Privilege Levels

Computer system security measures prevent

Users from interfering with one another Users from examining secure data Program bugs from damaging other programs Program bugs from damaging data Malicious attempts to compromise system

integrity Accidental damage to data

Privilege protection 80386 protection mechanism

Memory management Privilege protection

4 privilege level protection PL0 (highest) PL1 PL2 PL3(lowest)

A numerically Smaller PL means aHigher privilege.

When running in protected mode, the 80386 continually checks that the application is privileged enough to

Execute certain instructions. Reference data other than its own. Transfer control to code other than its

own.

Executing privileged instructions

Privilege instructions Modify interrupt flag Alter segmentation Affect protection mechanism

They are allowed only if the program is running at PL0

References to other data

Shared data

Programs are not allowed to read or write data items that have a higher privilege level.

Transferring control to other code

Programs are not allowed to CALL or JMP to

code that does not have exactly the same

privilege level that they do.

Defining privilege levels

Privileges are assigned by segment. Everything contained in a segment have

same privilege. The privilege level is defined in the segment

descriptors. The privilege level of the code segment

determines the current privilege level(CPL).

A numerically smaller PL

means a higher privilege level

Privileged instructions

19 instructions

Privilege instructions are those That affect the segmentation

and protection mechanism CPL=0 Alter interrupt flag Perform peripheral I/O CPL <IOPL numerically

Privileged instructions

HLT (Halts the processor) CLTS (Clear task switch flag) LGDT,LIDT,LLDT(Loads GDT,IDT,LDT register) LTR (Load task register) LMSW (Load machine status word) Mov CRn,…. (moves to control register) Mov DRn,.. (moved to debug registers) Mov TRn,…. (moves to test registers)

IOPL sensitive instructions

CLI Disables interrupts STI Enables interrupts IN Inputs data from I/O port Out Outputs data to output port

Privildged Data References

Second type of privilege checking DPL of code segment descriptor must have

smaller value (higher privilege)than DPL of data segment descriptor.

After u have placed each descriptor in a descriptor table, you need to inform the processor

U can place theses tables anywhere in the processor’s address space and u need not keep them together.

To allow processor to locate the GDT, IDT and current LDT, u load three special purpose registers, GDTR, IDTR,LDTR resply.

GDTR,IDTR,LDTR contains

Base address of table Limit

Segment Selectors

Once the descriptors are defined , how does the processor make use of them?

Any 16 bit value that u write into a segment register is called a selector, because it selects a segment descriptor from a descriptor table.

15 2 1 0

INDEX RPLTI

80386 segment registers

80386 has 6 segment registers One for current code segment(CS) One for current stack segment (SS) Four for general data segments (DS, ES,FS,GS)

Segment registers select segment descriptors: Thirteen bits select descriptors One bit selects descriptor table Two bits privilege checking

Loading Segment Selectors

Any given selector value selects one and only one descriptor

When loading segment selector ,the 80386 check that The selector index is within the descriptor table limit The selector references the correct descriptor table The descriptor is of correct type The selector uses the correct privilege level

GDT

GDT 0GDT 1GDT 2

GDTR

Offset

Index

2 1 0

TI RPL

SEGMENTATION

Addressing

Index

2 1 0

TI RPL

GDT

GD 0

GD 1GD 2

GDTR

Offset

Prog

GDT

Main Memory

Addressing

Index

3 2 1 0

TI RPL

GDT

GD 0GD 1

GD 2

GDTR

Main Memory

Base AddressSeg Limit

Attrib

Offset

GD 0

GD 1

GD 2

GDTR

Index

2 1 0

TI RPL

GDT

Base AddressSeg Limit

Attrib

+

Offset

Local Descriptor Tables(LDT’s)

LDT’s act like extension to GDT Are assigned to individual tasks when task

switching is done. While running, any program can assess

descriptors from GDT and LDT The way in which the processor locates

LDT’s is much different, however.

Descriptor

LDT Descriptor

Descriptor

Descriptor

Data Descriptor

Descriptor

GDT

LDT

GDTR

LDTR

1DS

ESI

Local Descriptor table

Hold segment descriptors May be used in addition to the global descriptor

table Are defined by special “system descriptor” in

GDT. May be larger or smaller than GDT. May not be define other LDTs