System Programming Unit-5 by Arun Pratap Singh

UNIT : V
SYSTEM
PROGRAMMING
II SEMESTER (MCSE 201)
PREPARED BY ARUN PRATAP SINGH

PREPARED BY ARUN PRATAP SINGH 1

1

RESOURCE SECURITY AND PROTECTION :
Operating system consists of a collection of objects, hardware or software
Each object has a unique name and can be accessed through a well-defined set of
operations (hopefully)
Protection and security problem - ensure that each object is accessed correctly and only
by those processes of authorized users that are allowed to do so
OR

UNIT : V


2


3


4

ACCESS CONTROL MATRIX :
In computer science, an Access Control Matrix or Access Matrix is an abstract, formal security
model of protection state in computer systems, that characterizes the rights of each subject with
respect to every object in the system. It was first introduced by Butler W. Lampson in 1971.
An access matrix can be envisioned as a rectangular array of cells, with one row per subject and
one column per object. The entry in a cell - that is, the entry for a particular subject-object pair -
indicates the access mode that the subject is permitted to exercise on the object. Each column is
equivalent to an access control list for the object; and each row is equivalent to an access
profile for the subject.


5
Access control matrix is a model of system resources protection. It was first
proposed by Butler W. Lampson , an American computer scientist, in 1971. The
protection schemes in this model do not allow unauthorized users or subjects to use
system resources. In other words, a particular subject has limitedly accessing rights to
some specific objects if not all.
For access control system, it likes using locked doors. The doors can be
opened by anyone who owns the right keys. Another example is checking the movie ticket
at a theatre. Viewers with the valid tickets are allowed to pass the door and watch the
movie.
Because of increasing in system complexity, the derivative forms of access
control matrix such as access control list (ACL) and capability list (C-list) are better
applied. Those derivatives have some advantages and disadvantages.
Access control matrix consists of triple parts such as subject, object, and
access operation. A subject is an active entity in a computer system such as user,
program, process, and thread. An object is a passive entity or system resource such as
file, directory, database record and printer. In access control matrixs schema, the
subjects and objects are placed in a table. Each row represents a subject and each
column represents an object. The data inside the table are set of access operations such
as read, write, and execute. The access operations are responsible for interactions
between subjects and objects.
A user requests access operations for objects/resources.
The reference monitor checks request validity and return either granting access or
denying access.

Principle of access control is as follows
1. Assign subjects on the system.
2. Assign objects which are recognized by associated programs.
3. Assign access operations that subjects can use.
4. Assign subjects which interact with objects thru processes.


6

In practical, the system should better not to assign numerous numbers of
objects and subjects in a large access control matrix. With a large amount of matrix entries
and extreme scattering of data [2], the large access control matrix would waste too much
memory space (e.g. 10,000 subjects x 1,000,000 objects = 1,000,000,000 matrix entries).
It also takes quite a while to check and pair between any subject and any object.
For better performance of authorization operation, the access control matrix
is split into two doable options or derivatives. The first is access control list and the later
is capability. The matrix is split into columns which represents objects. These columns
are called access control lists (ACLs). An ACL acts for a column in the access control
matrix. ACL is attached to an object and specifies its related subjects.


7


8
From the figure 1, there are three subjects (Alice, Bob and Fred) and three objects
(file1, file 2, and file 3). Each object is set for particular subject permissions. According to
figure 1, each file or object has its own ACL. File 1 links to two subjects that are Alice and
Fred. File 1 allows a permission to read for both subjects. For ACL of file 2, it allows a
permission to write file 2 for Alice and a permission to read file 2 for Bob.
Capability List (C-List) :
The second derivative of access control matrix is capability list or C-list. In
this case, the access control matrix is spilt into rows, each row represent one subject. A
capability list is attached to a subject and specifies its related objects. Each entry in the
list is a capability which is a pair of object and a set of access operations. Permissions to
access objects for each subject are listed in each C-list.


9

From figure 2, there are three subjects (Alice, Bob and Fred) and three objects (file
1, file 2, and file 3). Each subject is assigned permission for operate on each object. For
example, Alice has a permission to write on file 2, read and write on file 3.
Confused Deputy :
A deputy is a program that acts on behalf of users or subjects. One of the
known deputies is compiler. Compiler, a program that transforms source code into a
binary form, must act as a deputy for many users. This act causes a classical security
problem which is called confused deputy. A confused deputy is a deputy that is
inappropriately manipulated. This confused deputy problem is commonly found in
computer systems.


