This is thetalk page for discussing improvements to theProtection ring article. This isnot a forum for general discussion of the subject of the article.
This article is within the scope ofWikiProject Computer security, a collaborative effort to improve the coverage ofcomputer security on Wikipedia. If you would like to participate, please visit the project page, where you can jointhe discussion and see a list of open tasks.Computer securityWikipedia:WikiProject Computer securityTemplate:WikiProject Computer securityComputer security
this term is mentioned quite a few times on this page and on the page for microkernels. I have no idea what it means, and it's definition is not clear. The only thing clear is that it is the alternative to privileged/kernel model.—Precedingunsigned comment added by209.77.137.57 (talk)00:28, 14 August 2008 (UTC)[reply]
My stab at this: User Mode is an operating system architecture concept that provides a restricted execution environment for applications which must use system calls to interact with the operating system, hardware and system memory and cannot directly access these resources. In the x86 architecture "User Mode"="Ring 3"="Privilege Level 3". But in other architectures this may not be such a direct mapping.Lskepticos (talk)23:11, 28 August 2025 (UTC)[reply]
This article would benefit from a clearer explanation about what a protection ring is and does. It assumes the reader knows what "one of two or more hierarchical levels or layers of privilege" means and why "rings were among the more revolutionary and visible concepts ..." The whole lead seems to step around defining what a ring is in simple terms, why it is significant, and how it is used. A very concise paragraph addressing some of the basics would be a great improvement to the lead section.JonHarder13:57, 25 July 2006 (UTC)[reply]
Maybe a more appropriate name for this subject would be "hierarchical states of privilege". I think that's the way it's called by academics. I think there also should be a comparison between this approach andCapability-based security with MMU support; as I leaned in mycomputer architecture andparallel computing classes, the first approach (the one described in this article) is an obsolete technology and provides both poor protection and poor performance, compared to the second approach. Unfortunly my reference text book is in italian, but I'm looking for some english ones.--BMF8118:19, 27 August 2006 (UTC)[reply]
I haven't found any articles here that evenmention Ring -1 (hardware-mode virtualization). Perhaps this should be the place? --Frankie
There's not even a rundown of the ring levels and what they mean. This article would benefit from a table list rings and their properties, etc.
There isn't even any explanation of the general purpose of the 80386 ring 1 or ring 2 that I can find anywhere. This article definitely should include something like that to illustrate what protection rings are good for.Daivox (talk)16:29, 24 August 2008 (UTC)[reply]
Ring 2 was/is used in OS/2 for specially privileged DLLs. Also VMS uses all 4 rings. Rings can be used to fine tune the os privileges - seeVAX#Privilege_Modes. Note that in VMS the file system run in it's own ring -Filesystem in Userspace is not a very new idea.
And I where to create an Os I would use the 4 available ring as follows:
Don’t forget that on e.g. Intel CPUs with IME, there’s even ring −2 and ring −3! Which can run (an installation ofMinix) even when the CPU is completely “OFF”! Including wifi communication, from wake-on-wlan to straight-up being hacked. —89.1.58.198 (talk)09:22, 23 May 2023 (UTC)[reply]
Because it has a different definition for different people. And in this context, it should be made clear which one is meant. … Of course linking to a generic page and expecting the reader to find which one was means, isn’t exactly solving that. ;) —89.1.58.198 (talk)09:23, 23 May 2023 (UTC)[reply]
more hypervisor background please, especially of the non-x86 type I'd like to request more in-depth discussion on hypervisors like those running IBM mainframes, perhaps historical perspective with the (again) IBM romp vm layer that ran AIX as a guest, or any of the alternative and/or comparable approaches (sun? hp?) that predate amd's and intel's johnny-come-lately implementation of this idea.84.82.170.167 (talk)23:18, 9 February 2009 (UTC)[reply]
For quite some time now x86 processors have implemented a System Management Interrupt. This is anon-maskable interrupt similar to the NMI that causes a transition back to the BIOS (actually whatever lives at 0xA0000 behind the legacy video ram). The OS has no control over this interrupt and is not notified that the interrupt occurred in any way. It is intended to be used by motherboard manufacturers to transparently deal with special features of their boards. See[1] for more info about why this is important.DaBraunBird (talk)16:59, 8 December 2009 (UTC)[reply]
This is merely a single reference to an invented marketing term: A rootkit runs at Ring-0, A rootkit that runs as a hypervisor runs at Ring-1, A rootkit that runs as a hyper-hypervisor, still runs at Ring-1/Hypervisor.— Precedingunsigned comment added by67.180.156.92 (talk) 20:53, 2012 November 12 (UTC)
"Today, this high degree of interoperation between the OS and the hardware is not often cost-effective, despite the potential advantages for security and stability."Today, a very high degree of interoperation between the OS and the hardware exists, to provide performance video and secondary storage performance, as well as virtualization performance.
