How does the distinction between kernel mode and user mode function as a rudimentary form of protection (security) system?
Answers
I hope this will help you
Answer:
Explanation
It does much more than “rudimentary form of protection”.
At its fundamental, it defines the memory separation between two areas - a kernel mode memory mapping, and a user mode memory mapping.
Now the reason it supports more than “rudimentary” is that there can be MANY different user mode memory maps…
It is even possible to define two maps that partially overlap..
And that also means that the kernel mapping can partially overlap a user mode map.
This allows the kernel to share SOME of its privileges to a more limited level user mode. This ALSO allows the kernel to examine/copy data from the user memory map, or just change its mapping to contain the user pages, and give the user memory map different pages (this can be faster than copying).
Thus having a dual mapping becomes more powerful, as it allows a hierarchy of mapping and granting different privileges to different mappings. Specifically, this CAN allow user mode drivers to access some device registers… It can also allow the emulation of as many security levels as the operating system requires.
Care must be taken, because some device registers might be able to bypass the memory mapping - so this level isn’t done that often.
The way these memory maps are manages is by designating a group of data (a context, which has CPU registers and status, extended security flags in addition to the memory map) and call it a process.
In the simple case, it is possible for the kernel to then switch between processes (the switch saves the kernel context, and loads the context with the context associated with the specified process), and the process is “running” until something interrupts it.
When the process is interrupted (either by a device, a clock, or a system call), the kernel saves the updated context (usually the registers) and loads the kernel context. If the interrupt is a system call, then the kernel can evaluate the parameters for the system call (verify that the address references are within the processes memory map, and whatever other data is passed, then invoke the kernel functions to carry out the request. Updates to the process context can be done by those functions carrying out the desired activity (and that may involve modifying the memory map, or updating the saved register values), and return to switch to a process (this allows the kernel scheduler to pick an alternate process or resume the “current” process).
This action is “time sharing the CPU among multiple applications”, and gives each application the appearance of being the only thing the system is doing.
As part of the “dual mode” operation the process context can have security flags that allows the kernel to grant extra capability to a process, or denying capabilities (such as granting/denying file access).
So the “kernel mode/user mode” separation is extremely flexible.