Memory Protection in Operating System

In this article, we will be discussing memory protection in operating systems. As

we know that different operating systems use different forms of memory
protection or separation which consists of Plan9 and Inferno, Microsoft
Windows, etc. 
In Memory protection, we have to protect the operating system from user
processes and which can be done by using a relocation register with a limit
register. Here, the relocation register has the value of the smallest physical
address whereas the limit register has the range of the logical addresses. These
two registers have some conditions like each logical address must be less than the
limit register. The memory management unit is used to translate the logical
address with the value in the relocation register dynamically after which the
translated (or mapped) address is then sent to memory.

In the above diagram, when the scheduler selects a process for the execution
process, the dispatcher, on the other hand, is responsible for loading the
relocation and limit registers with the correct values as part of the context switch
as every address generated by the CPU is checked against these 2 registers, and
we may protect the operating system, programs, and the data of the users from
being altered by this running process.
Need of Memory protection:
Memory protection prevents a process from accessing unallocated memory in OS
as it stops the software from seizing control of an excessive amount of memory
and may cause damage that will impact other software which is currently being
used or may create a loss of saved data. These resources of memory protection
also help in detecting malicious or harmful applications, that may after damaged
the processes of the operating system.

Methods of memory protection:

There are various methods for protecting a process from accessing memory that
has not been allocated and some of the commonly used methods are given below:
Memory Protection using Keys: The concept of using memory protection with
keys can be found in most modern computers with the purpose of paged memory
organization and for the dynamic distribution between the parallel running
programs. The keys are based on the use of special codes as we can verify the
compliance between using arrays of memory cells and the number of running
programs. This key method gives the users a process to impose page-based
protections without any modification in the page tables.

Memory Protection using Rings: In CS, the domains related to ordered

protection are called Protection Rings. This method helps in improving fault
tolerance and provides security. These rings are arranged in a hierarchy from
most privileged to least privileged. In the single-level sharing OS, each and every
segment has a protection ring for the process of reading, writing, and executing
operations of the process. If there is a use of a higher ring number by the process
then the ring number for the segment creates a fault. But we do have some
methods for calling the procedures safely that can run in a lower ring number and
then return to the number of the higher ring.

Capability-based addressing: It is a method of protecting the memory that

cannot be seen in modern commercial computers. Here, the pointers (objects
consisting of a memory address) are restored by the capabilities objects that can
only be created with the protected instructions and may only execute by a kernel,
or by another process that is authorized to execute and therefore it gives an
advantage of controlling the unauthorized processes in creating additional
separate address spaces in memory.

Memory Protection using masks: The masks are used in the protection of

memory during the organization of paging. In this method, before the
implementation, the page numbers are indicated to each program and are reserved
for the placement of its directives. Here the allocated pages for the program are
now given the control of the operating system in the form of mask code (an n-bit
binary code) which is formed for every working program that is determined by
the bit number of OD pages.
Memory Protection using Segmentation: It is a method of dividing the system
memory into different segments. The data structures of x86 architecture of OS
like local descriptor table and global descriptor table are used in the protection of
memory.

Memory Protection using Simulated segmentation: With this technique, we

can monitor the program for interpreting the machine code instructions of system
architectures. Through this, the simulator can help in protecting the memory by
using a segmentation using the scheme and validating the target address of every
instruction in real-time.

Memory Protection using Dynamic tainting: Dynamic tainting is a technique

that consists of marking and tracking certain data in a program at runtime as it
protects the process from illegal memory accesses. In tainting technique, we taint
a program to mark two kinds of data i.e., memory in the data space and the
pointers.
CHATGPT:
Memory protection and sharing are important concepts in operating systems (OS)
that ensure that programs can run efficiently and securely on a computer system.

Memory protection refers to the mechanism used by the OS to protect one program
from accessing or modifying the memory used by another program. This is
necessary because programs may inadvertently or maliciously access memory that
they should not be able to access, which can cause errors or security
vulnerabilities. The OS typically uses hardware memory management units
(MMUs) to enforce memory protection by assigning each program its own virtual
address space that is mapped to physical memory. The MMU ensures that each
program can only access the memory that it has been authorized to access.

Memory sharing, on the other hand, refers to the ability of multiple programs to
share a common area of memory. This can be useful in many scenarios, such as
when multiple programs need to access the same data or when a program needs to
communicate with another program. In order to facilitate memory sharing, the OS
may provide various mechanisms such as shared memory, pipes, and sockets.
These mechanisms allow programs to communicate and share data with each other
without violating memory protection rules.

Overall, memory protection and sharing are essential components of modern

operating systems that ensure the stability, security, and efficient use of computer
resources.
How Memory Protection works?
Memory protection works by isolating the memory used by each program or
process running on a computer system, and preventing unauthorized access or
modification of memory by other programs or processes.

Modern operating systems use hardware-based memory protection mechanisms,

typically implemented through the use of memory management units (MMUs).
The MMU maps each program's virtual memory space to a unique range of
physical memory addresses, and ensures that the program can only access the
memory addresses it has been authorized to access.

The MMU achieves this by dividing the memory into pages or segments and
assigning permissions to each page or segment. Permissions can include read,
write, and execute access, as well as various levels of access restrictions. When a
program attempts to access memory, the MMU checks the permissions associated
with the memory address being accessed, and allows or denies access based on
those permissions.

In addition to hardware-based memory protection, modern operating systems also

use software-based techniques to further enhance memory protection. These may
include techniques such as stack canaries, address space layout randomization
(ASLR), and non-executable stacks, which help prevent certain types of security
vulnerabilities such as buffer overflow attacks.

Overall, memory protection is a crucial aspect of modern operating systems,

ensuring that programs can operate safely and securely without interfering with
each other or the underlying system