Privileged operation rings
Subversive Technologies & Countermeasures
| |||||||||||
The x86 microprocessors contains four hierarchical levels of privileged operation better known as rings. These rings are able to provide a hardware enforced method of segregation for software and memory access.
Contents |
[edit] Hardware enforced access
The term x86 is used to refer to the Intel family and compatible microprocessors derived from the 8086 architecture. The CPU is designed to maintain as well as enforce software and memory access between rings. If software in a ring attempts to access data in a lower numbered ring the CPU will throw an interrupt to report the action. How the operating system responds to this interrupt depends on the OS and its configuration.
[edit] Privilege rings of the x86 CPU
Software running in ring 0 typically has full authority to modify, access, or change software or memory in ring 0 or any higher numbered ring. Kernel and other mission critical software will run in ring 0 with other user land and support software usually running in ring 3. This segregation of software allows a protective barrier between software that is considered mission critical to system stability and other noncritical support software. The net effect being that user land software could become corrupted and still be contained without contaminating kernel memory therefore preserving system stability and continued operation. The above is obviously an over simplification to give general concepts of privileged access.
- Ring 0 - Kernel, device drivers
- Ring 1 -
- Ring 2 -
- Ring 3 - User mode applications
Ring 3 being the least privileged and the most restrictive with ring 0 able to preform any operation on the CPU.
[edit] Security access
An Operating systems kernel uses these rings to enforce software and memory access on the system. The implication here being if software can run from ring 0 it will have the ability to access, modify, or circumvent any other software on the system at kernel level.
