CPU protection rings are structural layers that limit the interaction between installed applications on a computer and core processes. They typically range from the outermost layer, which is Ring 3, to the innermost layer, which is Ring 0, also known as the kernel.
Ring 0 is the core of all system processes. Anyone who can control the kernel can control basically all aspects of a computer. To prevent misuse of this core, computer system architects restrict interaction to this zone. As a result, most of the processes that a computer user can access are restricted to Ring 3. How do privilege rings work?
How the Privilege Rings interact
Ring 0 processes work in supervisor mode and therefore do not require any user input. A malfunction can lead to serious system errors and unsolvable security problems. For this reason, they are deliberately designed in such a way that they are not accessible to computer users.
Let's take Windows as an example: Access to Ring 0 by Ring 3 processes is limited to a few data statements. To access the kernel, applications in ring 3 must establish a connection that is managed by virtualized storage. Even then, only very few applications are allowed to do this.
This includes browsers that need network access and cameras that need to establish a network connection. In addition, these data calls are isolated to prevent them from directly interfering with critical system processes.
Some earlier versions of Windows (such as Windows 95/98) had less shielding between the permission rings. This is one of the main reasons why they were so unstable and prone to errors. In modern systems, the security of the kernel memory is reinforced by special hardware chips.
Current Windows kernel memory protection against intruders
Starting with Windows 10, version 1803, Microsoft has introduced impressive protective measures for the kernel memory.
Among the most notable was Kernel DMA Protection; The holistic function was developed to protect PCs from direct memory access (DMA) attacks, especially those implemented via PCI hotplugs. The protective cover was expanded in Build 1903 to cover internal PCIe ports such as M.2 slots.
One of the main reasons Microsoft offers these sectors additional protection is because PCI devices are DMA-enabled by default. This ability enables them to read and write to system memory without the need for system processor privileges. This property is one of the main reasons PCI devices perform well.
The nuances of DMA protection processes
Windows uses input / output memory management unit (IOMMU) protocols to prevent unauthorized peripheral devices from performing DMA operations. However, there are exceptions to the rule if your drivers support memory isolation, which is done with DMA remapping.
However, additional permissions are still required. Typically, the operating system administrator is asked to provide DMA authorization. To further modify and automate related processes, the DmaGuard MDM policies can be modified by IT professionals to determine how incompatible DMA remapping drivers are handled.
To verify that your system has kernel DMA protection, use the Security Center and view the settings in Core Isolation Details under Memory Access Protection. It is important to note that only operating systems released later than Windows 10 version 1803 have this feature.
Why CPUs rarely rely on ring 1 and 2 privileges
Rings 1 and 2 are mainly used by drivers and guest operating systems. Most of the code in these authorization levels has also been partially repurposed. As a result, most modern Windows programs work as if the system had only two levels – the kernel and the user level.
However, virtualization applications such as VirtualBox and Virtual Machine use Ring 1 for operation.
One last word on privileges
The multiple privilege ring design was based on the x86 system architecture. However, it is inconvenient to use all Ring privilege levels all the time. This would lead to increased latency and compatibility problems.
How to Free Up RAM and Reduce RAM Usage on Windows
Learn how to reduce the RAM usage on your Windows computer by using different methods to increase the performance of your PC.
About the author
(20 articles published)
Samuel Gush is a tech writer at MakeUseOf. If you have any questions, you can contact him by email at email@example.com.
By Samuel Gush
Subscribe to our newsletter
Subscribe to our newsletter for tech tips, reviews, free e-books, and exclusive offers!
Click here to subscribe