A hardware architecture for implementing protection rings

Michael D. Schroeder and Jerome H. Saltzer

Abstract

Protection of computations and information is an important aspect of a computer utility. In a system which uses segmentation as a memory addressing scheme, protection can be achieved in part by associating concentric rings of decreasing access privilege with a computation. This paper describes hardware processor mechanisms for implementing these rings of protection. The mechanisms allow cross-ring calls and subsequent returns to occur without trapping to the supervisor. Automatic hardware validation of references across ring boundaries is also performed. Thus, a call by a user procedure to a protected subsystem (including the the supervisor) is identical to a call to a companion user procedure. The mechanisms of passing and referencing arguments are the same in both cases as well.

Details

Publication typeInproceedings
Published inCommunications of the ACM & Proceedings of the 3rd ACM Symposium on Operating Systems Principles
URLhttp://doi.acm.org/10.1145/361268.361275
PublisherAssociation for Computing Machinery, Inc.
> Publications > A hardware architecture for implementing protection rings