Talk:Protection ring

From Wikipedia, the free encyclopedia
  (Redirected from Talk:Ring (computer security))
Jump to: navigation, search
WikiProject Computer Security / Computing  (Rated B-class, High-importance)
WikiProject icon This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
B-Class article B  This article has been rated as B-Class on the project's quality scale.
 High  This article has been rated as High-importance on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing (marked as High-importance).
 

define SPS[edit]

Is this a reference to NIST Special Publications (SPs)? — Preceding unsigned comment added by 96.252.66.105 (talk) 15:56, 18 June 2012 (UTC)

define user mode[edit]

this term is mentioned quite a few times on this page and on the page for microkernels. I have no idea what it means, and it's definition is not clear. The only thing clear is that it is the alternative to privileged/kernel model. —Preceding unsigned comment added by 209.77.137.57 (talk) 00:28, 14 August 2008 (UTC)

Confusing or unclear[edit]

This article would benefit from a clearer explanation about what a protection ring is and does. It assumes the reader knows what "one of two or more hierarchical levels or layers of privilege" means and why "rings were among the more revolutionary and visible concepts ..." The whole lead seems to step around defining what a ring is in simple terms, why it is significant, and how it is used. A very concise paragraph addressing some of the basics would be a great improvement to the lead section. JonHarder 13:57, 25 July 2006 (UTC)

  • After contributions by 68.144.178.242 and myself I hope this article has become more lucid. --OzJuggler 04:15, 5 August 2006 (UTC)

Maybe a more appropriate name for this subject would be "hierarchical states of privilege". I think that's the way it's called by academics. I think there also should be a comparison between this approach and Capability-based security with MMU support; as I leaned in my computer architecture and parallel computing classes, the first approach (the one described in this article) is an obsolete technology and provides both poor protection and poor performance, compared to the second approach. Unfortunly my reference text book is in italian, but I'm looking for some english ones.--BMF81 18:19, 27 August 2006 (UTC)

Ring -1?[edit]

I haven't found any articles here that even mention Ring -1 (hardware-mode virtualization). Perhaps this should be the place? --Frankie

There's not even a rundown of the ring levels and what they mean. This article would benefit from a table list rings and their properties, etc.

There isn't even any explanation of the general purpose of the 80386 ring 1 or ring 2 that I can find anywhere. This article definitely should include something like that to illustrate what protection rings are good for. Daivox (talk) 16:29, 24 August 2008 (UTC)
Ring 2 was/is used in OS/2 for specially privileged DLLs. Also VMS uses all 4 rings. Rings can be used to fine tune the os privileges - see VAX#Privilege_Modes. Note that in VMS the file system run in it's own ring - Filesystem in Userspace is not a very new idea.
And I where to create an Os I would use the 4 available ring as follows:
Ring 0
Hypervisor
Ring 1
(Micro)-Kernel
Ring 2
(Privileged) Device Driver
Ring 3
User Applications
But this is only one possible layout - as mentioned: VMS run the shell and the file systems in own rings. --Krischik T 14:24, 21 October 2008 (UTC)

Why[edit]

Why is elegance linked in the "Interoperation between CPU and OS levels of abstraction" section? —Preceding unsigned comment added by 207.96.162.77 (talk) 18:36, 17 December 2007 (UTC)

Kernel mode driver[edit]

What is a kernel mode driver ?. --Mac (talk) 10:35, 25 April 2008 (UTC)

more hypervisor background please, especially of the non-x86 type[edit]

Hypervisor[edit]

I'd like to request more in-depth discussion on hypervisors like those running IBM mainframes, perhaps historical perspective with the (again) IBM romp vm layer that ran AIX as a guest, or any of the alternative and/or comparable approaches (sun? hp?) that predate amd's and intel's johnny-come-lately implementation of this idea. 84.82.170.167 (talk) 23:18, 9 February 2009 (UTC)

System Management Interrupt - Ring -1[edit]

For quite some time now x86 processors have implemented a System Management Interrupt. This is a non-maskable interrupt similar to the NMI that causes a transition back to the BIOS (actually whatever lives at 0xA0000 behind the legacy video ram). The OS has no control over this interrupt and is not notified that the interrupt occurred in any way. It is intended to be used by motherboard manufacturers to transparently deal with special features of their boards. See [1] for more info about why this is important. DaBraunBird (talk) 16:59, 8 December 2009 (UTC)

SMM mode sometimes reffered as "Ring -2" `a5b (talk) 14:46, 10 January 2012 (UTC)

ITL knows about "Ring -3"[edit]

In presentation http://invisiblethingslab.com/resources/bh09usa/Ring%20-3%20Rootkits.pdf "Introducing Ring -3 Rootkits" the "Ring -3" is defined as Intel AMT. `a5b (talk) 14:46, 10 January 2012 (UTC)

This is merely a single reference to an invented marketing term: A rootkit runs at Ring-0, A rootkit that runs as a hypervisor runs at Ring-1, A rootkit that runs as a hyper-hypervisor, still runs at Ring-1/Hypervisor.

I disagree[edit]

"Today, this high degree of interoperation between the OS and the hardware is not often cost-effective, despite the potential advantages for security and stability." Today, a very high degree of interoperation between the OS and the hardware exists, to provide performance video and secondary storage performance, as well as virtualization performance.

"Intel announced that the Clover Trail series of processors will be "Windows only", lacking the disclosed information necessary to support Linux. But Clover Trail is already a dead end for other technical and business reasons."

[ http://perens.com/blog/2012/09/15/1/]