10

When the confused deputy problem occurs, C-list can prevent it but ACLs have
difficulties to avoid this problem. The confusion prevention of C-list is providing C-list to
the compiler shortly before starting debugging process. Alice must give her C-List to
compiler if she wants to invoke the compiler. Once receiving C-list, the compiler checks
all permissions related to the target file. The complier will know that Alice does not have
the permission to overwrite file Bill. On the other hand, ACLs do not have similar
protection mechanism to avoid the confusion.


11

Access Control List and Capability List look similar but there are many
differences. The obvious and significant difference is the direction of arrows of both
approaches
According to figure 4, the arrows for ACLs direct from the resources
(objects) to users (subjects) but the arrows for C-lists direct from users to the resources.
This means that the capability pairing between users and resources is generated by the
system. Thus, the permission of users to access files can be modified by the system itself.
Oppositely, the system with ACL approach must need a special method for pairing users
to files. This is the first advantage of capability over the ACL. The table 4 displays other
advantages and disadvantages between both.


12


13


14
ADVANCED MODELS OF PROTECTION :
The Take-Grant Model :
Principles:
o Uses directed graphs to model access control
o Protection state of system represented by directed graph
o More efficient than (sparsely populated) access matrix
Model:
o Graph nodes: subjects and objects
o An edge from node x to node y indicates that subject x has an access
right to the object y: the edge is tagged with the corresponding access
rights
o Access rights
Read (r), write (w), execute (e)
Special access rights for propagating access rights to other nodes
Take: If node x has access right take to node y, then subject
x can take any access right that it has on y to another node
Grant: If node x has access right grant to node y, then the
entity represented by node y can be granted any of the
access rights that node x has
Example: take operation
o Node x has take access to node y
o Node y has read and write access to node z
o Node x can take access right read from y and have this access right for
object z : a directed edge labeled r is added from node x to node z

Example: grant operation
Node x has grant access to node y and also has read and write access
to node z


15
Node x can grant read access for z to node y ( a directed edge labeled
r from y to z is added in the graph)

State and state transitions:
o The protection state of the system is represented by the directed graph
o System changes state (state transition) when the directed graph changes
o The directed graph changes with the following operations
Take
Grant
Create: A new node is added to the graph
When node x creates a new node y, a directed edge is
added from x to y
Remove: A node deletes some of its access rights to another node
Bell-LaPadula Model :
Used to control information flow
Model components
o Subjects, objects, and access matrix
o Several ordered security levels
Each subject has a (maximum) clearance and a current clearance
level
Each object has a classification (I.e., belongs to a security level)
o Subjects can have the following access rights to objects
Read-only
Append: subject can only write object (no read permitted)


16
Execute: no read or write
Read-write: both read and write are permitted
o Subject that creates an object has control attribute to that object and is the
controller of the object
Subject can pass any of the four access rights of the controlled
object to another subject
Restrictions on information flow and access control (reading down and writing up
properties):
1. The simple security property
A subject cannot have read access to an object with classification higher
than the clearance level of the subject
2. The -property (star property)
A subject has append (I.e., write) access only to objects which have
classification (I.e., security level) higher than or equal to the current
security clearance level of the subject
A subject has read access only to objects which have classification (I.e.,
security level) lower than or equal to the current security clearance level of
the subject
A subject has read-write access only to objects which have classification
(I.e., security level) equal to the current security clearance level of the
subject


17
CRYPTOGRAPHY :
Cryptography derived its name from a Greek word called Kryptos which means Hidden
Secrets. Cryptography is the practice and study of hiding information. It is the Art or Science of
converting a plain intelligible data into an unintelligible data and again retransforming that
message into its original form. It provides Confidentiality, Integrity, Accuracy.
Until modern times cryptography referred almost exclusively to encryption, which is the process
of converting ordinary information (called plaintext) into unintelligible text
(calledciphertext). Decryption is the reverse, in other words, moving from the unintelligible
ciphertext back to plaintext. A cipher (or cypher) is a pair of algorithms that create the encryption
and the reversing decryption. The detailed operation of a cipher is controlled both by the algorithm
and in each instance by a "key". This is a secret (ideally known only to the communicants), usually
a short string of characters, which is needed to decrypt the ciphertext. A "cryptosystem" is the
ordered list of elements of finite possible plaintexts, finite possible cyphertexts, finite possible
keys, and the encryption and decryption algorithms which correspond to each key. Keys are
important, as ciphers without variable keys can be trivially broken with only the knowledge of the
cipher used and are therefore useless (or even counter-productive) for most purposes.
Historically, ciphers were often used directly for encryption or decryption without additional
procedures such as authentication or integrity checks.
In colloquial use, the term "code" is often used to mean any method of encryption or concealment
of meaning. However, in cryptography, code has a more specific meaning. It means the
replacement of a unit of plaintext (i.e., a meaningful word or phrase) with a code word (for
example, wallaby replaces attack at dawn). Codes are no longer used in serious
cryptographyexcept incidentally for such things as unit designations (e.g., Bronco Flight or
Operation Overlord)since properly chosen ciphers are both more practical and more secure
than even the best codes and also are better adapted to computers.
Cryptanalysis is the term used for the study of methods for obtaining the meaning of encrypted
information without access to the key normally required to do so; i.e., it is the study of how to
crack encryption algorithms or their implementations.


