OS TEST 2
What is the difference between periodic and aperiodic real-time tasks?
An aperiodic task has a deadline by which it must finish or start, or it may have a constraint on both start and finish time. A periodic task requirement may be stated as "once per period T" or "exactly T units apart".
Explain the difference between anomaly intrusion detection and signature intrusion detection.
Anomaly approach attempts to define normal behaviors, while signature attempts to define proper behavior.
Why would you expect improved performance using a double buffer rather than a single buffer for I/O?
Because a process is now transferring data to (or from) one buffer while the OS empties (or fills) the other.
What is the relationship between FIFO and clock page replacement algorithms?
Both treat the page frames allocated to a process as a circular buffer, with which a pointer is associated.
What requirements is memory management intended to satisfy?
1. Relocation - A process that has been swapped out to a disk can be moved to a different memory location than the one it was in previously. 2. Protection - Each process should be protected from unwanted interference by other processes, so programs in other processes should not be able to reference memory locations in a process for reading or writing purposes without permission; satisfied by the processor (hardware) 3. Sharing - Allowing several processes to access the same portion of main memory. Memory management system must allow controlled access to shared areas of memory without compromising essential protection 4. Logical organization - Enabling the OS and computer hardware to deal with user programs and data in the form of modules of some sort 5. Physical organization - The organization of the flow of information between main and secondary memory
What is the typical disk sector size?
512 bytes.
What is the difference between block-oriented devices and stream-oriented devices? Give a few examples of each.
A block-oriented device stores info in blocks that are usually of fixed size, and transfers are made one block at a time. Generally, it is possible to reference data by its block number. Disks and USB keys are examples of these devices. A stream-oriented device transfers data in and out as a stream of bytes, with no block structure. Terminals, printers, mouse and other pointing devices, and most other devices that are not secondary storage are stream oriented.
What is the difference between a bot and a root kit?
A bot relies on vulnerabilities or exploits to get on a computer, while a root kit does not. Bots take over other Internet-attached computers. A root kit is a set of programs installed on a system to maintain administrator (or root) access to that system.
What is the difference between demand cleaning and pre cleaning?
A cleaning policy is the opposite of a fetch policy: it is concerned with determining when a modified page should be written out to secondary memory. With demand cleaning, a page is written out to secondary memory only when it has been selected for replacement. A pre cleaning policy writes modified pages before their page frames are needed so that pages can be written out in batches.
What is a digital immune system?
A comprehensive approach to virus protection whose goal is to provide rapid response to viruses and remove them as soon as possible.
What is the difference between a field and a record?
A field is the basic element of data. An individual field contains a single value, such as a last name. A record is a collection of related fields that can be treated as a unit by some application program.
What is the difference between a file and a database?
A file is a collection of similar records. A database is a collection of related data. Consists of one or more types of files.
Why is it not possible to combine a global replacement policy and a fixed allocation policy?
A fixed allocation policy gives a process a fixed number of frames in main memory. This number is decided at initial load time (process creation time). In this policy, when a page fault occurs in the execution of a process, one of the pages of that process must be replaced. A global replacement policy considers all unlocked pages in main memory as candidates for replacement, regardless of which process owns a particular page.
What is the difference between hard and soft real-time tasks?
A hard real-time task is one that must meet its deadline; otherwise it will cause unacceptable damage or a fatal error to the system. A soft real-time task has an associated deadline that is desirable but not mandatory; it still makes sense to schedule and complete the task even if it has passed its deadline.
What are the distinctions among logical, relative, and physical addresses?
A logical address is a reference to a memory location independent of the current assignment of data to memory; a translation must be made to a physical address before the memory access can be achieved. A relative address is a particular example of logical address, in which the address is expressed as a location relative to some known point, usually a value in a processor register. A physical address is an actual location in main memory.
Briefly define shortest-process-next scheduling.
A non-preemptive policy in which the process with the shortest expected processing time is selected next.
What is the difference between a page and a frame?
A page is a part of a process, while a frame is a part of memory.
