THOUSANDS OF FREE BLOGGER TEMPLATES

Thursday, June 25, 2009

Hardware Protection

HARDWARE PROTECTION

Dual-Mode Operation

•Sharing system resources requires operating system to ensure
that an incorrect program cannot cause other programs to
execute incorrectly.

•Provide hardware support to differentiate between at least two
modes of operations.

1. User mode – execution done on behalf of a user.

2. Monitor mode (also supervisor mode or system mode) –
execution done on behalf of operating system.
Operating System Concepts 2.12
Silberschatz and Galvin c 1998

· Mode bit added to computer hardware to indicate the current
mode: monitor (0) or user (1).
· When an interrupt or fault occurs hardware switches to monitor

mode
user
monitor
interrupt/fault
set user mode

· Privileged instructions can be issued only in monitor mode.
Operating System Concepts 2.13
Silberschatz and Galvin c 1998

I/O Protection

•All I/O instructions are privileged instructions.
•Must ensure that a user program could never gain control of
the computer in monitor mode (i.e., a user program that, as
part of its execution, stores a new address in the interrupt
vector).
Operating System Concepts
2.14
Silberschatz and Galvin c 1998

Memory Protection

•Must provide memory protection at least for the interrupt vector
and the interrupt service routines.
•In order to have memory protection, add two registers that
determine the range of legal addresses a program may access:
– base register – holds the smallest legal physical memory
address.
– limit register – contains the size of the range.
•Memory outside the defined range is protected.
Operating System Concepts 2.15
Silberschatz and Galvin c 1998

CPU protection

The CPU protection feature enhances the efficiency of an HP device’s CPU and Content Addressable Memory
(CAM). Some denial of service attacks make use of spoofed IP addresses. If the device must create CAM entries for a large number of spoofed IP addresses over a short period of time, it requires excessive CAM utilization. Similarly, if an improperly configured host on the network sends out a large number of packets that are normally processed by the CPU (for example, DNS requests), it requires excessive CPU utilizationThe CPU protection feature allows you to configure the HP device to automatically take actions when thresholds related to high CPU or CAM

Posted by + leah jane + at 3:23 AM  

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)