1. Field of the Invention
The present invention relates to the field of electronic data/information processing. More specifically, the present invention relates to methods and apparatuses for protectively operating data/information processing devices.
2. Background Information
The term “data/information processing devices” as used herein is intended to include all microprocessor based devices and/or systems, operated under the control of an operating system. Examples of these devices/systems include but are not limited to general as well as special purpose computing devices/systems, regardless of form factors, palm sized, laptops, desktops, rack mounted, and the like. Examples of special purpose computing devices include but are not limited to set-top boxes, wireless communication devices, and the like. The term “operating system” as used herein is intended to include all software provided to manage and facilitate application usage of hardware resources, however minimal the control and resource scope may be. Typical resource management functions of an “operating system” include task scheduling, memory management and the like. The term “task” as used herein is intended to include its common meaning of an executing instance of a program (a collection of programming instructions).
Ever since the early days of computing, computer systems have provided privilege protection to protect the system from being brought down by failures of non-essential programs, such as application programs. The IBM 360 systems provided a supervisor mode and a user mode to segregate privileged system programs and unprivileged user programs. The Multics (Multiplexed Information and Computing Service) developed by Massachusetts Institute of Technology, in cooperation with others, employed a 64 ring approach, combining access node and a triple of ring numbers (r1, r2, r3). In U.S. Pat. No. 4,177,510, issued to Appell et al., a hardware facilitated 4 ring approach is disclosed. Today, the Intel Architecture processors are known to provide a 4 ring hardware facilitated protection through the employment of memory segment descriptors and current task privilege level (CPL). However, partly because most of the other microprocessors remain having a two mode protection approach, the Windows® operating system, used in most Intel Architecture compatible processors, merely employ two of the four ring protection provided by the hardware. The kernel, virtual memory manager and various virtual device drivers (V×D) are executed in ring 0 (the most privileged level), while all other programs, including system services and so forth are executed out of ring 3 (the least privileged level). Rings 1 and 2 are not used.
The two levels of protection were reasonably adequate in the days when few programs are executed on most computer systems. Moreover, most of the computer systems operate by themselves, with few interactions from the outside world.
Advances in microprocessor, telecommunication and networking technology have dramatically expanded the applications of computing devices, and changed their operating environment. Today, most data/information processing systems are connected to private and/or public networks, such as the Internet, executing programs that are dynamically downloaded from a number of sources. Some sources are trustworthy, and their programs tend to be well behaved, but others are not.
Accordingly, a need exists to improve the protection of data/information processing systems, especially those operating with a two privilege level protection scheme.
However, this need cannot be easily met, even in the case of systems using Intel Architecture processors and Windows operating system, where there are two unused privileged levels, as the system services and other trustworthy applications are confined to run at the least privileged level (ring 3). It would undermine the stability of the systems, as opposed to increasing its protection, if untrustworthy applications are confined to execute out of the more privileged ring 1 or ring 2. Relocating the operating system services and other trustworthy programs off the least privileged level (Ring 3) without hardware assistance would require major redesign of the operating system, and raises serious backward compatibility issues. Extending the hardware to have the processor support more privilege levels beyond 4 rings would require major redesign of the processor, as greater than 4 rings would require at least one extra bit be added to the current 2-bit representation. This would cause major redesign to the entire privilege level mechanism, including control register layouts, width of internal data lines, size of comparison circuitry and the like.
Thus, it is further desirable if the need can be met without requiring major processor and/or operating system re-design.