What is client/server computing?
A set of clients and servers. The client stations present a graphical interface that is comfortable to users, while the server provides a set of shared services to clients.
List and briefly define four different clustering methods.
Absolute scalability - cluster can have dozens or even hundreds of machines, each of which is a multiprocessor. Incremental scalability - A cluster is configured in such a way that it is possible to add new systems to the cluster in small increments. High availability - Because each node in a cluster is a standalone computer, the failure of one node does not mean loss of service. Superior price/performance - By using commodity building blocks, it is possible to put together a cluster with equal or greater computing power than a single large machine, at much lower cost.
What is usually the critical performance requirement in an interactive OS?
Adequate response time.
Briefly define FCFS scheduling.
Also known as FIFO. As each process becomes ready, it joins the ready queue. When the currently running process ceases to execute, the process that has been in the ready queue the longest is selected for running. First-Come-First-Serve performs much better for long processes than short ones.
List some benefits and disadvantages of blocking and nonblocking primitives for message passing.
Blocking - Pro: assures the receiver is ready and waiting for the message. Con: takes longer than non-blocking. Non-blocking - Pro: automatically sends message to the receiver when the sender is ready to send. Con: the receiver may not be ready for the message being passed, and thus some of the information may not be picked up by the receiver.
What are the two broad categories of defenses against buffer overflows?
Compile-time defenses - harden programs to resist attacks in new programs. Run time defenses - detect and abort attacks in existing programs.
What are the fundamental requirements addressed by computer security?
Confidentiality - Preserving authorized restriction on information access and disclosure, including means for protecting personal privacy and proprietary information. Integrity - Guarding against improper information modification or destruction, including ensuring information non-repudiation and authenticity. Availability - Ensuring timely and reliable access to and use of information.
List and briefly define three file allocation methods.
Contiguous allocation - A single contiguous set of blocks is allocated to a file at the time of file creation. This is a preallocation strategy, using variable size portions. Chained allocation - total opposite of contiguous allocation. Allocation is on an individual block basis. Each block contains a pointer to the next block in the chain. Preallocation is possible, but it is more common to simply allocate blocks as needed. Indexed allocation - addresses many of the problems of contiguous and chained allocation. The file allocation table contains a separate one-level index for each file; the index has one entry for each portion allocated to the file. Allocation is on the basis of either fixed-size blocks or variable-size portions.
Briefly describe the difference between DAC and RBAC.
DAC systems define the access rights of individual users and groups of users. RBAC is based on the roles that users assume in a system rather than the user's identity. Users are assigned to roles in an RBAC system.
Briefly define the alternative page fetch policies.
Demand paging - A page is brought into main memory only when a reference is made to a location on that page. Prepaging - Pages other than the one demanded by a page fault are brought in.
List and briefly define five general areas of requirements for a real-time OS.
Determinism - An OS is deterministic to the extent that it performs operations at fixed, predetermined times or within predetermined time intervals. Responsiveness - Concerned with how long, after acknowledgment, it takes an OS to service an interrupt. User control - In a real-time system, it is essential to allow the user fine-grained control over task priority. Reliability - Loss or degradation of performance in a real-time system can have catastrophic consequences, because a real-time system is responding to and controlling events in real time. Fail-soft operation - refers to the ability of a system to fail in such a way as to preserve as much capability and data as possible.
What are typical phases of operation of a virus or worm?
Dormant phase - idle, waiting for some event to activate. Propagation phase - Starts copying itself into other programs. Triggering phase - Activated to perform the function for which it was intended. Execution phase - The function for which it was created is performed.
List and briefly describe the principle physical characteristics used for biometric identification.
Facial Fingerprints Hand geometry Retinal pattern Iris structure Signature (difficult to implement) Voice
What are fat clients and thin clients, and what are the differences in philosophy of the two approaches?
Fat client - considerable fraction of the load is on the client. It takes advantage of desktop power, offloading application processing from servers and making them more efficient and less likely to bottleneck. Thin client - much smaller load of work is on the client, mimics the traditional host-centered approach.
