Talk:Protection ring

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

define SPS[edit]

Is this a reference to NIST Special Publications (SPs)? — Preceding unsigned comment added by 96.252.66.105 (talk) 15:56, 18 June 2012 (UTC)[reply]

"SPS" is not in the article any more, so there's no need to define it now. Guy Harris (talk) 21:55, 13 November 2015 (UTC)[reply]

define user mode[edit]

this term is mentioned quite a few times on this page and on the page for microkernels. I have no idea what it means, and it's definition is not clear. The only thing clear is that it is the alternative to privileged/kernel model. —Preceding unsigned comment added by 209.77.137.57 (talk) 00:28, 14 August 2008 (UTC)[reply]

Confusing or unclear[edit]

This article would benefit from a clearer explanation about what a protection ring is and does. It assumes the reader knows what "one of two or more hierarchical levels or layers of privilege" means and why "rings were among the more revolutionary and visible concepts ..." The whole lead seems to step around defining what a ring is in simple terms, why it is significant, and how it is used. A very concise paragraph addressing some of the basics would be a great improvement to the lead section. JonHarder 13:57, 25 July 2006 (UTC)[reply]

  • After contributions by 68.144.178.242 and myself I hope this article has become more lucid. --OzJuggler 04:15, 5 August 2006 (UTC)[reply]

Maybe a more appropriate name for this subject would be "hierarchical states of privilege". I think that's the way it's called by academics. I think there also should be a comparison between this approach and Capability-based security with MMU support; as I leaned in my computer architecture and parallel computing classes, the first approach (the one described in this article) is an obsolete technology and provides both poor protection and poor performance, compared to the second approach. Unfortunly my reference text book is in italian, but I'm looking for some english ones.--BMF81 18:19, 27 August 2006 (UTC)[reply]

Ring -1?[edit]

I haven't found any articles here that even mention Ring -1 (hardware-mode virtualization). Perhaps this should be the place? --Frankie

There's not even a rundown of the ring levels and what they mean. This article would benefit from a table list rings and their properties, etc.

There isn't even any explanation of the general purpose of the 80386 ring 1 or ring 2 that I can find anywhere. This article definitely should include something like that to illustrate what protection rings are good for. Daivox (talk) 16:29, 24 August 2008 (UTC)[reply]
Ring 2 was/is used in OS/2 for specially privileged DLLs. Also VMS uses all 4 rings. Rings can be used to fine tune the os privileges - see VAX#Privilege_Modes. Note that in VMS the file system run in it's own ring - Filesystem in Userspace is not a very new idea.
And I where to create an Os I would use the 4 available ring as follows:
Ring 0
Hypervisor
Ring 1
(Micro)-Kernel
Ring 2
(Privileged) Device Driver
Ring 3
User Applications
But this is only one possible layout - as mentioned: VMS run the shell and the file systems in own rings. --Krischik T 14:24, 21 October 2008 (UTC)[reply]
Don’t forget that on e.g. Intel CPUs with IME, there’s even ring −2 and ring −3! Which can run (an installation of Minix) even when the CPU is completely “OFF”! Including wifi communication, from wake-on-wlan to straight-up being hacked. — 89.1.58.198 (talk) 09:22, 23 May 2023 (UTC)[reply]

Why[edit]

Why is elegance linked in the "Interoperation between CPU and OS levels of abstraction" section? —Preceding unsigned comment added by 207.96.162.77 (talk) 18:36, 17 December 2007 (UTC)[reply]

Because it has a different definition for different people. And in this context, it should be made clear which one is meant. … Of course linking to a generic page and expecting the reader to find which one was means, isn’t exactly solving that. ;) — 89.1.58.198 (talk) 09:23, 23 May 2023 (UTC)[reply]

Kernel mode driver[edit]

What is a kernel mode driver ?. --Mac (talk) 10:35, 25 April 2008 (UTC)[reply]

more hypervisor background please, especially of the non-x86 type[edit]

Hypervisor[edit]

