Privilege and protection (protected mode operation)
Privilege and protection are a means of controlling access to
code and to data. The security of the system is maintained, as is
the integrity of the information. Privilege and protection became
a necessity of programming life when the concept of multiple users
or multiple uses became a reality.
Privilege
The concept of privilege is central to several facets of
protection. Applied to procedures, privilege is the degree to
which the procedure can be trusted not to make a mistake that
might affect other procedures or data. Applied to data, privilege
is the degree of protection that a data structure should have from
less trusted procedures.
Privilege levels and rules
The 80286+ uses 4 levels of protection to optimize support of
multitasking. Privilege is implemented by assigning a value from 0
to 3 to key objects which are recognized by the processor. This
value is called the privilege level (level 0 is the most
privileged, level 3 is the least privileged). The key items that
the processor recognizes are as follows:
DPL Descriptor Privilege Level
Descriptors contain a field called the DPL. This is
the least privilege that a task must have to access
the descriptor.
RPL Requester Privilege Level
The RPL represents the privilege level requested by
the procedure that originates a selector.
CPL Current Privilege Level
Generally, the CPL is equal to the segment DPL of the
code segment that the processor is currently executing.
CPL changes when control transfers to segments with
differing DPLs.
Privilege Typical use
level
0 Kernel, operating system (most privileged)
1 System services
2 Custom extensions (OEM software)
3 Applications (least privileged)
The 80286+ automatically verifies a procedure's right to access
another segment by comparing the procedure's CPL to one or more
other privilege levels. This verification occurs at the time a
descriptor selector is loaded into a segment register.