List and briefly define five different categories of synchronization granularity.
Fine - Parallelism inherent in a single instruction stream. Medium - Parallel processing within a single application. Coarse - Multiprocessing of concurrent processes in a multiprogramming environment. Very coarse - Distributed processing across network nodes. Independent - Multiple unrelated processes.
List and briefly define three versions of load sharing.
First come first served (FCFS) - When a job arrives, each of its threads is placed consecutively at the end of the shared queue. When a processor becomes idle, it picks the next ready thread, which it executes until completion or blocking. Smallest number of threads first - The shared ready queue is organized as a priority queue, with threads from jobs with the smallest number of unscheduled threads given highest priority. Jobs with equal priority are ordered according to which job arrives first. As with FCFS, a scheduled thread is run to completion or blocking. Preemptive smallest number of threads first - Highest priority is given to jobs with the smallest number of unscheduled threads. An arriving job with a smaller number of threads than an executing job will preempt threads belonging to the scheduled job.
List and briefly define three blocking methods.
Fixed blocking - fixed-length records are used, and an integral number of records are stored in a block. Variable-length spanned blocking - variable-length records are used and are packed into block with no unused space. Some records must span two blocks, with the continuation indicated by a pointer to the successor block. Variable-length unspanned blocking - variable-length records are used, but spanning is not employed. There is wasted space in most blocks because of the inability to use the remainder of a block if the next record is larger than the remaining space.
List and briefly define three intruder behavior patterns.
Hackers - find vulnerable targets and attack them. Criminals - organized group of hackers who have specific targets, or at least classes of targets in mind (as opposed to just vulnerable targets). Insider attacks - very hard to detect and prevent. Employees have access and knowledge of databases, and can obtain information, and use that information, in an inappropriate manner.
What are some reasons to allow two or more processes to all have access to a particular region of memory?
If a number of processes are executing the same program, it is advantageous to allow each process to access the same copy of the program rather than have its own copy. Processes that are cooperating on some task may need to share access to the same data structure.
What is the difference between simple paging and virtual memory paging?
In contrast to simple paging, not all pages of a process have to be in main memory for the process to run. Pages may be read in as needed. Also, in virtual memory paging, reading a page into main memory may require writing a page out to disk.
Briefly define highest-response-ratio-next scheduling.
In this, a formula determines which process is chosen next. When the current process completes or is blocked, you choose the ready process with the greatest response ratio value. While shorter jobs are favored, aging without service increases the ratio so that a longer process will eventually get past competing shorter jobs.
What is the difference between internal and external fragmentation?
Internal fragmentation mean there is wasted space internal to a partition due to the fact that the block of data loaded is smaller than the partition. External fragmentation occurs when memory is allocated and a small piece is left over that cannot be effectively used.
List and briefly describe some of the defenses against buffer overflows that can be implemented when running existing, vulnerable programs.
Involve changes to the memory management of the virtual address space of processes.
What is the role of a communications architecture such as TCP/IP in a client/server environment?
It enables clients and servers to share the same communications protocols and support the same applications.
Briefly define round-robin scheduling.
It incorporates the use of preemption based on a clock. The clock interrupt is generated at periodic intervals, and when it occurs, the currently running process is placed in the ready queue, and the next ready job is selected on a FCFS basis. This technique is known as time slicing, because each process is given a slice of time before being preempted.
How does behavior-blocking software work?
It integrates with the OS of a host computer and monitors program behavior in real time for malicious actions.
Briefly define shortest-remaining-time scheduling.
It is a preemptive version of shortest-process-next. The scheduler always chooses the process that has the shortest expected remaining process time. As with SPN, there is a risk of starvation of longer processes.
Why is the capability to relocate processes desirable?
It is limiting to declare that when a process is swapped back in, that it has to be placed in the same memory location it had before.
What is the role of encryption in the operation of a virus?
It makes it more difficult to detect a pattern, because the bulk of each copy of a virus has its own unique encryption key.