I'd like to request more in-depth discussion on hypervisors like those running IBM mainframes, perhaps historical perspective with the (again) IBM romp vm layer that ran AIX as a guest, or any of the alternative and/or comparable approaches (sun? hp?) that predate amd's and intel's johnny-come-lately implementation of this idea. 84.82.170.167 (talk) 23:18, 9 February 2009 (UTC)[reply]

System Management Interrupt - Ring -1[edit]

For quite some time now x86 processors have implemented a System Management Interrupt. This is a non-maskable interrupt similar to the NMI that causes a transition back to the BIOS (actually whatever lives at 0xA0000 behind the legacy video ram). The OS has no control over this interrupt and is not notified that the interrupt occurred in any way. It is intended to be used by motherboard manufacturers to transparently deal with special features of their boards. See [1] for more info about why this is important. DaBraunBird (talk) 16:59, 8 December 2009 (UTC)[reply]

SMM mode sometimes reffered as "Ring -2" `a5b (talk) 14:46, 10 January 2012 (UTC)[reply]

ITL knows about "Ring -3"[edit]

In presentation http://invisiblethingslab.com/resources/bh09usa/Ring%20-3%20Rootkits.pdf "Introducing Ring -3 Rootkits" the "Ring -3" is defined as Intel AMT. `a5b (talk) 14:46, 10 January 2012 (UTC)[reply]

This is merely a single reference to an invented marketing term: A rootkit runs at Ring-0, A rootkit that runs as a hypervisor runs at Ring-1, A rootkit that runs as a hyper-hypervisor, still runs at Ring-1/Hypervisor.

I disagree[edit]

"Today, this high degree of interoperation between the OS and the hardware is not often cost-effective, despite the potential advantages for security and stability." Today, a very high degree of interoperation between the OS and the hardware exists, to provide performance video and secondary storage performance, as well as virtualization performance.

"Intel announced that the Clover Trail series of processors will be "Windows only", lacking the disclosed information necessary to support Linux. But Clover Trail is already a dead end for other technical and business reasons."

[ http://perens.com/blog/2012/09/15/1/]

Microkernel performance[edit]

The statement that micro-kernels are "sacrificing performance" is too strong, and contradicted by the performance of modern micro-kernels, such as L4. — Preceding unsigned comment added by 121.127.198.152 (talk) 00:36, 8 August 2014 (UTC)[reply]

I'm not sure what microkernel means in a world without ring 1 & ring 2. L4 may well be faster but it is not *because* it is a "microkernel". — Preceding unsigned comment added by MagmaiKH (talkcontribs) 11:49, 29 September 2016 (UTC)[reply]

Proposed merge with Privilege level[edit]

overlapping scope - x86 can/should be a section in main article given current article Widefox; talk 18:33, 13 June 2017 (UTC)[reply]

More generic article about protection rings (not limited to computing)[edit]

Is there also a more generic article about protection rings that also incorporates the physical domain, such as in medieval castles with rings of walls? I could not find it. If there is, this article should link to that concept. If there isn't, it should probably be created and elements of this article should be moved there. That generic article could also relate to defence in depth. — Preceding unsigned comment added by Jrest (talkcontribs) 13:39, 16 February 2018 (UTC)[reply]

I know of no generic article covering topics that involve some form of protection and that use the word "ring".
There's ringwork, circular rampart, and ringfort, for the military defense concept.
However, I haven't seen any indication that the notion of multiple protection rings in computing is at all inspired by the notion of multiple physical rings of defense in that sense. The closest physical analogy I can think of to the computing notion of rings of protection is the notion that you might have some people you trust to a large degree, and with whom you share a lot of information, and other people whom you trust to a lesser degree, and with whom you share less information, and perhaps others whom you trust even less and with whom you share even less information. That doesn't seem very much like multiple ring walls in a defensive structure.
This also doesn't seem particularly related to defence in depth. The computing version of that would be defense in depth (computing). Guy Harris (talk) 20:51, 16 February 2018 (UTC)[reply]
This has analogies in crumple zones in vehicles, and NASA’s strategy of designing things so that “everything can fail” (down to calculating the angle of entry by looking out the window and doing the math in your head, as was famously used in Apollo 13). But all of those concepts, including defense in depth, are closer related, than they are to protection rings, which are not meant to act as backup for each other, but as separation of privileges on a need-to-know basis hierarchy. Which again has obvious analogies in the military, but quite different ones than defense in depth. — 89.1.58.198 (talk) 09:36, 23 May 2023 (UTC)[reply]

Organization and WP:NPOV[edit]

Why is #Supervisor mode not under #Privilege level?