18

What is Encryption / Decryption :
Encryption The process of converting plain text into an unintelligible format (cipher
text) is called Encryption. In cryptography, encryption is the process of encoding messages
or information in such a way that only authorized parties can read it. Encryption doesn't prevent
hacking but it reduces the likelihood that the hacker will be able to read the data that is
encrypted. In an encryption scheme, the message or information, referred to as plaintext, is
encrypted using an encryption algorithm, turning it into an unreadable ciphertext. This is
usually done with the use of an encryption key, which specifies how the message is to be
encoded. Any adversary that can see the ciphertext should not be able to determine anything
about the original message. An authorized party, however, is able to decode the ciphertext
using a decryption algorithm, that usually requires a secret decryption key, that adversaries
do not have access to. For technical reasons, an encryption scheme usually needs a key-
generation algorithm to randomly produce keys.
Decryption The process of converting cipher text into a plain text is called Decryption.
Or we can say that The process of decoding data that has been encrypted into a secret
format. Decryption requires a secret key or password.


19

ENCRYPTION TECHNIQUES AND ALGORITHM :
Symmetric key encryption
Public key encryption

SYMMETRIC KEY ENCRYPTION:
Symmetric-key cryptography is sometimes called secret-key cryptography. The most popular
symmetric-key system is the Data Encryption Standard (DES).
In the simpler types of cryptography, the same key is used to encrypt and decrypt information.
This key is sometimes called a symmetric key.
Everybody who is supposed to be able to read the information must have the key. The problem
with this sort of code is that the key has to be given to them over a secure line. If you're able to
give a key securely, why not send the whole message securely?
Thinking of the key as the key to a room may help explain this better. Everybody who should have
access to the room is given a copy of the key. Anybody who has that key can go in, put new
information in, take old information out, and lock the room again when they leave. Without the
key, you can't enter the room. Furthermore, if you send somebody a copy of the key by way of
the Post Office, somebody working at the Post Office could intercept this key, make a copy of it,
and then send it along. This would allow them to access this same locked room, and do the same
things with it. Now, think of sending the key over the Internet. That key could be intercepted by
anybody between you and the other machine, letting them read everything you locked up with
that key, even letting them modify it.


20


21


22

Symmetric key encryption is also known as shared-key, single-key, secret-key, and private-key
or one-key encryption. In this type of message encryption, both sender and receiver share the
same key which is used to both encrypt and decrypt messages. Sender and receiver only have
to specify the shared key in the beginning and then they can begin to encrypt and decrypt
messages between them using that key. Examples include AES (Advanced Encryption Standard)
and Triple DES (Data Encryption Standard).

Advantages :
- Simple: This type of encryption is easy to carry out. All users have to do is specify and share
the secret key and then begin to encrypt and decrypt messages.
- Encrypt and decrypt your own files: If you use encryption for messages or files which you
alone intend to access, there is no need to create different keys. Single-key encryption is best for
this.
- Fast: Symmetric key encryption is much faster than asymmetric key encryption.
- Uses less computer resources: Single-key encryption does not require a lot of computer
resources when compared to public key encryption.
- Prevents widespread message security compromise: A different secret key is used for
communication with every different party. If a key is compromised, only the messages between a
particular pair of sender and receiver are affected. Communications with other people are still
secure.


23
Disadvantages :
- Need for secure channel for secret key exchange: Sharing the secret key in the beginning is
a problem in symmetric key encryption. It has to be exchanged in a way that ensures it remains
secret.
- Too many keys: A new shared key has to be generated for communication with every different
party. This creates a problem with managing and ensuring the security of all these keys.
- Origin and authenticity of message cannot be guaranteed: Since both sender and receiver
use the same key, messages cannot be verified to have come from a particular user. This may
be a problem if there is a dispute.

PUBLIC-KEY CRYPTOGRAPHY :
Asymmetric cryptography or public-key cryptography is cryptography in which a pair of keys is
used to encrypt and decrypt a message so that it arrives securely. Initially, a network user receives
a public and private key pair from a certificate authority. Any other user who wants to send an
encrypted message can get the intended recipient's public key from a public directory. They use
this key to encrypt the message, and they send it to the recipient. When the recipient gets the
message, they decrypt it with their private key, which no one else should have access to.

