Hardware Protection

• Dual-Mode Operation
• I/O Protection
• Memory Protection
• CPU Protection

Dual-Mode Operation

• Sharing system resources require the operating system to ensure that an incorrect program cannot cause other programs to execute incorrectly.
• Provide hardware support to differentiate between at least two modes of operations.
• User mode – execution is done on behalf of a user.
• Monitor mode (also kernel mode or system mode) – execution is done on behalf of the operating system.
• Mode bit added to computer hardware to indicate the current mode: monitor (0) or user (1).
• When an interrupt or fault occurs hardware switches to Privileged instructions can be issued only in monitor mode.
• monitor user ,Interrupt/fault ,set user mode

I/O Protection

• All I/O instructions are privileged instructions.
• Must ensure that a user program could never gain control of the computer in monitor mode (I.e.a user program that, as part of its execution, stores a new address in the

interrupt vector).

Memory Protection

• Must provide memory protection at least for the interrupt vector and the interrupt service routines.
• In order to have memory protection, add two registers that determine the range of legal  addresses a program may access:

✦ Base register – holds the smallest legal physical memory address.

✦ Limit register – contains the size of the range.

Hardware Protection

• When executing in monitor mode, the operating system has unrestricted access to both monitor and user’s memory.
• The load instructions for the base and limit registers are privileged instructions.

CPU Protection

• Timer – interrupts computer after a specified period to ensure operating system maintains control.

✦ A timer is decremented every clock tick.

✦ When the timer reaches the value 0, an interrupt occurs.

• Timer commonly used to implement time-sharing.
• Time also used to compute the current time.
• Load-timer is a privileged instruction.