CS 431 Final Review

Steps in Handling a Page Fault

1. if there is a reference to a page, first reference to that page will trap to operating system 2. Operating system looks at another table to decide 3. Find free frame 4. Swap page into frame via scheduled disk operation 5. Reset tables to indicate page now in memory 6. Restart the instruction that caused the page fault

File Concept

A file is a named collection of related information that is recorded on secondary storage. From a user's perspective, a file is the smallest allotment of logical secondary storage. From OS perspective, a file is a logical unit ofstorage - contiguous logical address space

Virus

A piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data

first come first served (FCFS)

A priority-based scheduling method in which the scheduler always dispatches the ready thread that has been waiting the longest.

Single-Level Directory

A single directory for all users Naming problem, grouping problem

Write

A system call specifies file name and information to be written. The file system searches the file name in the directory to locate the file. A write pointer locates where to write in the file.

Read

A system call specifies file name and locate file on the memory block. A read pointer locates where to read from the file.

Buffer Overflow

A technique for crashing by sending too much data to the buffer in a computer's memory

identifier

A unique tag which identifies a file within the file system, in non-human-readable format

Traverse a File System

Access every directory and everyfile within a directory structure

Implementation of access matrix

Access matrix is a global table <domain, object, rights-set> Whenever an operation M is executed on an object O within domain D, the global table is searched for a triple <D,O,R>. Pros and cons of access list: -The table is usually large and thus cannot be kept in main memory -It is diffcult to take advantage of special groupings of objects or domains

Protection Domains

Access-right = <object-name, rights-set> Rights-set is a subset of all valid operations that can be performed on the object Domain = set of access-rights

Create

Allocate space in the file system and make entry in a directory

cloud storage

An Internet service that provides remote storage to computer users.

Demand Paging

An extension to paged memory management in which pages are brought into memory only when referenced (on demand)

C-LOOK scheduling

Arm only goes as far as the last request in each direction, then reverses direction immediately, without first going all the way to the end of the disk.

Security Problems

Breach of confidentiality: ensuring objects are available/understandable only to authorized peers Breach of integrity: ensuring objects have not been maliciously or accidentally modified Breach of availability: ensuring objects are available without delay and operate correctly Theft of service: Unauthorized sue of resources Denial of service: prevention of legitimate use

Overview of Mass Storage Structure

Bulk of secondary storage for modern computers is hard disk drives(HDDs) and nonvolatile memory (NVM) devices. HDDs spin platters of magnetically-coated material under moving read-write heads

Directory Structure

Collection of nodes containing information about all files. Both the directory structure and the files reside on disk.

general graph directory

Compared to the others, the General-Graph directory structure is more flexible. Cycles are allowed in the directory for general-graphs. It costs more than alternative solutions. Garbage collection is an essential step here

Storage Attachment

Computers access storage in three ways : host-attached, network-attached and cloud Host attached access through local I/O ports, using one of several technologies.

root partition

Contains the operating-system kernel and sometimes other system files and is mounted at boot time.

Protection

Controls who can do reading, writing, and executing

Size

Current file size

Dynamic Access Matrix

If a process in domain D tried to do "op" on object O then "op" must be in the access matrix. User who creates object can define access column for that object. Can be expanded to dynamic protection.

RAID schemes

Improve performance and improve the reliability of the storage system by storing redundant data.

shared lock

Is like reader lock - several processes can acquire concurrently

exclusive lock

Is like writer lock - only one process at a time can acquire such a lock

disk bandwidth

Is the total number of bytes transferred, divided by the total time between the first request for service and the completion of the last transfer

Goal of Protection

Lets say we have a valuable recourse like an OS. Ensure each object accessed correctly and only by authorized processes according to some policy. A policy is a statement of what states are allowed and what are not allowed for a specific system.

Storage device management

Low-level formatting (or physical formatting) divides a disk into sectors that the disk controller can read and write To use a disk to hold files, the operating system still needs to record its own data structures on the disk

Type

Needed for systems that support different types

Create a file

New files need to be created and added to the directory

sequential access

Operations: -Read next(): each read operation appends a new item to the end of the file -Write next(): appends to the end of the file and advances to the end of the newly written material. -Reset(): move to the beginning to the file.

Location

Pointer to file location on device

Threats

Program threats: Program cause security breaches, trojan horse, login spoofing, trap/back door, stack/buffer overflow, virus System & Network Threats: Abuse services and network connection to cause security breaches, worms, port scanning, denial of service

How can we ensure protection?

