Memory protection

From Wikipedia, the free encyclopedia

(Redirected from Protected memory)
Jump to: navigation, search

Memory protection is a way for controlling memory usage on a computer, and is core to virtually every operating system. The main purpose of memory protection is to prevent a process running on an operating system from accessing memory beyond that allocated to it. This prevents a bug within the process from affecting other processes, and also prevents malicious software from gaining unauthorized access to the system.


Contents

There are different ways to achieve memory protection. These include:

Segmentation refers to dividing a computer's memory into segments.

The x86 architecture has multiple segmentation features, which are useful for those who wish to use protected memory on this architecture. [1] On the x86 architecture, the Global Descriptor Table and Local Descriptor Tables can be used to reference segments in the computer's memory. Pointers to memory segments on x86 processors can also be stored in the processor's segment registers. Initially x86 processors had 4 segment registers, CS, SS, DS and ES; later another two segment registers were added – FS and GS. [2]

In paging, the memory address space is divided into equal, small pieces, called pages. Using a virtual memory mechanism, each page can be made to reside in any location of the physical memory, or be flagged as being protected. Virtual memory makes it possible to have a linear virtual memory address space and to use it to access blocks fragmented over physical memory address space.

Most computer architectures based on pages, most notably x86 architecture, use also pages for memory protection.

A page table is used for mapping virtual memory to physical memory. The page table is usually invisible to the process. Page tables make it easier to allocate new memory, as each new page can be allocated from anywhere in physical memory.

By such design, it is impossible for an application to access a page that has not been explicitly allocated to it, simply because any memory address, even a completely random one, that application may decide to use, either points to an allocated page, or generates an page fault (PF) error. Unallocated pages simply do not have any addresses from the application point of view.

As a side note, a PF may not be a fatal one. A PF is used not only for memory protection, but also in another interesting way: the OS may intercept PF, and may load a page that has been previously swapped out to disk, and return to the application that caused page fault. This way, the application receives the memory page as needed. This scheme, known as swapping, allows in-memory data not currently in use to be moved to disk storage and back, in a way "invisible" for applications, to increase overall memory capacity.

A protection key mechanism divides physical memory up into blocks of a particular size (e.g. 2KB), each of which has an associated numerical value called a protection key. Each process also has a protection key value associated with it. On a memory access the hardware checks that the current process's protection key matches the value associated with the memory block being accessed; if not, an exception occurs. This mechanism was used in the System/360 architecture.

The System/360 protection keys described above are associated with physical addresses. They should not be confused with the protection key mechanism used by processors such as the Intel Itanium and the HP Precision Architecture (HP/PA, also known as PA-RISC), which are associated with virtual addresses, and which allow multiple keys per process.

In the Itanium and PA computer architectures, translations (TLB entries) have "keys" (Itanium) or "access ids" (PA) associated with them. A running process has several protection key registers - 16 for Itanium,[1] 4 for HP PA.[2] A translation selected by the virtual address has its key compared to each of the protection key registers. If any of them match (plus other possible checks), the access is permitted. If none match, a fault or exception is generated. The software fault handler can, if desired, check the missing key against a larger list of keys maintained by software; thus, the protection key registers inside the processor may be treated as a software managed cache of a larger list of keys associated with a process.

PA has 15-18 bits of key; Itanium mandates at least 18. Keys are usually associated with "protection domains", such as libraries, modules, etc.

Simulation is use of a monitoring program to interpret the machine code instructions of some computer. Such a simulator can provide memory protection by using a segmentation-like scheme and validating the target address and length of each instruction in real time before actually executing them. The simulator must calculate the target address and length and compare this against a list of valid address ranges that it holds concerning the thread's environment, such as any dynamic memory blocks acquired since the thread's inception plus any valid shared static memory slots. The meaning of "valid" may change throughout the thread's life depending upon context: it may sometimes be allowed to alter a static block of storage, and sometimes not, depending upon the current mode of execution which may or may not depend on a storage key or supervisor state.[citation needed]

It is generally not advisable to use this method of memory protection where adequate facilities exist on a CPU, as this takes valuable processing power from the computer and could be compared to "reinventing the wheel".[citation needed]

A useful estimation of the protection level of a particular implementation, is to measure how closely it adheres to the principle of minimum privilege.[3]

There are very few operating systems that do not use some form of memory protection. CP/M and all variants of MS-DOS lacked it. Even then, early versions of Microsoft Windows implemented memory protection on top of DOS.

Some operating systems that do implement memory protection include


  1. ^ Keys in Itanium
  2. ^ Memory protection in HP PA-RISC
  3. ^ Cook, D.J. Measuring memory protection, accepted for 3rd International Conference on Software Engineering, Atlanta, Georgia, May 1978.

Retrieved from "http://en.wikipedia.org/wiki/Memory_protection"
Advanced Search
Included Web Search Engines


Safe Search

close

Top Matching Results

Occasionally Search.com will highlight specialized results that are based on the context of your query. Examples of specialized results include specific links to news, images, or video.

Top Matching Results may highlight information from other Search.com pages, content from the CNET Network of sites, or third party content. The listings are based purely on relevance. Search.com does not receive payment for listings in this section but our partners that provide this data may get paid for listing these products.

Sponsored Links

This section contains paid listings which have been purchased by companies that want to have their sites appear for specific search terms and related content. These listings are administered, sorted and maintained by a third party and are not endorsed by Search.com.

Search Results

Search.com sends your search query to several search engines at one time and integrates the results into one list which has been sorted by relevance using Search.com's proprietary algorithm. You can customize the list of search engines included in your metasearch from the preferences.

The search engines that are used in your metasearch may allow companies to pay to have their Web sites included within the results. To view the Paid Inclusion policy for a specific search engine, please visit their Web site. Search.com does not accept payment or share revenue with any search engine partner for listings in this section.