The entire #Privilege level section is Intel-centric. It does not discuss privilege levels on, e.g., Burroughs B5000, GE 635, IBM System/360, UNIVAC 1108. Note that there is no standrd nomenclature, e.g., GE and SDS/XDS use master while Burroughs uses control and IBM uses supervisor, GE and SDS use slave while Burroughs uses normal, IBM uses problem and UNIVAC uses guard. -- Shmuel (Seymour J.) Metz Username:Chatul (talk) 12:40, 7 May 2023 (UTC)[reply]

Don't forget Multics. Peter Flass (talk) 15:02, 7 May 2023 (UTC)[reply]
Yeah, there's the general concept of two or more nested privilege levels, and then there are all the different implementations in various instruction sets (and the different terminology used for them), with different numbers of levels and different permissions that can be granted or not based on the current privilege level. (And then there's the question of whether more than two of those levels are used by the OS; neither most UN*Xes nor Windows make significant use of more than two levels, as they have to run on ISAs with only two levels.)
And then the article says "Ring protection can be combined with processor modes", but on VAX and x86, for example, the most privileged processor mode is also the innermost ring. (On the Multics machines, the modes were, at least in theory, orthogonal; as I remember, only a tiny bit of code ran in master mode, with a few small routines callable only from ring 0.) Perhaps CPU modes (to which processor modes redirects) should be merged here.
The text could use some reorganization (which woud include some de-x86ification). Guy Harris (talk) 18:42, 16 May 2023 (UTC)[reply]
Also, the term mode is ambiguous. It may refer to a privilege level, but it may also refer to, e.g., an addressing mode, as in the AR mode of IBM Enterprise Systems Architecture. -- Shmuel (Seymour J.) Metz Username:Chatul (talk) 02:09, 17 May 2023 (UTC)[reply]

Post-”rings of protection” solutions?[edit]

Given that Intel recently announced potential removal of ring 2 and 3, and this quote in the article:

The attractiveness of fine-grained protection remained, even after it was seen that rings of protection did not provide the answer...

What are the replacements modern systems will have? … All I can think of is RBAC-like systems, like RSBAC (French afaik) and SELinux (NSA, USA), etc. But that doesn’t have hardware support. But maybe it isn’t necessary…

It would be good if the replacements, whatever they are, would be shortly mentioned in the article, and linked to a (new?) article about them.

89.1.58.198 (talk) 09:28, 23 May 2023 (UTC)[reply]

Well, there are capability-based systems, but I don't know of anybody selling them these days. -- Shmuel (Seymour J.) Metz Username:Chatul (talk) 16:15, 1 December 2023 (UTC)[reply]
I don't know of any products from it yet, but the CHERI project from SRI International and the University of Cambridge has added capability support to MIPS, Arm, RISC-V and, err, umm, an instruction set that's not generally considered "R", namely x86. Arm has shipped a prototype CHERI-equipped SoC and demonstrator board. (I think somebody from Cambridge gave a talk, atn one point, using a notebook computer with a CHERI-equipped MIPS processor running a CHERI-supporting FreeBSD as the presentation machine.) Guy Harris (talk) 20:01, 1 December 2023 (UTC)[reply]

Link to Call gates[edit]

@Guy Harris: Perhaps it's time to split Call gate (Intel) into a generic article and an Intel-specific article, and possibly add an article specific to Multics? Are there any wikipedians with a Multics background? -- Shmuel (Seymour J.) Metz Username:Chatul (talk) 16:08, 30 November 2023 (UTC)[reply]

I’m a dabbler, but not more than that. Peter Flass (talk) 18:53, 30 November 2023 (UTC)[reply]