Protection Domains Access Matrix Language-Based Protection

Protection in Java

Protection is handled by JVM. A class is assigned a protection domain when it is loaded by the JVM The protection domain indicates what operations the class can (and cannot) perform If a library method is invoked that performs a privileged operation, the stack is inspected to ensure the operation can be performed by the library Generally, Java's load-time and run-time checks enforce type safety Classes effectively encapsulate and protect data andmethods from other classes

C-SCAN scheduling

Provides a more uniform wait time than SCAN. The head moves from one end of the disk to the other, servicing requests as it goes. When it reaches the other end it immediately returns to the beginning of the disk, without servicing any requests on the return trip Treats the cylinders as a circular list that wraps around from the last cylinder to the first one

nonvolatile memory

SSD, USBs, DRAM, Advantages: -Can be more reliable than HDDs -No moving parts -Consume less power but still much faster Disadvantages: -More expensive -Shorter life span -Less capacity

Security

Security on the other hand, requires not only an adequate protection system but also consideration of the external environment within which the system operates. A protection system is ineffective if user authentication is compromised, or a program is run by an unauthorized user.

Two-Level Directory

Separate directory for each user Path name Can have the same file name for different user Efficient searching No grouping capability

Open Files

Several pieces of data are needed to manage open file: - Open-file table tracks open files -File pointer points to last read/write location, per process that has the file open -File-open count has a counter of number of times a file is open to allow removal of data from open-file table when last processes closes it. -Disk location of the file: cache of data access information -Access rights: per-process access mode information

Language-Based Protection

Specification of protection in a programming language allows the high-level description of policies for the allocation and use of resources Language implementation can provide software for protection enforcement when automatic hardware-supported checking is unavailable Interpret protection specifications to generate calls on whatever protection system is provided by the hardware and the operating system

RAID structure

Stands for redundant arrays of inexpensive disks Increases the mean time to failure Mean time to repair - exposure time when another failure could cause data loss Mean time to data loss based on above factors.

Swap space management

Used for moving entire processes or pages from DRAM to secondary storage when DRAM not large enough for all processes. Secondary storage slower than DRAM, so important to optimize performance Usually multiple swap spaces possible, decreasing I/O load on any given device

Access Matrix

Viewing protection as a matrix: - rows represent domains - columns represent objects - access (i, j): set of operations that a process executing in domain i can invoke on object j. Access control can be discretionary or mandatory Discretionary: user who creates object can define across column for that object Mandatory: system admin determines the access matrix, user cannot modify it

Search for a file

We need to be able to search a directory structure to find the entry for a particular file.

Delete a file

When a file is no longer needed, we want to be able to remove it from the directory

Network Attached Storage

a network-attached storage(NAS) is storage made available over a network rather than over a local connection.

Trojan Horse

a program that appears desirable but actually contains something harmful

Shortest Seek Time First (SSTF)

a scheduling strategy for direct access storage devices that's used to optimize seek time. The track requests are ordered so the one closest to the currently active track is satisfied first and the ones farthest away are made to wait

mandatory

access is denied depending on locks held and requested

Login spoofing

an approach where a legitimate user presents a fake login screen to an unsuspecting user, who unwittingly supplies a valid login name and password to the imposter program.

Average I/O time

average access time + (amount to transfer / transfer rate) + controller overhead

Access Latency/Average Access Time

average seek time + average latency

Rename a file

change the name when the contents or use of the file changes

Time, date, and user identification

data for protection, security, and usage monitoring

Controllers

data transfers on a bus are carried out by special electronic processors called controllers

Worms

destructive programs that replicate themselves without requiring another program to provide a safe environment for replication

Trap doors/back doors

hidden mechanisms that bypass authentication measures; could enable unauthorized access

Disk Attachment

host-attached storage accessed through I/O ports talking to I/O busses SATA, ATA, USB, Fiber Channels, NVM express

Snapshot

is a view of file system before a set of changes take place

Positioning time (random-access time)

is time to move disk arm to desired cylinder (seek time) and time for desired sector to rotate under the disk head (rotational latency)

Mirroring or shadowing (RAID 1)

keeps duplicate of each disk

Truncate

locate named file, release space and reset size to zero

Delete

locate named file, remove entry from directory and deallocate space no longer used

virtual address space

logical view of how process is stored in memory • Usually start at address 0, contiguous addresses until end of space • Meanwhile, physical memory organized in page frames •Memory Management Unit (MMU) must map logical to physical

protection

mechanism used to control access to valued resources: e.g., programs & data stored on computer system.