What is the role of compression in the operation of a virus?
It makes the infected version as long as the uninfected version of an executable file, so it it harder to detect if a file contains a virus.
For process scheduling, does a low-priority value represent a low priority or a high priority?
It represents a high priority.
List and briefly define four techniques for thread scheduling.
Load sharing - A global queue of ready threads is maintained, and each processor, when idle, selects a thread from the queue. Gang scheduling - A set of related threads is scheduled to run on a set of processors at the same time, on a one-to-one basis. Dedicated processor assignment - The opposite of load-sharing, this approach provides implicit scheduling defined by the assignment of threads to processors. Dynamic scheduling - The number of threads in a process can be altered during the course of execution.
What is the difference between logical I/O and device I/O?
Logical I/O - Deals with the device as a logical resource and is not concerned with the details of actually controlling the device.Concerned with managing general I/O functions on behalf of user processes. Device I/O - The requested operations and data are converted into appropriate sequences of I/O instructions, channel commands, and controller orders.
Briefly describe the three types of processor scheduling.
Long-term is the decision to add to the pool of processes to be executed. Medium-term is the decision to add to the number of processes that are partially or fully in main memory(part of swapping function). Short-term is the decision as to which available process will be executed by the processor.
List and briefly define three classes of intruders.
Masquerader - Someone not authorized to use the computer and who penetrates a system's access controls to exploit an actual user's account. Misfeasor - A legitimate user who accesses data, programs, or resources for which such access is not authorized, or who is authorized for such access but misuses their privileges. Clandestine user - Someone who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection.
Explain the rationale behind the three-tier client/server architecture.
NAH
List and briefly describe some of the defenses against buffer overflows that can be used when compiling new programs.
NAH
Suggest pros and cons for fat client and thin client strategies.
NAH
Describe some worm countermeasures.
NAH BRO
What are typical access rights that may be granted or denied to a particular user for a particular file?
None Knowledge Execution Reading Appending Updating Changing protection Deletion
List some benefits and disadvantages of nonpersistent and persistent binding for RPCs.
Nonpersistent - Pro: used to conserve resources. Con: the overhead involved in establishing connections makes non persistent binding inappropriate for remote procedures that are called frequently by the same caller. Persistent - Con: Consumes more resources. Pro: no overhead involved in establishing connections for calls that occur frequently, since that connection remains established for a period of time after the call ends.
What is the difference between preemptive and nonpreemptive scheduling?
Nonpreemptive - Once a process is in the Running state, it continues to execute until (a) it terminates or (b) it blocks itself to wait for I/O or to request some OS service. Preemptive - The currently running process may be interrupted and moved to the Ready state by the OS.
What types of programming languages are vulnerable to buffer overflows?
Ones that do not include code that enforces range checks automatically.
What is accomplished by page buffering?
Page buffering essentially creates a cache of pages by assigning a replacement page to one of two lists: the free page list or the modified page list. The page to be replaced remains in memory.
What is the difference between passive and active security threats?
Passive attacks - are in the nature of eavesdropping on, or monitoring of, transmissions. The goal is to obtain information that is being transmitted. Active attacks - involve some modification of the data stream or the creation of a false stream. Whereas passive attacks are difficult to detect, measures are available to prevent their success. On the other hand, it is very difficult to prevent active attacks absolutely, because to do so would require physical protection of all communications facilities and paths at all times. Instead, the goal is to detect them and to recover from any disruption or delays caused by them.
In a fixed-partitioning scheme, what are the advantages of using unequal-size partitions?
Processes are assigned in such a way as to minimize wasted memory within a partition (internal fragmentation). Larger programs can be accommodated without overlay.
List and briefly define three techniques for performing I/O.
