Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security - 2

Published byDominic Cummings Modified over 5 years ago

Similar presentations

Presentation on theme: "Information Security - 2"— Presentation transcript:

1 Information Security - 2
Topic: Architectural Aid to Secure Systems Engineering V. Kamakoti RISE LAB, Department of Computer Science and Engineering IIT Madras Session – 10: X86 PROTECTED MODE details

2

3 Protected Mode Addressing
Logical Address SELECTOR OFFSET Descriptor Table Base Address Segment Descriptor Linear Address

4 A stack should not overgrow into adjoining segments
A process always executes from Code segment. It should not execute by accessing from adjoining Data or stack area or any other code area too. A stack should not overgrow into adjoining segments 500 Every segment is specified a start address and limit. Architecture checks if limit is not exceeded. CS 1000 ES 1500 SS 2000 POP EAX //Let SP be 2, Violation!!! PUSH EAX //Let SP be 498, violation POP AX //Let SP be 2, it is fine PUSH AX //Let SP be 498, it is fine mov [ES:498], AX //This is fine jmp CS:250 //This is fine jmp CS:501 //This is a violation as limit is 500 mov [ES:498], EAX //This is a violation!!! Intra and Inter process Protection

5 Interprocess Protection
Process 1 should be prevented from loading CS, such that it can access the code of Process 2 Similarly for the DS,SS, ES, FS and GS Privilege levels: [0-3] assigned to each segment. 0: Highest privilege 3: Lowest privilege Process 1 CS CS Process 1 DS Process 2 CS DS Process 2 SS SS Process 2 DS Process 1 SS Interprocess Protection

6 Privilege levels and Protection
Every segment has an associated privilege level and hence any code segment will have an associated privilege level. The CPL (Current Privilege Level) of a process is the privilege level of the code segment, the code stored in which, it is executing. A process can access segments that have privilege levels numerically greater than or equal to (less privileged than) its CPL.

7 End of Session-10 Thank You

Download ppt "Information Security - 2"

Similar presentations

Types of Code Segments Conforming Code Segment

Types of Code Segments Conforming Code Segment
Programming 8086 – Part IV Stacks, Macros

Programming 8086 – Part IV Stacks, Macros
There are two types of addressing schemes:

There are two types of addressing schemes:
Introduction to The x86 Microprocessor

Introduction to The x86 Microprocessor
Intel 80386 MP.

Intel MP.
DAT2343 80x86 “Real” Memory Addressing © Alan T. Pinck / Algonquin College; 2003.

DAT x86 “Real” Memory Addressing © Alan T. Pinck / Algonquin College; 2003.
Lect 3: Instruction Set and Addressing Modes. 386 Instruction Set (3.4) –Basic Instruction Set : 8086/8088 instruction set –Extended Instruction Set :

Lect 3: Instruction Set and Addressing Modes. 386 Instruction Set (3.4) –Basic Instruction Set : 8086/8088 instruction set –Extended Instruction Set :
Operating Systems: Segments 1 Segmentation Hardware Support single user program system: – wish somehow to relocate address 0 to after operating system.

Operating Systems: Segments 1 Segmentation Hardware Support single user program system: – wish somehow to relocate address 0 to after operating system.
X86 segmentation, page tables, and interrupts 3/17/08 Frans Kaashoek MIT

X86 segmentation, page tables, and interrupts 3/17/08 Frans Kaashoek MIT
CS2422 Assembly Language & System Programming September 22, 2005.

CS2422 Assembly Language & System Programming September 22, 2005.
16.317 Microprocessor Systems Design I Instructor: Dr. Michael Geiger Fall 2012 Lecture 15: Protected mode intro.

Microprocessor Systems Design I Instructor: Dr. Michael Geiger Fall 2012 Lecture 15: Protected mode intro.
16.317 Microprocessor Systems Design I Instructor: Dr. Michael Geiger Spring 2014 Lecture 4: x86 memory.

Microprocessor Systems Design I Instructor: Dr. Michael Geiger Spring 2014 Lecture 4: x86 memory.
Administrative Overview 6 Projects Design Review: Monday before 6:30pm Lab Friend Center 010 (“Fishbowl”)

Administrative Overview 6 Projects Design Review: Monday before 6:30pm Lab Friend Center 010 (“Fishbowl”)
Lect 4: Instruction Set and Addressing Modes. 386 Instruction Set (3.4)  Basic Instruction Set : 8086/8088 instruction set  Extended Instruction Set.

Lect 4: Instruction Set and Addressing Modes. 386 Instruction Set (3.4)  Basic Instruction Set : 8086/8088 instruction set  Extended Instruction Set.
UNIT 2 Memory Management Unit and Segment Description and Paging

UNIT 2 Memory Management Unit and Segment Description and Paging
CEG 320/520: Computer Organization and Assembly Language ProgrammingIntel Assembly 1 Intel IA-32 vs Motorola 68000.

CEG 320/520: Computer Organization and Assembly Language ProgrammingIntel Assembly 1 Intel IA-32 vs Motorola
Intel 80386 MP. 80386 (32-bit microprocessor) Designed to overcome the limits of its predecessor while maintaining the software compatibility with the.

Intel MP (32-bit microprocessor) Designed to overcome the limits of its predecessor while maintaining the software compatibility with the.
1/2002JNM1 With 20 bits, 1,048,576 different combinations are available. Each memory location is assigned a different combination. Each memory location.

1/2002JNM1 With 20 bits, 1,048,576 different combinations are available. Each memory location is assigned a different combination. Each memory location.
Microprocessor system architectures – IA32 segmentation Jakub Yaghob.

Microprocessor system architectures – IA32 segmentation Jakub Yaghob.
The Pentium Processor.

The Pentium Processor.

Similar presentations

Ads by Google