differ-
ent levels of trust in different applications. Even if the operating system
is successfully hardened against rogue applications, it is typical for an
application invoked by a user to have the permissions of that user. In
other words, a virus masquerading as a screen saver does not need to
compromise the operating system to steal or corrupt that user's data.
Smartphone operating systems have been the first to add these types of