Close

move the content entry f in memory to directory structure on disk

Lazy swapper

never swaps a page into memory unless page will be needed

head crash

occurs when a read/write head touches the surface of a platter

Name

one of the information kept in human-readable form

advisory

processes can find status of locks and decide what to do

Security

protecting the confidentiality, integrity ,and availability of a system according to the rules set out by a specific policy.

Stripped mirrors (RAID 1+0)

provides high performance and high reliability

Open

search the directory structure on disk for entry F, and move the content of entry to memory

Virtual Memory

separation of user logical memory from physical memory • Only part of the program needs to be in memory for execution • Logical address space can therefore be much larger than physical address space • Allows address spaces to be shared by several processes• Allows for more efficient process creation • More programs running concurrently • Less I/O needed to load or swap processes

partition

the disk into one or more groups of cylinders, each treated as a local disk

List a directory

to list the files in a directory and the contents of the directory entry for each file

Disk stripping

uses a group of disks as one storage unit

Block interleaved parity (RAID 4, 5, 6)

uses much less redundancy

File Structure

• Some operating systems impose (and support) a minimal number of file structures. • This approach has been adopted in UNIX, Windows, and others. • UNIX considers each file to be a sequence of 8-bit bytes ;no interpretation of these bits is made by the operating system. • This scheme provides maximum flexibility but little support. • Each application program must include its own code to interpret an input file as to the appropriate structure. • However, all operating systems must support at least one structure—that of an executable file—so that the system is able to load and run programs.

Selecting a Disk-Scheduling Algorithm

- SSTF: common, has natural appeal - SCAN/C-SCAN: perform better for systems that place a heavy load on the disk, less starvation - disk scheduling algorithm should be written as separate module of OS, allowing it to replaced w/ different algorithm if necessary - performance depends on # and type of requests - either SSTF or LOOK is reasonable for default

other access methods

- can be built on top of base methods - generally involve creating an INDEX for the file - keep index in memory -- if too large, create index (in memory) of index (on disk)

Disk Structure

- disk drives addressed as one-dimensional array of logical blocks - 1D array is sequentially mapped into sectors of disk - Sector 0: first sector of first track on outermost cylinder - mapping proceeds in order through that track, then through rest of tracks in that cylinder, then through rest of cylinders from outermost to innermost

Aspects of Demand Paging

-Extreme case - start process with no page in memory -A given instruction could access multiple pages -> multiple pages faults -Hardware support needed for demand paging

Free-frame list

-When a page fault occurs, the operating system must bring the desired page from secondary storage into main memory. -Most operating systems maintain a free-frame list (a pool of free frames for satisfying such requests) -Operating system typically allocate free frames using a technique known as zero-fill-on-demand -When a system starts up, all available memory is placed on the free-frame list

Domain implementation - UNIX

Domain is associated with the user - "User-id" Access control bits (UNIX) = Three categories of users (owner, group, world) and types of access privileges (read, write, execute) OS can do domain switching to execute some task. Accomplish via file system, each file has associated domain bit, when file executed and steuid = on, user-id set to owner of the file being executed.

Access methods

Files store information The information in the file can be accessed in several ways: -Sequential access -Direct access -Other access methods

Acyclic-Graph Directories

Have shared subdirectories and files

Logical formatting

The creation of a file system

Direct access

The direct-access method is based on a disk model of a file, since disks allow random access to any file block. Operations: -read n -write n -position to n Relative block numbers allow OS to decide where file should be placed

SCAN

The disk arm starts at one end of the disk, and moves towards the other end, servicing requests until it gets to the other end of the disk, where the head movement is reversed, and servicing continues.

bootstrap loader

The first program that is loaded into main memory from ROM when a computer is switched on. This will load the operating system from secondary storage.

disk scheduling

The operating system is responsible for using hardware efficiently, for the disk drives this means having a fast access time and disk bandwidth

Performance of Demand Paging

The page fault rate of a process is the number of pages faults the process gets during its execution divided by the number of memory accesses its performs.

Transfer rate

The rate at which data moves from the disk to memory

Tree-Structured Directory

The tree structured director is a generalization of the two-level directory structure that allows users to create their own tree of subdirectories and to use this structure to group and organize their files. The tree has a root, and every file or directory has a unique pathname that starts with the root. Processes can typically "move around" in the tree, by using a system call to specify which directory is their current working directory. The accounting file (e.g., passwd file) of a user typically designates which directory should initially be made the current working directory when the user logs in

valid-invalid bit

This bit is inside the page table to notify if it is in memory or not. V == in memory i == not in memory.