Hardware Protection
- Dual-Mode Operation
- I/O Protection
- Memory Protection
- CPU Protection
Dual-Mode Operation
- Sharing system resources require the operating system to ensure that an incorrect program cannot cause other programs to execute incorrectly.
- Provide hardware support to differentiate between at least two modes of operations.
- User mode – execution is done on behalf of a user.
- Monitor mode (also kernel mode or system mode) – execution is done on behalf of the operating system.
- Mode bit added to computer hardware to indicate the current mode: monitor (0) or user (1).
- When an interrupt or fault occurs hardware switches to Privileged instructions can be issued only in monitor mode.
- monitor user ,Interrupt/fault ,set user mode
I/O Protection
- All I/O instructions are privileged instructions.
- Must ensure that a user program could never gain control of the computer in monitor mode (I.e.a user program that, as part of its execution, stores a new address in the
interrupt vector).
Memory Protection
- Must provide memory protection at least for the interrupt vector and the interrupt service routines.
- In order to have memory protection, add two registers that determine the range of legal addresses a program may access:
✦ Base register – holds the smallest legal physical memory address.
✦ Limit register – contains the size of the range.
Hardware Protection
- When executing in monitor mode, the operating system has unrestricted access to both monitor and user’s memory.
- The load instructions for the base and limit registers are privileged instructions.
CPU Protection
- Timer – interrupts computer after a specified period to ensure operating system maintains control.
✦ A timer is decremented every clock tick.
✦ When the timer reaches the value 0, an interrupt occurs.
- Timer commonly used to implement time-sharing.
- Time also used to compute the current time.
- Load-timer is a privileged instruction.