|WikiProject Computing||(Rated Start-class)|
|This article is the subject of an educational assignment at Department of Electronics and Telecommunication, College of Engineering, Pune, India supported by Wikipedia Ambassadors through the India Education Program during the 2011 Q3 term. Further details are available on the course page.|
Look out for possible copyright violations in this article
This article has been found to be edited by students of the Wikipedia:India Education Program project as part of their (still ongoing) course-work. Unfortunately, many of the edits in this program so far have been identified as plain copy-jobs from books and online resources and therefore had to be reverted. See the India Education Program talk page for details. In order to maintain the WP standards and policies, let's all have a careful eye on this and other related articles to ensure that no material violating copyrights remains in here. --Matthiaspaul (talk) 12:49, 31 October 2011 (UTC)
Material moved here from article
I have moved the following material here because it is largely unsourced; see WT:IEP for the background to this. Because the material is formatted with section headers, I have placed it in a collapse template. Mike Christie (talk - contribs - library) 21:28, 31 October 2011 (UTC)
The basic idea of using privilege levels is to ensure the safety and integrity of the most sensitive data and to prevent easy access to such data.
The Intel 80286 was the first micro-controller to incorporate measures of data protection and security. It did so by implementing the dual concepts of Protected Mode and Privilege Levels.
The protected mode could be entered by setting the Protection Enable bit of the Machine Status Word and concerns itself with the data itself. The privilege level is a designation associated with tasks and defines whether a given tack can perform predefined actions - the actions themselves being set by other tasks. It is important to note here that the whole concept of tasks with their associated privilege levels only exist in the protected mode. Outside of the protected mode, there is no meaning to the concept of a privilege level. For example, the 80296 in the real mode, is nothing but a pipelined version of the 8086.
All operations on the 80286 occur by means of tasks. A task is initiated by accessing the Task State Segment, which defines the privilege level of the task to be run. This privilege level is the Current Privilege Level. Once the CPL is assigned for a task, it cannot be altered for the duration of its execution.
Once the task begins execution, it may at - various points of time - require to access other blocks of information. This access will be allowed only if the CPL of task satisfies the requirements of the DPL of the concerned block. The requirements are as mentioned above.
Today, the ringed privilege system is extremely widespread. It can be found on a large number of computer systems along with other micro-controllers such as the ARM SAM7X series.
Tasks are given access to various descriptors on the basis of the type of the descriptor and the associated privilege levels(Current, Requested and Descriptor). The privilege levels allow the processor to control access to descriptors and hence to the corresponding memory segments. These privilege checks provide data protection and prevent any unauthorized access to data or code. Segment access occur in two principal ways:
Data Segment Access
Certain instructions that load the data, code or extra segments with selectors come under Data Segment Access. The SS register is always loaded with selectors that point to writable data segment descriptors. If the descriptor is to successfully accessed by the task, the corresponding DPL must be lower than or equal to the CPL or the RPL. In the case of the loaded SS register, the CPL and RPL must be the same as the DPL to prevent stack data from being incorrectly referenced. If this check fails, exception 13 is executed.The only exception to this is for the reading confirming code segment can be read from any privilege level.
Two other exceptions can be generated by Data Segment Access:
Control Transfer Access
If a selector is to be loaded into the CS, the following individual cases can occur, assuming that the descriptor being pointed to by the selector is valid. If it isn't, exception 11 is generated.
In both cases, if the necessary conditions between the CPL and DPL are not satisfied, then exception 13 is generated.
Changing Privilege Level
A task may need to change its privilege level during control transfers such as those encountered due to CALL or JUMP instructions. The privilege level can be altered by using confirming code segment or by call gates. A confirming code segment confirms with privilege level calling segment (specified by the 'Confirming' bit in code segment descriptor). For example, if there is control transfer from segment A to confirming segment B then, the privilege level of B would be the privilege level of A.
Areas With Privilege Levels
OS routines, interrupt handlers and a large number of other tasks can have privilege levels applied to them to improve security. They fall under three main categories:
- I've blanked some of this material closely paraphrased/copied from the Intel Datasheet. Danger High voltage! 12:23, 25 December 2011 (UTC)
Only in x86?
- "The Intel 80286 Datasheet" (PDF).
- A. K. Ray, K. M. Bhurchandi, "Advanced Microprocessors and Peripherals", Second Edition, Tata McGraw-Hill, 2009