Which of the following statements pertaining to protection rings is false?
A.
They provide strict boundaries and definitions on what the processes that work within each ring can access.
B.
Programs operating in inner rings are usually referred to as existing in a privileged mode.
C.
They support the CIA triad requirements of multitasking operating systems.
D.
They provide users with a direct access to peripherals
Explanation:
In computer science, hierarchical protection domains, often called protection rings, are mechanisms to protect
data and functionality from faults (fault tolerance) and malicious behavior (computer security). This approach is
diametrically opposite to that of capability-based security. Computer operating systems provide different levels
of access to resources. A protection ring is one of two or more hierarchical levels or layers of privilege within
the architecture of a computer system. This is generally hardware enforced by some CPU architectures that
provide different CPU modes at the hardware or microcode level. Rings are arranged in a hierarchy from most
privileged (most trusted, usually numbered zero) to least privileged (least trusted, usually with the highest ring
number). On most operating systems, Ring 0 is the level with the most privileges and interacts most directly
with the physical hardware such as the CPU and memory. Special gates between rings are provided to allow an
outer ring to access an inner ring’s resources in a predefined manner, as opposed to allowing arbitrary usage.
Correctly gating access between rings can improve security by preventing programs from one ring or privilege
level from misusing resources intended for programs in another. For example, spyware running as a user
program in Ring 3 should be prevented from turning on a web camera without informing the user, since
hardware access should be a Ring 1 function reserved for device drivers. Programs such as web browsers
running in higher numbered rings must request access to the network, a resource restricted to a lower
numbered ring. “They provide strict boundaries and definitions on what the processes that work within each ring
can access” is incorrect. This is in fact one of the characteristics of a ring protection system. “Programs
operating in inner rings are usually referred to as existing in a privileged mode” is incorrect. This is in fact one of
the characteristics of a ring protection system. “They support the CIA triad requirements of multitasking
operating systems” is incorrect. This is in fact one of the characteristics of a ring protection system.
CBK, pp. 310-311 AIO3, pp. 253-256 AIOv4 Security Architecture and Design (pages 308 – 310)
AIOv5 Security Architecture and Design (pages 309 – 312)