Memory and Address Protection

Memory protection is a way to control memory access rights on a computer, and is a part of most
modern instruction set architectures and operating systems. The main purpose of memory
protection is to prevent a process from accessing memory that has not been allocated to it.

Various ways for memory and address protection:

 Fence
 Relocation
 Base/bounds register
 Segmentation
 Paging

Fence
The simplest form of memory protection was introduced in single-user operating systems to
prevent a faulty user program from destroying part of the resident portion of the operating
system. As its name implies, a fence is a method to confine users to one side of a boundary.
In one implementation, the fence was a predefined memory address, enabling the
operating system to reside on one side and the user to stay on the other. An example of this
situation is shown in Figure. Unfortunately, this kind of implementation was very restrictive
because a predefined amount of space was always reserved for the operating system, whether it
was needed or not. If less than the predefined space was required, the excess space was wasted.
Conversely, if the operating system needed more space, it could not grow beyond the fence
boundary.

Another implementation used a hardware register, often called a fence register, containing the
address of the end of the operating system. In contrast to a fixed fence, in this scheme the
location of the fence could be changed. Each time a user program generated an address for data
modification, the address was automatically compared with the fence address. If the address was
greater than the fence address (that is, in the user area), the instruction was executed; if it was
less than the fence address (that is, in the operating system area), an error condition was raised.
The use of fence registers is shown in Figure

A fence register protects only in one direction. In other words, an operating system can be
protected from a single user, but the fence cannot protect one user from another user. Similarly, a
user cannot identify certain areas of the program as inviolable (such as the code of the program
itself or a read-only data area).

Relocation
Relocation is the process of taking a program written as if it began at address 0 and changing all
addresses to reflect the actual address at which the program is located in memory. In many
instances, this effort merely entails adding a constant relocation factor to each address of the
program. That is, the relocation factor is the starting address of the memory assigned for the
program.
Conveniently, the fence register can be used in this situation to provide an important extra
benefit: The fence register can be a hardware relocation device. The contents of the fence register
are added to each program address. This action both relocates the address and guarantees that no
one can access a location lower than the fence address. (Addresses are treated as unsigned
integers, so adding the value in the fence register to any number is guaranteed to produce a result
at or above the fence address.) Special instructions can be added for the few times when a
program legitimately intends to access a location of the operating system.

Paging vs Segmentation in Operating System

Paging and segmentation are both storage mechanisms that help store processes. There is a very
slight difference between these mechanisms.
Paging in Operating System
Paging is a logical concept that allows the OS to retrieve processes into the main memory from
the secondary storage. It provides faster access to data as processes are stored in the form of
pages.

The main system memory is divided into frames i.e., small fixed-size blocks of physical memory
where the size of frames is equal to the size of pages. This provides maximum utilization of the
main system memory and helps avoid external fragmentation.

Advantages of Paging in OS
 The memory management algorithm is easy to use.
 External Fragmentation is not required.
 Swapping between equal-sized pages and page frames becomes easier.

Disadvantages of Paging in OS
 Internal fragmentation.
 Additional memory consumption by Page tables.
 Memory reference overhead due to multi-level paging.

Segmentation in Operating System

Segmentation is similar to paging, except that the length of segments is variable and pages have
a fixed size. The segment of a program comprises the program’s main function, data structures,
utility functions, etc.

All this information about processes is maintained in the form of a segment map table by the
OS. This table includes a list of segment numbers, free memory blocks, their sizes, and their
memory locations in the main memory or virtual memory.

Advantages of segmentation in OS
 Provides protection within segments.
 Segments referencing multiple processes can help achieve sharing.
 No internal fragmentation
 As compared to paging, segment tables use lesser memory.

Disadvantages of Segmentation in OS
 The separation of free memory space into small pieces can cause external fragmentation.
 It is costly.

Paging vs Segmentation in OS
Paging
Fix sized pages
Internal fragmentation
Hardware decides the page size
Memory access is slower as compared
Faster memory access
Page table stores data
Sharing of procedures is not allowed
Segmentation
Variable sized segments
No internal fragmentation
The user decides the segment size
to paging
Segmentation table stores data
Sharing of procedures is allowed

Cannot distinguish and secure procedures and data
1-D address space
A single integer address is divided into page number
and offset by the hardware
Can separate and secure procedures
and data
Multiple independent address spaces
The user divides address in segment
number and offset

Access control
Access control identifies users by verifying various login credentials, which can include
usernames and passwords, PINs, biometric scans, and security tokens. Many access control
systems also include multifactor authentication (MFA), a method that requires multiple
authentication methods to verify a user's identity.

Three main types of access control systems are: Discretionary Access Control (DAC), Role
Based Access Control (RBAC), and Mandatory Access Control (MAC).

File protection
File protection in an operating system refers to the various mechanisms and techniques used to
secure files from unauthorized access, alteration, or deletion. It involves controlling access to
files, ensuring their security and confidentiality, and preventing data breaches and other security
incidents.

User Authentication
Authentication is the process of identifying users that request access to a system, network, or
device. Access control often determines user identity according to credentials like username and
password.

The user can be authenticated in one of the following ways:

 User authentication using a password

 User authentication using a physical object
 User authentication using biometrics