100% Free Forever
AI-Powered Learning
Industry Expert Content
Certificates & Badges
Learn At Your Own Pace

What are Memory Protection Mechanisms?

Learn how memory protection works -- address space isolation, page permission bits, and protection faults -- with OS interview questions.

mediumQ158 of 224 in Operating Systems Est. time: 6 minsLast updated:
Open Code Lab

Expected Interview Answer

Memory protection mechanisms are hardware- and OS-enforced controls -- base/limit registers, per-page permission bits, and separate virtual address spaces -- that stop one process from reading, writing, or executing memory it does not own, so a bug or malicious process cannot corrupt another process or the kernel.

At the simplest level, base and limit registers restrict a process to a contiguous range of physical memory, with the hardware trapping any access outside those bounds. Paged systems go further: each page table entry carries permission bits -- read, write, execute, and a user/supervisor bit -- so the MMU can deny a write to a read-only code page, deny execution of a data page (used to stop stack/heap injection attacks), or deny any user-mode access to kernel-only pages. Because each process gets its own independent virtual address space and page table, one process’s addresses simply cannot resolve into another process’s physical frames unless memory is explicitly shared, which gives isolation as a side effect of the translation mechanism itself. Any violation -- writing to read-only memory, executing a non-executable page, or a user process touching a kernel page -- raises a protection fault (segmentation fault) that the OS handles, typically by terminating the offending process.

  • Isolates each process's address space from every other process
  • Read/write/execute bits stop code injection and accidental corruption
  • User/supervisor bit protects kernel memory from user-mode access
  • Violations surface as protection faults instead of silent corruption

AI Mentor Explanation

Memory protection is like a stadium issuing each team a strictly bounded dressing room and marking specific zones as view-only, no-entry, or staff-only: a player from Team A physically cannot walk into Team B’s locked dressing room because the access-card reader (the MMU) rejects the card outright. Some areas are marked read-only, like a trophy display case players may look at but not touch, while others are staff-only, like the pitch curator’s shed that only ground staff (the kernel) may enter. Any attempt to breach a boundary trips a security alarm (a protection fault) and security intervenes immediately.

Step-by-Step Explanation

  1. Step 1

    Assign address space

    Each process gets its own virtual address space and page table, so its addresses cannot resolve into another process's frames.

  2. Step 2

    Tag permission bits

    Each page table entry carries read, write, execute, and user/supervisor bits set according to what that page is allowed to do.

  3. Step 3

    MMU checks every access

    On every memory access, the MMU checks the requested operation against the page's permission bits before allowing it.

  4. Step 4

    Trap on violation

    A disallowed access (write to read-only, execute on non-executable, user access to kernel page) raises a protection fault handled by the OS.

What Interviewer Expects

  • Naming the core mechanisms: separate address spaces, permission bits, user/supervisor mode
  • Explaining how the MMU enforces checks on every access
  • Connecting non-executable pages to stopping code injection attacks
  • Describing what happens on a violation (protection fault / segfault)

Common Mistakes

  • Thinking memory protection is purely a software convention with no hardware support
  • Forgetting the user/supervisor bit that protects kernel memory specifically
  • Confusing memory protection with process scheduling or access control lists
  • Not knowing that non-executable pages are a defense against code injection

Best Answer (HR Friendly)

Memory protection is the set of hardware and OS rules that stop one running program from reading, writing, or running code in another program’s or the kernel’s memory. It works by giving every program its own private address space and by tagging each piece of memory with permissions like read-only or no-execute, so the hardware itself refuses any access that breaks those rules and hands control back to the operating system instead of letting the mistake silently corrupt something else.

Code Example

Page table entry with protection permission bits
struct pte {
    unsigned present    : 1;
    unsigned writable   : 1;
    unsigned executable : 1;
    unsigned user_mode   : 1;   /* 1 = accessible from user mode, 0 = kernel-only */
    unsigned frame       : 20;
};

/* MMU-style check performed on every memory access */
int check_access(struct pte *entry, int is_write, int is_exec, int in_user_mode) {
    if (!entry->present) return 0;                       /* not mapped -> fault */
    if (in_user_mode && !entry->user_mode) return 0;      /* kernel-only page */
    if (is_write && !entry->writable) return 0;           /* write to read-only */
    if (is_exec && !entry->executable) return 0;          /* execute on data page (W^X) */
    return 1;   /* access allowed */
}

Follow-up Questions

  • What is the W^X (write XOR execute) policy and how does it use permission bits?
  • How does the user/supervisor bit stop a user process from touching kernel memory?
  • What is the difference between a protection fault and a page fault?
  • How does shared memory deliberately relax process isolation, and how is that made safe?

MCQ Practice

1. What gives each process its isolation from other processes' memory?

Because each process has its own page table mapping its virtual addresses to distinct physical frames, one process's addresses cannot resolve into another's memory without explicit sharing.

2. What does the user/supervisor bit on a page table entry control?

The user/supervisor bit marks a page as kernel-only, so any user-mode access to it is denied by the MMU regardless of read/write/execute bits.

3. What is the purpose of a non-executable (no-execute) page permission?

Marking data regions like the stack and heap as non-executable stops an attacker from injecting and running malicious code there.

Flash Cards

What are the core memory protection mechanisms?Separate per-process address spaces, per-page permission bits, and the user/supervisor mode bit.

What enforces permission bits on every access?The memory management unit (MMU), checked on every memory reference.

What happens on a protection violation?A protection fault (segmentation fault) is raised and the OS typically terminates the offending process.

Why mark pages non-executable?To prevent injected code in data regions like the stack or heap from being run, blocking code injection attacks.

1 / 4

Continue Learning