Where to put access rights

• Associate protection bits with PTE

  • e.g., disallow user to read/write /execute in kernel space
  • e.g., allow one process to share-read some data with another but not modifying it etc.

• User/kernel protection model can be extended with rings of protection. Further extension leads to the concept of capabilities.

Previous slide

Next slide

Back to first slide

View graphic version