Memory Protection in Operating Systems

In this article, we will be discussing memory protection in operating systems. As we know that different operating systems use different forms of memory protection or separation which consists of Plan9 and Inferno, Microsoft Windows, etc. 

In Memory protection, we have to protect the operating system from user processes and which can be done by using a relocation register with a limit register. Here, the relocation register has the value of the smallest physical address whereas the limit register has the range of the logical addresses. These two registers have some conditions like each logical address must be less than the limit register. The memory management unit is used to translate the logical address with the value in the relocation register dynamically after which the translated (or mapped) address is then sent to memory.

Support for relocation and limit registers in process

In the above diagram, when the scheduler selects a process for the execution process, the dispatcher, on the other hand, is responsible for loading the relocation and limit registers with the correct values as part of the context switch as every address generated by the CPU is checked against these 2 registers, and we may protect the operating system, programs, and the data of the users from being altered by this running process.

Need of Memory protection:

Memory protection prevents a process from accessing unallocated memory in OS as it stops the software from seizing control of an excessive amount of memory and may cause damage that will impact other software which is currently being used or may create a loss of saved data. These resources of memory protection also help in detecting malicious or harmful applications, that may after damaged the processes of the operating system.

Methods of memory protection:

There are various methods for protecting a process from accessing memory that has not been allocated and some of the commonly used methods are given below:

Memory Protection using Keys: The concept of using memory protection with keys can be found in most modern computers with the purpose of paged memory organization and for the dynamic distribution between the parallel running programs. The keys are based on the use of special codes as we can verify the compliance between using arrays of memory cells and the number of running programs. This key method gives the users a process to impose page-based protections without any modification in the page tables.

Memory Protection using Rings: In CS, the domains related to ordered protection are called Protection Rings. This method helps in improving fault tolerance and provides security. These rings are arranged in a hierarchy from most privileged to least privileged. In the single-level sharing OS, each and every segment has a protection ring for the process of reading, writing, and executing operations of the process. If there is a use of a higher ring number by the process then the ring number for the segment creates a fault. But we do have some methods for calling the procedures safely that can run in a lower ring number and then return to the number of the higher ring.

Capability-based addressing: It is a method of protecting the memory that cannot be seen in modern commercial computers. Here, the pointers (objects consisting of a memory address) are restored by the capabilities objects that can only be created with the protected instructions and may only execute by a kernel, or by another process that is authorized to execute and therefore it gives an advantage of controlling the unauthorized processes in creating additional separate address spaces in memory.

Memory Protection using masks: The masks are used in the protection of memory during the organization of paging. In this method, before the implementation, the page numbers are indicated to each program and are reserved for the placement of its directives. Here the allocated pages for the program are now given the control of the operating system in the form of mask code (an n-bit binary code) which is formed for every working program that is determined by the bit number of OD pages.

Memory Protection using Segmentation: It is a method of dividing the system memory into different segments. The data structures of x86 architecture of OS like local descriptor table and global descriptor table are used in the protection of memory.

Memory Protection using Simulated segmentation: With this technique, we can monitor the program for interpreting the machine code instructions of system architectures. Through this, the simulator can help in protecting the memory by using a segmentation using the scheme and validating the target address of every instruction in real-time.

Memory Protection using Dynamic tainting: Dynamic tainting is a technique that consists of marking and tracking certain data in a program at runtime as it protects the process from illegal memory accesses. In tainting technique, we taint a program to mark two kinds of data i.e., memory in the data space and the pointers.