(4)
Memory object
The sequence of memory area
which becomes target of kernel memory protection is called memory object.
Memory object is one type of kernel object and identified using the starting
address. Moreover, memory object is sometimes specified using the arbitrary
address inside the memory area.
The start address and size of
the memory object are restricted to have the boundary and unit that can be used
by memory protection through hardware. Moreover, the memory objects do not
overlap each other.
In this specification, except
the operation of memory block acquisition/release, there is no dynamic
unit/split of memory object.
(5) Kernel Domain, System Domain, User Domain
The protection domain which
has the access rights equal to kernel, in other words, which can perform all
kind of operations/access over all kernel objects is called kernel domain. The
processing units belonging to kernel domain executes in privileged mode
of processor. In a system, only one kernel domain exists.
The protection domain, which
has operation/access restrictions over kernel objects, but the processing units
belonging to that executes in privileged mode, is called system domain. Using
the processing units executed in privileged mode, the access rights of memory
area can be changed without any restrictions. Therefore, malicious programs
cannot use system domain for protection. Inside a system, there can be multiple
system domains.
The protection domain in
which processing units execute in unprivileged mode and there are restrictions
in operating/accessing kernel objects is called user domain. Inside a system,
there can be multiple user domains.
(6) Independent Objects
Kernel objects excluding the
processing units, can be made not to belong to any protection domain. These
kernel objects are called independent objects and can be operated/accessed from
all protection domains by default. Similar to kernel objects belonging to
protection domain, it is possible to setup a set of protection domains which
can operate/access each kernel object.
2.2 Protection Domain Management and setting of belonging Protection Domain
2.2.1 Protection Domain ID number
Protection Domain is a kernel
object identified by ID number. The ID number of protection domain will be
called as Protection Domain ID.
System Domain and user domain
will have positive ID number. (the rule that distinguishes the system objects
by defining the negative ID number in uITRON4.0 specification is not adopted
here) Kernel Domain will have special ID number (-1).
No comments:
Post a Comment