Limiting memory access
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
How do we really limit machine memory access if a software code has a instruction that work with straight address bits and order cpu to access access a restricted area?
if we use container or virtual or ..., we should run a code to check every instruction of original code to see if it doesn't access a restricted area?
memory virtual-machine instructions
edited Dec 25 '18 at 6:13
tangrs
7,11712647
asked Nov 17 '18 at 6:43
ja0k0010ja0k0010
26
add a comment |
How do we really limit machine memory access if a software code has a instruction that work with straight address bits and order cpu to access access a restricted area?
if we use container or virtual or ..., we should run a code to check every instruction of original code to see if it doesn't access a restricted area?
memory virtual-machine instructions
edited Dec 25 '18 at 6:13
tangrs
7,11712647
asked Nov 17 '18 at 6:43
ja0k0010ja0k0010
26
add a comment |
How do we really limit machine memory access if a software code has a instruction that work with straight address bits and order cpu to access access a restricted area?
if we use container or virtual or ..., we should run a code to check every instruction of original code to see if it doesn't access a restricted area?
memory virtual-machine instructions
edited Dec 25 '18 at 6:13
tangrs
7,11712647
asked Nov 17 '18 at 6:43
ja0k0010ja0k0010
26
How do we really limit machine memory access if a software code has a instruction that work with straight address bits and order cpu to access access a restricted area?
if we use container or virtual or ..., we should run a code to check every instruction of original code to see if it doesn't access a restricted area?
memory virtual-machine instructions
memory virtual-machine instructions
edited Dec 25 '18 at 6:13
tangrs
7,11712647
asked Nov 17 '18 at 6:43
ja0k0010ja0k0010
26
edited Dec 25 '18 at 6:13
tangrs
7,11712647
asked Nov 17 '18 at 6:43
ja0k0010ja0k0010
26
edited Dec 25 '18 at 6:13
tangrs
7,11712647
edited Dec 25 '18 at 6:13
tangrs
7,11712647
edited Dec 25 '18 at 6:13
tangrs
7,11712647
7,11712647
asked Nov 17 '18 at 6:43
ja0k0010ja0k0010
26
asked Nov 17 '18 at 6:43
ja0k0010ja0k0010
26
asked Nov 17 '18 at 6:43
ja0k0010ja0k0010
26
26
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Privilege management usually requires hardware support in the CPU. In the case of software emulation, the emulator will be required to ensure the proper privilege levels are enforced.
The MMU is a component that (among other things) controls memory accesses. Certain regions of memory can be marked as readable, writable and executable. The MMU will check all memory accesses and cause some sort of fault on an illegal access. This prevents the CPU from reading/writing/executing at arbitrary memory locations.
Many CPUs have privilege separation built into the CPU itself. It will have a concept of privilege levels (e.g. rings in x86, mode bits in ARM) and checks that the instruction being run is allowed within the current privilege level. This prevents code running in an unprivileged mode from executing privileged instructions.
The operating system hosting the containers or virtual machine host software will need to ensure the proper privilege separation is implemented correctly (making use of hardware features as appropriate).
answered Dec 25 '18 at 6:24
tangrstangrs
7,11712647
Wow thanks, i thought about it but i think its very complex in hardware! And very resource intensive in software to run an inst for every instr! Not just vm, any ins in host also!
– ja0k0010
Dec 25 '18 at 6:34
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53348901%2flimiting-memory-access%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Privilege management usually requires hardware support in the CPU. In the case of software emulation, the emulator will be required to ensure the proper privilege levels are enforced.
The MMU is a component that (among other things) controls memory accesses. Certain regions of memory can be marked as readable, writable and executable. The MMU will check all memory accesses and cause some sort of fault on an illegal access. This prevents the CPU from reading/writing/executing at arbitrary memory locations.
Many CPUs have privilege separation built into the CPU itself. It will have a concept of privilege levels (e.g. rings in x86, mode bits in ARM) and checks that the instruction being run is allowed within the current privilege level. This prevents code running in an unprivileged mode from executing privileged instructions.