Programmed I/O - The processor issues an I/O command, on behalf of a process, to an I/O module; that process then busy waits for the operation to be completed before proceeding. Interrupt-driven I/O - The processor issues an I/O command on behalf of a process. There are then two possibilities. If the I/O instruction from the process is nonblocking, then the processor continues to execute instructions from the process that issued the I/O command. If the I/O instruction is blocking, then the next instruction that the processor executes is from the OS, which will put the current process in a blocked state and schedule another process. Direct memory access (DMA) - A DMA module controls the exchange of data between main memory and an I/O module. The processor sends a request for the transfer of a block of data to the DMA module and is interrupted only after the entire block has been transferred.
Briefly define the seven RAID levels.
RAID (redundant array of independent disks) is viewed by the OS as a single logical drive. Level 0 - Striping is non-redundant, dtc (data transfer capacity) is very high. Level 1 - Mirroring is mirrored, dtc is higher than single disk for read; similar to single disk for write. Level 2&3 - Parallel access (level 2 is redundant via Hamming code, while level 3 is bit-interleaved parity), dtc is the highest of all listed alternatives. Level 4, 5, & 6 - Independent access (level 4 is block-interleaved parity, level 5 is block-interleaved distributed parity, level 6 is block-interleaved dual distributed parity), dtc are a similar to Striping for read, lower than single disk for write (in the order from best to worst of 5, 6, 4).
What items of information about a task might be useful in real-time scheduling?
Ready time - The time at which a task is ready for execution. Starting deadline - Time by which a task must begin. Completion deadline - Time by which task must be completed. The typical real-time application will either have starting or completion deadlines, but not both. Processing time - Time required to execute the task to completion. In some cases, this is supplied. In others, the OS measures an exponential average. For still other scheduling systems, this info is not used. Resource requirements - Set of resources (other than the processor) required by the task while it is executing. Priority - Measures relative importance of the task. Subtask structure - A task may be decomposed into a mandatory subtask and an optional subtask. Only the mandatory subtask possesses a hard deadline.
What is the difference between resident set management and page replacement policy?
Resident set management - how many page frames are to be allocated to each active process, and whether the set of pages to be considered for replacement should be limited to those of the process that caused the page fault or encompass all the page frames in main memory. Replacement policy - Among the set of pages considered, which particular page should be selected for replacement.
In general terms, how does a worm propagate?
Search for other systems to infect by examining host tables or similar repositories of remote system addresses, establish a connection with a remote system, and copy itself to the remote system and cause the copy to be run.
What are typical operations that may be performed on a directory?
Search. Create file. Delete file. List directory. Update directory.
What delay elements are involved in a disk read or write?
Seek time is the time required to move disk arm to the required track. Rotational delay is the time required for the addressed area of the disk to rotate into a position where it is accessible by the read/write head. Seek time + rotational delay = access time. Transfer time is the time required for the data transfer.
What is the difference between a page and a segment?
Segmentation is visible to the programmer and is provided as a convenience for organizing programs and data, while paging is invisible to the programmer.
What is a file management system?
Set of system software that provides service to user and applications in the use of files.
What criteria are important in choosing a file organization?
Short access time. Ease of update. Economy of storage. Simple maintenance. Reliability.
Explain the difference between a simple memory card and a smart card.
Smart cards can process data and store it, while memory cards can only store it.
In general terms, what are four means of authenticating user's identity?
Something the individual knows Something the individual possesses Something the individual is (static biometrics) Something the individual does (dynamic biometrics)
What is middleware?
Standard programming interfaces and protocols that sit between the application above and communications software and operating system below. Middleware makes it easy to implement the same application on a variety of server types and workstation types.
List and briefly define four classes of real-time scheduling algorithms.
Static table-driven approach - perform a static analysis of feasible schedules of dispatching. The result is a schedule that determines, at run time, when a task must begin execution. Static priority-driven preemptive approach - a static analysis is performed, but no schedule is made. Rather, the analysis is used to assign priorities to tasks so that a traditional priority-driven preemptive scheduler can be used. Dynamic planning-based approach - Feasibility is determined at run time (dynamically) rather than offline prior to the start of execution (statically). An arriving task is accepted for execution only if it is feasible to meet its time constraints. Dynamic best effort approach - No feasibility analysis is performed. The system tries to meet all deadlines and aborts any started process whose deadline is missed.
