Share on Facebook Tweet on Twitter Share on LinkedIn Share by email
A hardware architecture for implementing protection rings

Michael D. Schroeder and Jerome H. Saltzer


Protection of computations and information is an important aspect of a computer utility. In a system which uses segmentation as a memory addressing scheme, protection can be achieved in part by associating concentric rings of decreasing access privilege with a computation. This paper describes hardware processor mechanisms for implementing these rings of protection. The mechanisms allow cross-ring calls and subsequent returns to occur without trapping to the supervisor. Automatic hardware validation of references across ring boundaries is also performed. Thus, a call by a user procedure to a protected subsystem (including the the supervisor) is identical to a call to a companion user procedure. The mechanisms of passing and referencing arguments are the same in both cases as well.


Publication typeInproceedings
Published inCommunications of the ACM & Proceedings of the 3rd ACM Symposium on Operating Systems Principles
PublisherAssociation for Computing Machinery, Inc.
> Publications > A hardware architecture for implementing protection rings