|This is the talk page for discussing improvements to the Protection ring article.|
|WikiProject Computer Security / Computing||(Rated B-class, High-importance)|
define user mode
this term is mentioned quite a few times on this page and on the page for microkernels. I have no idea what it means, and it's definition is not clear. The only thing clear is that it is the alternative to privileged/kernel model. —Preceding unsigned comment added by 18.104.22.168 (talk) 00:28, 14 August 2008 (UTC)
Confusing or unclear
This article would benefit from a clearer explanation about what a protection ring is and does. It assumes the reader knows what "one of two or more hierarchical levels or layers of privilege" means and why "rings were among the more revolutionary and visible concepts ..." The whole lead seems to step around defining what a ring is in simple terms, why it is significant, and how it is used. A very concise paragraph addressing some of the basics would be a great improvement to the lead section. JonHarder 13:57, 25 July 2006 (UTC)
- After contributions by 22.214.171.124 and myself I hope this article has become more lucid. --OzJuggler 04:15, 5 August 2006 (UTC)
Maybe a more appropriate name for this subject would be "hierarchical states of privilege". I think that's the way it's called by academics. I think there also should be a comparison between this approach and Capability-based security with MMU support; as I leaned in my computer architecture and parallel computing classes, the first approach (the one described in this article) is an obsolete technology and provides both poor protection and poor performance, compared to the second approach. Unfortunly my reference text book is in italian, but I'm looking for some english ones.--BMF81 18:19, 27 August 2006 (UTC)
I haven't found any articles here that even mention Ring -1 (hardware-mode virtualization). Perhaps this should be the place? --Frankie
There's not even a rundown of the ring levels and what they mean. This article would benefit from a table list rings and their properties, etc.
- There isn't even any explanation of the general purpose of the 80386 ring 1 or ring 2 that I can find anywhere. This article definitely should include something like that to illustrate what protection rings are good for. Daivox (talk) 16:29, 24 August 2008 (UTC)
- And I where to create an Os I would use the 4 available ring as follows:
- Ring 0
- Ring 1
- Ring 2
- (Privileged) Device Driver
- Ring 3
- User Applications
Kernel mode driver
more hypervisor background please, especially of the non-x86 type
I'd like to request more in-depth discussion on hypervisors like those running IBM mainframes, perhaps historical perspective with the (again) IBM romp vm layer that ran AIX as a guest, or any of the alternative and/or comparable approaches (sun? hp?) that predate amd's and intel's johnny-come-lately implementation of this idea. 126.96.36.199 (talk) 23:18, 9 February 2009 (UTC)
System Management Interrupt - Ring √
For quite some time now x86 processors have implemented a System Management Interrupt. This is a non-maskable interrupt similar to the NMI that causes a transition back to the BIOS (actually whatever lives at 0xA0000 behind the legacy video ram). The OS has no control over this interrupt and is not notified that the interrupt occurred in any way. It is intended to be used by motherboard manufacturers to transparently deal with special features of their boards. See  for more info about why this is important. DaBraunBird (talk) 16:59, 8 December 2009 (UTC)
ITL knows about "Ring -3"
In presentation http://invisiblethingslab.com/resources/bh09usa/Ring%20-3%20Rootkits.pdf "Introducing Ring -3 Rootkits" the "Ring -3" is defined as Intel AMT. `a5b (talk) 14:46, 10 January 2012 (UTC)
- This is merely a single reference to an invented marketing term: A rootkit runs at Ring-0, A rootkit that runs as a hypervisor runs at Ring-1, A rootkit that runs as a hyper-hypervisor, still runs at Ring-1/Hypervisor.
"Today, this high degree of interoperation between the OS and the hardware is not often cost-effective, despite the potential advantages for security and stability." Today, a very high degree of interoperation between the OS and the hardware exists, to provide performance video and secondary storage performance, as well as virtualization performance.
"Intel announced that the Clover Trail series of processors will be "Windows only", lacking the disclosed information necessary to support Linux. But Clover Trail is already a dead end for other technical and business reasons."
The statement that micro-kernels are "sacrificing performance" is too strong, and contradicted by the performance of modern micro-kernels, such as L4. — Preceding unsigned comment added by 188.8.131.52 (talk) 00:36, 8 August 2014 (UTC)