Where to put access rights
Associate protection bits with PTE
- e.g., disallow user to read/write /execute in kernel space
- e.g., allow one process to share-read some data with another but not modifying it etc.
User/kernel protection model can be extended with rings of protection. Further extension leads to the concept of capabilities.