This is the talk page for discussing improvements to the Protection ring article. This is not a forum for general discussion of the article's subject. |
Article policies
|
Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
![]() | This article is rated B-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||
|
Is this a reference to NIST Special Publications (SPs)? — Preceding unsigned comment added by 96.252.66.105 (talk) 15:56, 18 June 2012 (UTC)
this term is mentioned quite a few times on this page and on the page for microkernels. I have no idea what it means, and it's definition is not clear. The only thing clear is that it is the alternative to privileged/kernel model. —Preceding unsigned comment added by 209.77.137.57 (talk) 00:28, 14 August 2008 (UTC)
This article would benefit from a clearer explanation about what a protection ring is and does. It assumes the reader knows what "one of two or more hierarchical levels or layers of privilege" means and why "rings were among the more revolutionary and visible concepts ..." The whole lead seems to step around defining what a ring is in simple terms, why it is significant, and how it is used. A very concise paragraph addressing some of the basics would be a great improvement to the lead section. JonHarder 13:57, 25 July 2006 (UTC)
Maybe a more appropriate name for this subject would be "hierarchical states of privilege". I think that's the way it's called by academics. I think there also should be a comparison between this approach and Capability-based security with MMU support; as I leaned in my computer architecture and parallel computing classes, the first approach (the one described in this article) is an obsolete technology and provides both poor protection and poor performance, compared to the second approach. Unfortunly my reference text book is in italian, but I'm looking for some english ones.--BMF81 18:19, 27 August 2006 (UTC)
I haven't found any articles here that even mention Ring -1 (hardware-mode virtualization). Perhaps this should be the place? --Frankie
There's not even a rundown of the ring levels and what they mean. This article would benefit from a table list rings and their properties, etc.
Why is elegance linked in the "Interoperation between CPU and OS levels of abstraction" section? —Preceding unsigned comment added by 207.96.162.77 (talk) 18:36, 17 December 2007 (UTC)
What is a kernel mode driver ?. --Mac (talk) 10:35, 25 April 2008 (UTC)
I'd like to request more in-depth discussion on hypervisors like those running IBM mainframes, perhaps historical perspective with the (again) IBM romp vm layer that ran AIX as a guest, or any of the alternative and/or comparable approaches (sun? hp?) that predate amd's and intel's johnny-come-lately implementation of this idea. 84.82.170.167 (talk) 23:18, 9 February 2009 (UTC)
For quite some time now x86 processors have implemented a System Management Interrupt. This is a non-maskable interrupt similar to the NMI that causes a transition back to the BIOS (actually whatever lives at 0xA0000 behind the legacy video ram). The OS has no control over this interrupt and is not notified that the interrupt occurred in any way. It is intended to be used by motherboard manufacturers to transparently deal with special features of their boards. See [1] for more info about why this is important. DaBraunBird (talk) 16:59, 8 December 2009 (UTC)
In presentation http://invisiblethingslab.com/resources/bh09usa/Ring%20-3%20Rootkits.pdf "Introducing Ring -3 Rootkits" the "Ring -3" is defined as Intel AMT. `a5b (talk) 14:46, 10 January 2012 (UTC)
"Today, this high degree of interoperation between the OS and the hardware is not often cost-effective, despite the potential advantages for security and stability." Today, a very high degree of interoperation between the OS and the hardware exists, to provide performance video and secondary storage performance, as well as virtualization performance.
"Intel announced that the Clover Trail series of processors will be "Windows only", lacking the disclosed information necessary to support Linux. But Clover Trail is already a dead end for other technical and business reasons."
[ http://perens.com/blog/2012/09/15/1/]
The statement that micro-kernels are "sacrificing performance" is too strong, and contradicted by the performance of modern micro-kernels, such as L4. — Preceding unsigned comment added by 121.127.198.152 (talk) 00:36, 8 August 2014 (UTC)
I'm not sure what microkernel means in a world without ring 1 & ring 2. L4 may well be faster but it is not *because* it is a "microkernel". — Preceding unsigned comment added by MagmaiKH (talk • contribs) 11:49, 29 September 2016 (UTC)
overlapping scope - x86 can/should be a section in main article given current article Widefox; talk 18:33, 13 June 2017 (UTC)
Is there also a more generic article about protection rings that also incorporates the physical domain, such as in medieval castles with rings of walls? I could not find it. If there is, this article should link to that concept. If there isn't, it should probably be created and elements of this article should be moved there. That generic article could also relate to defence in depth. — Preceding unsigned comment added by Jrest (talk • contribs) 13:39, 16 February 2018 (UTC)
Why is #Supervisor mode not under #Privilege level?
The entire #Privilege level section is Intel-centric. It does not discuss privilege levels on, e.g., Burroughs B5000, GE 635, IBM System/360, UNIVAC 1108. Note that there is no standrd nomenclature, e.g., GE and SDS/XDS use master while Burroughs uses control and IBM uses supervisor, GE and SDS use slave while Burroughs uses normal, IBM uses problem and UNIVAC uses guard. -- Shmuel (Seymour J.) Metz Username:Chatul (talk) 12:40, 7 May 2023 (UTC)
Given that Intel recently announced potential removal of ring 2 and 3, and this quote in the article:
The attractiveness of fine-grained protection remained, even after it was seen that rings of protection did not provide the answer...
What are the replacements modern systems will have? … All I can think of is RBAC-like systems, like RSBAC (French afaik) and SELinux (NSA, USA), etc. But that doesn’t have hardware support. But maybe it isn’t necessary…
It would be good if the replacements, whatever they are, would be shortly mentioned in the article, and linked to a (new?) article about them.
— 89.1.58.198 (talk) 09:28, 23 May 2023 (UTC)
@Guy Harris: Perhaps it's time to split Call gate (Intel) into a generic article and an Intel-specific article, and possibly add an article specific to Multics? Are there any wikipedians with a Multics background? -- Shmuel (Seymour J.) Metz Username:Chatul (talk) 16:08, 30 November 2023 (UTC)