Memory Protection

The core abstraction enabling memory protection. Each process operates within its own virtual address space, a private, linear range of addresses. The Memory Management Unit (MMU) translates these virtual addresses to physical RAM addresses using per-process page tables. This creates the illusion of exclusive memory ownership, isolating processes from each other and the kernel.

Page tables store the mapping from virtual to physical pages and, crucially, access permission bits for each mapping. Key bits include:

• Read (R): Allows fetching data from the page.
• Write (W): Allows storing data to the page.
• Execute (X): Allows the CPU to execute code from the page (mitigates code injection).
• User/Supervisor (U/S): Determines if the page is accessible from user-mode (ring 3) or only kernel-mode (ring 0). A violation of these bits triggers a hardware exception (e.g., segmentation fault).

The Memory Management Unit (MMU) is the hardware enforcer. On every memory access (instruction fetch, load, store), the MMU:

1. Walks the page table for the current process to find the physical address.
2. Checks the permission bits against the type of access being attempted.
3. Triggers a fault if permissions are violated, transferring control to the OS kernel. This hardware-level checking is non-bypassable by user code and provides the foundation for security guarantees.

A critical protection boundary. The OS kernel runs in a privileged CPU mode (kernel-mode/supervisor mode/ring 0) with full memory access. User applications run in user-mode (ring 3). Pages marked as supervisor-only in the page tables are inaccessible to user-mode code. This prevents buggy or malicious applications from corrupting kernel data structures or executing privileged instructions, ensuring system integrity.

User processes request kernel services (e.g., file I/O) via system calls. This involves a controlled, hardware-assisted transition from user to kernel mode:

• The CPU switches to a kernel stack and address space.
• The kernel validates all pointers passed from user space before dereferencing them (copy_from_user).
• After servicing the call, the kernel switches back to the user process's context, restoring its page tables and registers. This controlled gateway is the only way to access protected resources.

Proactive techniques to catch errors:

• Guard Pages: Allocating unmapped (no-read, no-write) pages at the edges of memory regions (e.g., between stacks). Any access causes an immediate segmentation fault, catching buffer overflows/underflows.
• Non-Executable Stack/Heap (NX/XD Bit): Marking data regions (stack, heap) as non-executable via the page table's X-bit. This prevents exploitation where attackers inject and execute shellcode in data buffers, a technique known as Data Execution Prevention (DEP).

A hardware component within a processor that manages all memory access requests. Its core functions are:

• Virtual-to-Physical Address Translation: Converts process-specific virtual addresses to actual physical RAM addresses using page tables.
• Access Control Enforcement: Checks permissions (read, write, execute) for each memory access against the page table entries.
• Cache Control: Interfaces with the CPU's cache hierarchy. The MMU is the physical enabler of memory protection; when a process attempts an unauthorized access, the MMU triggers a hardware exception (e.g., a segmentation fault).

A per-process data structure used by the Memory Management Unit (MMU) to map virtual addresses to physical addresses. Each entry (page table entry, or PTE) contains:

• Physical Page Frame Number: The location in RAM.
• Protection Bits: Flags controlling read, write, and execute permissions.
• Valid/Present Bit: Indicates if the mapping is active and the page is in physical memory. The operating system kernel maintains and controls page tables, allowing it to isolate process memory. Invalid or protected accesses flagged by the MMU cause page faults handled by the OS.

The guarantee that the memory spaces of different execution contexts (processes, virtual machines, containers) cannot access or corrupt each other. It is the primary security objective achieved by memory protection mechanisms.

• Spatial Isolation: Ensures a process's allocated memory regions are separate from all others.
• Temporal Isolation: Prevents residual data from a previous process from being readable by a new process (addressed via memory zeroing). This is fundamental to process model stability, sandboxing, and multi-tenant security in cloud environments.

A memory management technique that provides processes with the illusion of a large, contiguous, private address space, which is crucial for implementing protection. Key aspects include:

• Abstraction: Processes operate on virtual addresses, unaware of physical RAM layout.
• Isolation: Each process has its own independent virtual address space.
• On-Demand Paging: Memory is brought into physical RAM only when accessed, with unused pages swapped to disk. Virtual memory, managed via the MMU and page tables, is the architectural foundation that makes per-process memory protection feasible and efficient.

A specific type of hardware exception (signal SIGSEGV) generated by the Memory Management Unit (MMU) and delivered to the operating system when a process violates memory protection rules. Common causes include:

• Accessing a NULL or unmapped pointer (invalid page table entry).
• Writing to a read-only memory page (e.g., code segment).
• Accessing memory outside the allocated heap or stack bounds. The OS typically terminates the offending process to prevent system instability. This is a direct, observable result of memory protection enforcement.

A multiprocessor memory architecture where a processor's access time to memory depends on its physical location. While focused on performance, NUMA has protection implications:

• Local vs. Remote Memory: Each CPU has local memory it can access fastest; accessing another CPU's memory is slower.
• OS Awareness: The OS scheduler and memory allocator must be "NUMA-aware" to allocate a process's memory close to its executing CPU.
• Protection Consistency: Memory protection rules (page table permissions) must be enforced uniformly across the entire NUMA fabric, regardless of which CPU originates the access.