"Intel announced that the Clover Trail series of processors will be "Windows only", lacking the disclosed information necessary to support Linux. But Clover Trail is already a dead end for other technical and business reasons."
The statement that micro-kernels are "sacrificing performance" is too strong, and contradicted by the performance of modern micro-kernels, such as L4.— Precedingunsigned comment added by121.127.198.152 (talk)00:36, 8 August 2014 (UTC)[reply]
Is there also a more generic article about protection rings that also incorporates the physical domain, such as in medieval castles with rings of walls? I could not find it. If there is, this article should link to that concept. If there isn't, it should probably be created and elements of this article should be moved there. That generic article could also relate todefence in depth.— Precedingunsigned comment added byJrest (talk •contribs)13:39, 16 February 2018 (UTC)[reply]
I know of no generic article covering topics that involve some form of protection and that use the word "ring".
However, I haven't seen any indication that the notion of multiple protection rings in computing is at all inspired by the notion of multiple physical rings of defense in that sense. The closest physical analogy I can think of to the computing notion of rings of protection is the notion that you might have some people you trust to a large degree, and with whom you share a lot of information, and other people whom you trust to a lesser degree, and with whom you share less information, and perhaps others whom you trust even less and with whom you share even less information. That doesn't seem very much like multiple ring walls in a defensive structure.
This has analogies incrumple zones in vehicles, and NASA’s strategy of designing things so that “everything can fail” (down to calculating the angle of entry by looking out the window and doing the math in your head, as was famously used in Apollo 13). But all of those concepts, including defense in depth, are closer related, than they are to protection rings, which are not meant to act as backup for each other, but as separation of privileges on a need-to-know basis hierarchy. Which again has obvious analogies in the military, but quite different ones than defense in depth. —89.1.58.198 (talk)09:36, 23 May 2023 (UTC)[reply]
Yeah, there's the general concept of two or more nested privilege levels, and then there are all the different implementations in various instruction sets (and the different terminology used for them), with different numbers of levels and different permissions that can be granted or not based on the current privilege level. (And then there's the question of whether more than two of those levels are used by the OS; neither most UN*Xes nor Windows make significant use of more than two levels, as they have to run on ISAs with only two levels.)
And then the article says "Ring protection can be combined withprocessor modes", but on VAX and x86, for example, the most privileged processor mode is also the innermost ring. (On the Multics machines, the modes were, at least in theory, orthogonal; as I remember, only atiny bit of code ran in master mode, with a few small routines callable only from ring 0.) PerhapsCPU modes (to whichprocessor modes redirects) should be merged here.
Given that Intel recently announced potential removal of ring 2 and 3, and this quote in the article:
The attractiveness of fine-grained protection remained, even after it was seen that rings of protection did not provide the answer...
What are the replacements modern systems will have? … All I can think of isRBAC-like systems, likeRSBAC (French afaik) andSELinux (NSA, USA), etc. But that doesn’t have hardware support. But maybe it isn’t necessary…
It would be good if the replacements, whatever they are, would be shortly mentioned in the article, and linked to a (new?) article about them.
I don't know of any products from it yet, but theCHERI project from SRI International and the University of Cambridge has added capability support to MIPS, Arm, RISC-V and, err, umm, an instruction set that's not generally considered "R", namely x86. Armhas shipped a prototype CHERI-equipped SoC and demonstrator board. (I think somebody from Cambridge gave a talk, at one point, using a notebook computer with a CHERI-equipped MIPS processor running a CHERI-supporting FreeBSD as the presentation machine.)Guy Harris (talk)20:01, 1 December 2023 (UTC)[reply]
The Intel 386 introduced the 4 rings in 1986. Not a single modern operating system uses ring 1 and 2. The Intel-VT-X/AMD-V hardware virtualization added in 2005 obviated any need for these rings. I believe the only OS that ever tried to use 3 rings was VMWare's ESX Server version 2 and it suffered serious performance issues due to the added context switching. ESX 3 switched to using the Intel-VT-X/AMD-V hardware virtualization support starting in 2006. What drives me crazy is how many college professors teach that world's OSes all use these 4 levels. The Security+ exam even propagates this nonsense.Lskepticos (talk)22:55, 28 August 2025 (UTC)[reply]
The 4 ring protection level diagrams so prevalent in the literature and almost never attributed, are all descendants of Figure 6-2 "Levels of Privilege", in "INTEL 80386 PROGRAMMER'S REFERENCE MANUAL 1986", INTEL CORPORATION, p.113.— Precedingunsigned comment added byLskepticos (talk •contribs)18:28, 28 August 2025 (UTC)[reply]
