Information Technology Reference
In-Depth Information
Exercises
1. We mentioned that for the \Hello world" program, the kernel must copy
the string from the user program into the screen memory. Why must the
screen's buer memory be protected? Explain what might happen if a
(malicious) application could alter any pixel on the screen, not just those
within its own window.
2. For each of the three mechanisms for supporting dual mode operation |
privileged instructions, memory protection, and timer interrupts | ex-
plain what might go wrong without that mechanism, assuming the system
still had the other two.
3. Suppose we had a perfect object-oriented language and compiler, so that
only an object's methods could access the internal data inside an object.
If the operating system only ran programs written in that language, would
it still need hardware memory address protection?
4. Suppose you are tasked with designing the security system for a new
web browser that supports rendering web pages with embedded web page
scripts. What checks would you need to ensure that executing buggy or
malicious scripts could not corrupt or crash the browser?
2.3
Safe control transfer
Once the kernel has placed a user process in a carefully constructed sandbox,
the next question is how do we safely transition from executing a user process to
executing the kernel and the reverse. These transitions are not rare events. A
high-performance web server, for example, might switch between user-mode and
kernel-mode hundreds or thousands of times per second. Thus, the mechanism
needs to be both fast and safe, leaving no room for a malicious or buggy program
to intentionally or inadvertently corrupt the kernel.
2.3.1
User to kernel mode
We rst focus on transitions from user-mode to kernel-mode; as we'll see, tran-
sitioning in the other direction works by \undo"ing the transition from the user
process into kernel.
There are three reasons for why the kernel will take control from a user
process: exceptions, interrupts, and system calls.
