Need of Protection

• Problem may occur in a multitasking OS or

multi user systems when two or more users
attempt to read and change the content of a
memory location at the same time – The
section of program must be protected by other
task until the operation must be complete.
• .

1 1
• Protection which isolate and protect user
programs from each other and the operating
system

2
 Need of Protection,
Overview of 80386DX Protection

• The 80386 Uses

• 1) Segment Level Protection and
• 2) Page level Protection mechanism

• Before memory cycle, each memory reference

is checked by the hardware to verify that it
satisfies the protection criteria
3
 Segment Level Protection
• Has five aspects
• Type Checking
• Limit Checking
• Restriction of addressable domain
• Restriction of procedure entry point
• Restriction of Instruction Set.

4
 Segment Level Protection
• Type Checking:
• Type field of the descriptor specifies
1. Type of descriptor (system/non-
system)
2. Intended usage of the segment. Ex. If
the segment is read only segment then
its accessed is limited to only reading
purpose

5
 Segment Level Protection
• Limit Checking:
• To prevent program from addressing outside the
segments.
• It interprets limit field depending on the setting of the G
(granularity) bit, which specifies whether limit value
counts 1 byte or 4 Kb.

6
 Privilege Level Protection
• 80386 DX has four levels of protection which
isolate and protect user programs from each
other and the operating system
• The privilege levels (PL) are numbered 0
through 3.
• Level 0 is the highest privilege level and level
3 is the lowest privilege level

7 7
 Protection
Operating System Operating System
Services Kernel

Level 0

Level 1
Level 2

Level 3

Applications
8
 Rules for Privileges
• Intel 80386DX controls access to both data
and procedures according to the following
rules:
(1) Data segment with privilege level p can be
accessed only by the code executing at a
privilege level at least privileged as p
(E.g. Application programs are prevented
from reading or changing OS Tables)

VIIT,Pune 9
 Rules for Privileges
(2) A code segment with a privilege level P can
only be called by a task executing at the same
or higher privilege level than P
E.g. Task running at level 2 can be called by task
of level 2 or level 1

VIIT,Pune 10
 Privilege Level
• There are 3 different types of privilege level
entering into the privilege level checks:
– Current Privilege Level (CPL)
– Descriptor Privilege Level (DPL)
– Requestor Privilege Level (RPL)

VIIT,Pune 11
 Protection
• CPL – Current Privilege Level is the
privilege level of the currently
executing program or task.
• DPL - Descriptor privilege level is the
privilege level of a segment. It is stored
in the DPL field of the segment
descriptor
• RPL - Requested privilege level is field
in selectors.

12