A hardware architecture for implementing protection rings

@article{Schroeder1972AHA,
  title={A hardware architecture for implementing protection rings},
  author={Michael D. Schroeder and Jerome H. Saltzer},
  journal={Commun. ACM},
  year={1972},
  volume={15},
  pages={157-170}
}
Protection of computations and information is an important aspect of a computer utility. In a system which uses segmentation as a memory addressing scheme, protection can be achieved in part by associating concentric rings of decreasing access privilege with a computation. This paper describes hardware processor mechanisms for implementing these rings of protection. The mechanisms allow cross-ring calls and subsequent returns to occur without trapping to the supervisor. Automatic hardware… Expand
On The Advantages of Tagged Architecture
  • E. Feustel
  • Computer Science
  • IEEE Transactions on Computers
  • 1973
TLDR
The paper shows that the advantages of the change from the traditional von Neumann machine to tagged architecture are seen in all software areas including programming systems, operating systems, debugging systems, and systems of software instrumentation. Expand
The Structure of a Security Kernel for the Z8000 Multiprocessor
TLDR
This paper presents the experience of an ongoing security kernel implementation using the Advanced Micro Devices 4116 single-board computer based on the Z8002 microprocessor. Expand
Modern central processor architecture
A number of significant architectural concepts which have evolved in recent years are reviewed. These concepts are: the notion of process and the facilities for process management, such asExpand
A technique for passing reference parameters in an information-hiding architecture
TLDR
This contribution briefly outlines some parts of a paper being prepared for publication elsewhere on the design of an architecture for supporting information-hiding, where each module consists of a private database which can only be accessed by procedures belonging to the module. Expand
Reflections on an operating system design
The main features of a general purpose multiaccess operating system developed for the CDC 6400 at Berkeley are presented, and its good and bad points are discussed as they appear in retrospect.Expand
Protection: principles and practice
The protection mechanisms of computer systems control the access to objects, especially information objects. The range of responsibilities of these mechanisms includes at one extreme completelyExpand
Memory Segmentation to Support Secure Applications
TLDR
This paper argues that by implementing a capability model, it is possible to safely support creation, distribution and use of segments purely in user space and presents a working prototype of such a system implemented. Expand
Memory Segmentation to Support Secure Applications
Current CPU architectures provide only weak support for software segmentation, a key underpinning for software security techniques such as sandboxing, managed languages, and static analysis. BecauseExpand
Hardware support for memory protection in sensor nodes
  • L. Lopriore
  • Computer Science
  • Microprocess. Microsystems
  • 2014
TLDR
The proposed MPU architecture is evaluated from a number of salient viewpoints, which include the distribution, review and revocation of access permissions, and the support for important memory protection paradigms, including hierarchical contexts and protection rings. Expand
A method for implementing paged, segmented virtual memories on microprogrammable computers
TLDR
A large, segmented, paged, virtual memory makes the programming of certain applications easier and a protection system such as the MULTICS ring structure can be implemented to increase security and trap certain kinds of errors. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 53 REFERENCES
Dynamic protection structures
TLDR
This paper deals with one aspect of the subject, which might be called the meta-theory of protection systems: how can the information which specifies protection and authorizes access, itself be protected and manipulated. Expand
The multics virtual memory
TLDR
It is shown how the Multics software achieves the effect of a large segmented main memory through the use of the GE 645 segmentation and paging hardware. Expand
Address mapping and the control of access in an interactive computer
TLDR
This paper describes a much improved mechanism for protection, address mapping, and subroutine linkage for an interactive computing system. Expand
Burroughs' B6500/B7500 stack mechanism
TLDR
Through a close integration of the software and hardware disciplines, a machine organization has been developed which permits the compilation of efficient machine code and which is addressed to the solution of problems associated with multiprogramming, multiprocessing and time sharing. Expand
Program and Addressing Structure in a Time-Sharing Environment
TLDR
An account is given of some very recent developments toward reduction in the system overhead needed to facilitate time-sharing and one hardware-software scheme designed to implement this reduction is described in some detail. Expand
Programming semantics for multiprogrammed computations
The semantics are defined for a number of meta-instructions which perform operations essential to the writing of programs in multiprogrammed computer systems. These meta-instructions relate toExpand
The HITAC5020 time sharing system
TLDR
The segmentation and paging mechanism is described; then some important parts of the supervisor which are characteristic of two-dimensional addressing are discussed, especially scheduling and swapping, dynamic linking, and how to process common segments. Expand
The structure of the “THE”-multiprogramming system
TLDR
A multiprogramming system is described in which all activities are divided over a number of sequential processes, in each of which one or more independent abstractions have been implemented. Expand
Controlled information sharing in a computer utility
TLDR
It is shown that the mechanisms of the model preserve certain structural characteristics of the information, and that these properties can be directly related to the requirements regarding the control of shared information. Expand
Model ~ processor Reference Manual, Cambridge Information Systems Laboratory
  • Honeywell Information Systems Inc., Apri 1
  • 1971
...
1
2
3
4
5
...