List some benefits and disadvantages of synchronous and asynchronous RPCs.
Synchronous is easy to understand and program because its behavior is predictable. However, it fails to exploit fully the parallelism that is a part of distributed applications, which limits the kind of interaction the distributed application can have, resulting in lower performance. Asynchronous achieves a greater degree of parallelism that synchronous while retaining the familiarity and simplicity of the RPC. Asynchronous RPCs do not block the caller.
Why is it not possible to enforce memory protection at compile time?
The OS cannot anticipate all the memory references a program will make, and even if it could, it would be prohibitively time consuming to screen each program in advance for possible memory-reference violations.
What elements are typically found in a page table entry? Define each element.
The frame number, which tells the corresponding page in main memory. A modify (M) bit, which indicates whether the contents of the corresponding page have been altered since the page was last loaded into main memory. A present (P) bit, which indicates whether the corresponding page is in main memory or not.
Why is the average search time to find a record in a file less for an indexed sequential file than for a sequential file?
The index provides a lookup capability to reach quickly the vicinity of a desired record, something the sequential file does not have.
List and briefly define five file organizations.
The pile - least-complicated form. Data is collected in the order it arrives. Each record consists of one burst of data. The sequential file - most common form. A fixed format is used for records. All records are of same length. The indexed sequential file - popular approach to overcoming the disadvantages of the sequential file. Records are organized in sequence based on a key field, just like sequential file. An index to the file to support random access and an overflow file are added. The indexed file - Records are accessed only through their indexes. No restriction on the placement of records as long as a pointer in at least one index refers to that record. The direct or hashed file - exploits the capability found on disks to access directly any block of a known address. As with sequential and indexed sequential files, a key field is required in each record.
Why is the principle of locality crucial to the use of virtual memory?
The principle of locality states that program and data references within a process tend to cluster. This validates the assumption that only a few pieces of a process are needed over a short period of time. This also means that it should be possible to make intelligent guesses about which pieces of a process will be needed in the near future, which avoids thrashing. These two things mean that virtual memory is an applicable concept and that it is worth implementing.
What is computer security?
The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (including hardware, software, firmware, data, and telecommunications).
What is the difference between a resident set and a working set?
The resident set is the portion of a process that is actually in main memory at any time. A working set is the set of pages of a process that have been referenced within a certain time period.
What is the relationship between a pathname and a working directory?
The working directory enables files to be referenced relative to it, so that the entire pathname does not have to be spelled out each time you try to access a particular file.
Because we have standards such as TCP/IP, why is middleware needed?
There are many different versions of TCP/IP, middleware allows you to operate over any TCP/IP implementation.
Briefly define feedback scheduling.
This is used if there is no indication of the length of various processes. Feedback scheduling penalizes jobs that have been running longer. Hierarchical queues are used to keep track of how long processes are taking.
Explain thrashing.
Thrashing is when the system spends most of its time swapping pieces of a process rather than executing instructions. To overcome this, the OS essentially guesses which pieces are least likely to be used in the near future, based on recent history, and will swap those out of main memory.
What is the purpose of a translation lookaside buffer?
To reduce the memory access time of a virtual memory scheme. It acts as a cache for page table entries that have been most recently used.
What is the difference between turnaround time and response time?
Turnaround time is the interval between the submission of a process and its completion (an appropriate measure for a batch job). Response time is the time from the submission of a request until the response begins to be received (better measure than turnaround time from the user's point of view).
What distinguishes client/server computing from any other form of distributed data processing?
User has control over timing and style of computer usage Emphasis on centralizing corporate databases and many network management and utility functions Commitment to open and modular systems Networking is fundamental to the operation
Discuss the rationale for locating applications on the client, the server, or split between client and server.
You want to optimize the use of resources. Different cases, depending on application needs, the bulk of application software executes at the server, while in other cases, it executes at the client.
