Memory protection is an essential feature of modern computer systems that ensures that different processes running on a computer cannot access each other’s memory space without permission. Memory protection is enforced by the Memory Management Unit (MMU) using many techniques. In this post, let us learn how the MMU enforces memory protection by these techniques.
Page Table
A page table is a data structure that is used to translate virtual memory addresses to physical memory addresses. Virtual memory addresses are the addresses that a program uses to access memory, while physical memory addresses are the actual locations of the memory in the computer’s RAM. The MMU uses page tables to map virtual memory addresses to physical memory addresses, and to enforce memory protection.
The MMU divides memory into small blocks called pages, typically 4KB in size. Each page is assigned a unique virtual memory address, and the MMU uses a page table to map the virtual memory address to the corresponding physical memory address. The page table also contains information about the permissions for each page, such as whether the page can be read, written, or executed.
The MMU achieves this by including information about the permissions for each page in the page table. For example, a page might be marked as read-only, which means that the process can read data from the page, but cannot write data to it. Similarly, a page might be marked as execute-only, which means that the process can execute code from the page, but cannot read or write data to it. This allows the system to restrict access to specific pages based on the type of access, which is important for maintaining the security of the system.
When a program accesses memory, the MMU first checks the page table to determine the permissions for the page that the program is trying to access. If the program does not have the appropriate permissions, the MMU generates a page fault, which causes the operating system to handle the error. The operating system can then take appropriate action, such as terminating the program or granting the program the necessary permissions.
The MMU achieves this by assigning a unique page table to each process, which allows each process to have its own virtual memory space. This means that a process can only access the pages that are assigned to its page table, and cannot access the pages assigned to other processes’ page tables. This ensures that a process cannot access or interfere with the memory space of other processes, which is important for maintaining the stability and security of the system.
The MMU uses different types of page tables to enforce memory protection. The simplest type of page table is the linear page table, which is a one-dimensional array that maps virtual memory addresses to physical memory addresses. Each entry in the linear page table contains the physical memory address and the permissions for the corresponding virtual memory address.
The MMU also uses hierarchical page tables, which are more complex than linear page tables. Hierarchical page tables are multi-dimensional arrays that are used to divide memory into smaller blocks called page frames. Each page frame is assigned a unique virtual memory address, and the MMU uses the page table to map the virtual memory address to the corresponding physical memory address. The page table also contains information about the permissions for each page frame.
The MMU uses a translation lookaside buffer (TLB) to speed up the process of translating virtual memory addresses to physical memory addresses. The TLB is a cache that stores recently used page table entries, and it is used to reduce the number of memory accesses required to translate virtual memory addresses to physical memory addresses.
Kernel-level protection
Kernel-level protection is a technique used by the Memory Management Unit (MMU) to protect the kernel and system-level processes from user-level processes. The kernel is the central part of the operating system that manages the resources of the computer, such as memory, CPU, and input/output devices. The kernel and system-level processes have privileged access to system resources, which means that they can perform actions that are not allowed for user-level processes. To ensure that user-level processes cannot access the kernel or system-level processes’ memory space, the MMU uses kernel-level protection.
Kernel-level protection involves creating a separate page table for the kernel and system-level processes. This page table is called the kernel page table, and it is used to map the kernel’s virtual memory space to physical memory. The kernel page table has different permissions than the user-level page tables, and it is only accessible by the kernel and system-level processes. This means that user-level processes cannot access the kernel’s memory space, which prevents them from interfering with the kernel or system-level processes.
The MMU uses a specific bit in the page table entries to identify the pages that belong to the kernel page table. This bit is called the supervisor bit, and it is set to 1 for pages in the kernel page table, and 0 for pages in the user-level page tables. The MMU uses this bit to determine whether a process has the privileges to access a specific page, and if not, it generates a page fault.
When a user-level process tries to access a page in the kernel page table, the MMU checks the supervisor bit of the page table entry, and if it is set to 1, it generates a page fault. The page fault is then handled by the operating system, which can take appropriate action, such as terminating the process or denying access to the page.
Kernel-level protection is an important technique for maintaining the security of the system. By preventing user-level processes from accessing the kernel or system-level processes’ memory space, kernel-level protection ensures that user-level processes cannot interfere with the kernel or system-level processes, which is important for maintaining the stability and security of the system.
It’s worth mentioning that kernel-level protection is not a foolproof technique, and it can be bypassed by sophisticated attackers. Nevertheless, it makes the exploitation process harder, time-consuming and less predictable.
Address space layout randomization (ASLR)
Address Space Layout Randomization (ASLR) is a technique used by the Memory Management Unit (MMU) to protect the computer system from memory-based attacks. ASLR is used to randomize the location of system and user-level data in memory, which makes it more difficult for an attacker to predict the location of specific data. This makes it harder for an attacker to exploit memory-based vulnerabilities, such as buffer overflows or heap-based attacks.
ASLR works by randomizing the base address of the process’ virtual memory space. The base address is the starting point of the process’ virtual memory space, and it is used as a reference point for all virtual memory addresses. By randomizing the base address, ASLR makes it difficult for an attacker to predict the location of specific data in memory, such as the location of the stack or heap.
ASLR also randomizes the location of other system data, such as shared libraries and kernel data structures. By randomizing the location of these data structures, ASLR makes it more difficult for an attacker to exploit memory-based vulnerabilities that rely on the attacker knowing the location of specific data structures.
In addition to randomizing the location of data in memory, ASLR also uses other techniques to protect the system from memory-based attacks. For example, ASLR can randomize the location of the stack and heap within a process’ virtual memory space, which makes it more difficult for an attacker to exploit stack-based or heap-based vulnerabilities. ASLR can also randomize the layout of the page table, which makes it more difficult for an attacker to exploit page table-based vulnerabilities.
It’s worth mentioning that ASLR is not a foolproof technique, and it can be bypassed by sophisticated attackers. Nevertheless, it makes the exploitation process harder, time-consuming and less predictable.
In addition to enforcing memory protection, page tables are also used to implement other memory management features, such as virtual memory and demand paging. Virtual memory allows a process to access more memory than is physically available by using disk storage as an extension of RAM. The MMU uses page tables to map virtual memory addresses to physical memory addresses, and to handle page faults when a page is not found in RAM. Demand paging is a technique where pages are only loaded into memory when they are needed, rather than loading all pages at the start of a process. The MMU uses page tables to track which pages are currently in memory, and to handle page faults when a page is not found in memory.
Conclusion
In conclusion, the MMU plays a critical role in enforcing memory protection by using page tables to specify the permissions for each page of memory. Page tables allow the MMU to map virtual memory addresses to physical memory addresses, and to enforce memory protection by restricting access to specific pages based on the type of access. Page tables also allow the MMU to implement other memory management features, such as virtual memory and demand paging. Overall, the MMU’s use of page tables is essential for maintaining the security and stability of a computer system.
Reference
- Memory management unit – Wikipedia
- Memory protection unit – Wikipedia
- FreeRTOS-MPU – ARM Cortex-M3 and ARM Cortex-M4 Memory Protection Unit support in FreeRTOS