Primary storage is usually organized into arbitrary groups of bits called bytes, characters, words, double words, blocks and pages. These groups are defined in terms of the number of bits of data they can store. Each group is given a number (i.e., an address) by which it and its contents can be referenced.

Modern primary storage mechanisms usually include features to detect errors and control use. These features are often organized around the groups of bits into which the storage is organized. For example, there may be storage elements dedicated to holding redundant data, often called check-bits, one for each word, frame or byte. These bits are set so as to make the bit count of the storage element conform to an arbitrary rule (e.g., odd or even parity). Whenever the element is used, the system automatically compares the count to the expected rule; variances indicate a failure. These mechanisms protect against data modification by providing for automatic error detection and, in some systems, automatic error correction.

Another such mechanism is called storage protection, which associate an arbitrary value with a block or page of storage. This value is called the storage protection key. The key currently associated with the block or page must agree with the value in the current program status word; otherwise, the program cannot use the storage. Changing either the key associated with the page or the key in the program status word requires privileges reserved from the active program. Storage protection is used to enforce process-to-process isolation.

Secondary Storage

Primary storage is supported by secondary storage, which includes magnetic disks and tapes. Secondary storage is relatively large and cheap; it may have mechanical as well as electronic components, but it is nonvolatile. Instructions or procedures cannot be executed directly from secondary storage. Execution of instructions or data operations kept in secondary storage usually requires that the instructions or operations first be moved to primary storage.

At a primitive level, information in secondary storage is referred to in terms of where it is stored. For example, one can specify a device (e.g., a drive), a device mechanism (e.g., a head), or a device abstraction (e.g., a cylinder, track, or sector). At a higher level, data in secondary storage is referred to in terms of such data abstractions as files and records or such language abstractions as get and put.

The lower the level (or closer to the hardware) at which the user or program accesses the data, the more difficult it is to control what the data does or to understand its intent. Therefore, for security, audit, and control of data, some systems allow users to access data only at the abstract or symbolic level, not at the hardware level. In other words, the user cannot access instructions that refer to the hardware, only those instructions that refer to the data by symbolic name.

Although nonvolatile and robust, secondary storage is not necessarily free of error. Errors are usually checked for and corrected by a combination of features of the secondary storage device, system-level code, and operator-initiated backup; they are rarely apparent at the application level. For example, modern tape drives have two heads. What is written by one is read by the other, and what is read is then compared to what was written. Variances are automatically corrected.

Virtual Storage

Virtual storage is an abstraction that a program process perceives as a very large and exclusive primary storage. It uses a combination of hardware address translation features, primary storage, and secondary storage to create this appearance. When a program process stores data in an address, a page of real storage is allocated to the page in which the address is located. When a request is made to read that data, the address is translated to point to the page previously allocated to it.

When the mechanism has no more real storage to allocate, it frees some by writing the contents to secondary storage, called paging storage, that has been reserved for that purpose. When referenced again, the page will be read back into primary storage from paging storage. It will be placed into any available page of real storage and the address of that page mapped to the virtual address of the data. This process is automatic and dynamic; it is neither necessary nor likely that the data will be returned to the same location in primary storage from which it was paged.

Virtual storage is a powerful mechanism for implementing process-to-process isolation within a computer. Because a request for data is always interpreted in the context of the local virtual store, there is no way for a program process to address data that it did not write or that belongs to another process. Exchange of data between processes using two virtual memories requires their mutual cooperation and in some cases may require the acquiescence of system management.

Buffers

Buffers are small stores used to speed the apparent movement of data from secondary to primary storage. The use of buffers is often automatic — that is, neither the user nor processes operating on the user’s behalf are aware of the buffers. Because buffers are automatic and transparent, they represent neither an exposure nor a command.

Cache Storage

Cache storage is a special type of buffer that is placed between primary storage and the arithmetic and logical elements of a system. Like other buffers, cache storage is not a security exposure.