The operating system hosting the containers or virtual machine host software will need to ensure the proper privilege separation is implemented correctly (making use of hardware features as appropriate).
answered Dec 25 '18 at 6:24
tangrstangrs
7,11712647
Wow thanks, i thought about it but i think its very complex in hardware! And very resource intensive in software to run an inst for every instr! Not just vm, any ins in host also!
– ja0k0010
Dec 25 '18 at 6:34
add a comment |
Privilege management usually requires hardware support in the CPU. In the case of software emulation, the emulator will be required to ensure the proper privilege levels are enforced.
The MMU is a component that (among other things) controls memory accesses. Certain regions of memory can be marked as readable, writable and executable. The MMU will check all memory accesses and cause some sort of fault on an illegal access. This prevents the CPU from reading/writing/executing at arbitrary memory locations.
Many CPUs have privilege separation built into the CPU itself. It will have a concept of privilege levels (e.g. rings in x86, mode bits in ARM) and checks that the instruction being run is allowed within the current privilege level. This prevents code running in an unprivileged mode from executing privileged instructions.
The operating system hosting the containers or virtual machine host software will need to ensure the proper privilege separation is implemented correctly (making use of hardware features as appropriate).
answered Dec 25 '18 at 6:24
tangrstangrs
7,11712647
Wow thanks, i thought about it but i think its very complex in hardware! And very resource intensive in software to run an inst for every instr! Not just vm, any ins in host also!
– ja0k0010
Dec 25 '18 at 6:34
add a comment |
Privilege management usually requires hardware support in the CPU. In the case of software emulation, the emulator will be required to ensure the proper privilege levels are enforced.
The MMU is a component that (among other things) controls memory accesses. Certain regions of memory can be marked as readable, writable and executable. The MMU will check all memory accesses and cause some sort of fault on an illegal access. This prevents the CPU from reading/writing/executing at arbitrary memory locations.
Many CPUs have privilege separation built into the CPU itself. It will have a concept of privilege levels (e.g. rings in x86, mode bits in ARM) and checks that the instruction being run is allowed within the current privilege level. This prevents code running in an unprivileged mode from executing privileged instructions.
The operating system hosting the containers or virtual machine host software will need to ensure the proper privilege separation is implemented correctly (making use of hardware features as appropriate).
answered Dec 25 '18 at 6:24
tangrstangrs
7,11712647
Privilege management usually requires hardware support in the CPU. In the case of software emulation, the emulator will be required to ensure the proper privilege levels are enforced.
The MMU is a component that (among other things) controls memory accesses. Certain regions of memory can be marked as readable, writable and executable. The MMU will check all memory accesses and cause some sort of fault on an illegal access. This prevents the CPU from reading/writing/executing at arbitrary memory locations.
Many CPUs have privilege separation built into the CPU itself. It will have a concept of privilege levels (e.g. rings in x86, mode bits in ARM) and checks that the instruction being run is allowed within the current privilege level. This prevents code running in an unprivileged mode from executing privileged instructions.
The operating system hosting the containers or virtual machine host software will need to ensure the proper privilege separation is implemented correctly (making use of hardware features as appropriate).
answered Dec 25 '18 at 6:24
tangrstangrs
7,11712647
answered Dec 25 '18 at 6:24
tangrstangrs
7,11712647
answered Dec 25 '18 at 6:24
tangrstangrs
7,11712647
answered Dec 25 '18 at 6:24
tangrstangrs
7,11712647
7,11712647
Wow thanks, i thought about it but i think its very complex in hardware! And very resource intensive in software to run an inst for every instr! Not just vm, any ins in host also!
– ja0k0010
Dec 25 '18 at 6:34
add a comment |
Wow thanks, i thought about it but i think its very complex in hardware! And very resource intensive in software to run an inst for every instr! Not just vm, any ins in host also!
– ja0k0010
Dec 25 '18 at 6:34
Wow thanks, i thought about it but i think its very complex in hardware! And very resource intensive in software to run an inst for every instr! Not just vm, any ins in host also!
– ja0k0010
Dec 25 '18 at 6:34
Wow thanks, i thought about it but i think its very complex in hardware! And very resource intensive in software to run an inst for every instr! Not just vm, any ins in host also!
– ja0k0010
Dec 25 '18 at 6:34
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53348901%2flimiting-memory-access%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