Or we can say that Public-key cryptography, also known as asymmetric cryptography, is a
class of cryptographic algorithms which require two separate keys, one of which
is secret (or private) and one of which is public. Although different, the two parts of this key pair
are mathematically linked. The public key is used to encrypt plaintext or to verify a digital
signature; whereas the private key is used to decrypt ciphertext or to create a digital signature.
The term "asymmetric" stems from the use of different keys to perform these opposite functions,
each the inverse of the other as contrasted with conventional ("symmetric") cryptography which
relies on the same key to perform both.
Public-key algorithms are based on mathematical problems which currently admit no efficient
solution that are inherent in certain integer factorization, discrete logarithm, and elliptic
curve relationships. It is computationally easy for a user to generate their own public and private
key-pair and to use them for encryption and decryption. The strength lies in the fact that it is
"impossible" (computationally unfeasible) for a properly generated private key to be determined
from its corresponding public key. Thus the public key may be published without compromising
security, whereas the private key must not be revealed to anyone not authorized to read


24
messages or perform digital signatures. Public key algorithms, unlike symmetric key algorithms,
do not require a secure initial exchange of one (or more) secret keys between the parties.
Message authentication involves processing a message with a private key to produce a digital
signature. Thereafter anyone can verify this signature by processing the signature value with the
signer's corresponding public key and comparing that result with the message. Success confirms
the message is unmodified since it was signed, and presuming the signer's private key has
remained secret to the signer that the signer, and no one else, intentionally performed the
signature operation. In practice, typically only a hash or digest of the message, and not the
message itself, is encrypted as the signature.
Public-key algorithms are fundamental security ingredients in cryptosystems, applications and
protocols. They underpin such Internet standards as Transport Layer Security (TLS), PGP,
and GPG. Some public key algorithms provide key distribution and secrecy (e.g.,DiffieHellman
key exchange), some provide digital signatures (e.g., Digital Signature Algorithm), and some
provide both (e.g., RSA).
Public-key cryptography finds application in, amongst others, the IT security discipline information
security. Information security (IS) is concerned with all aspects of protecting electronic information
assets against security threats.
[1]
Public-key cryptography is used as a method of assuring the
confidentiality, authenticity and non-repudiability of electronic communications and data storage.

In an asymmetric key encryption scheme, anyone can encrypt messages using the public key, but only the holder of
the paired private key can decrypt. Security depends on the secrecy of the private key.


25

In the DiffieHellman key exchange scheme, each party generates a public/private key pair and distributes the public
key. After obtaining an authentic copy of each other's public keys, Alice and Bobcan compute a shared secret offline.
The shared secret can be used, for instance, as the key for a symmetric cipher.

Asymmetric key cryptography uses two separate keys: one private and one public.


26
General idea of asymmetric-key cryptosystem :

Public-key cryptography is often used to secure electronic communication over an open
networked environment such as the internet. Open networked environments are susceptible to a
variety of communication security problems such as man-in-the-middle attacks and other security
threats. Sending a secure communication means that the communication being sent must not be
readable during transit (preserving confidentiality), the communication must not be modified
during transit (preserving the integrity of the communication) and to enforce non-repudiation or
non-denial of the sending of the communication. Combining public-key cryptography with an
Enveloped Public Key Encryption (EPKE) method, allows for the secure sending of a
communication over an open networked environment.
The distinguishing technique used in public-key cryptography is the use of asymmetric key
algorithms, where the key used to encrypt a message is not the same as the key used to decrypt it.
Each user has a pair of cryptographic keys a public encryption key and a private decryption


27
key. Similarly, a key pair used for digital signatures consists of a private signing key and
a public verification key. The public key is widely distributed, while the private key is known only
to its proprietor. The keys are related mathematically, but the parameters are chosen so that
calculating the private key from the public key is either impossible or prohibitively expensive.
In contrast, symmetric-key algorithms variations of which have been used for thousands of years
use a single secret key, which must be shared and kept private by both the sender and the
receiver, for both encryption and decryption. To use a symmetric encryption scheme, the sender
and receiver must securely share a key in advance.
Because symmetric key algorithms are nearly always much less computationally intensive than
asymmetric ones, it is common to exchange a key using a key-exchange algorithm, then transmit
data using that key and a symmetric key algorithm. PGP and the SSL/TLS family of schemes use
this procedure, and are thus called hybrid cryptosystems.
There are two main uses for public-key cryptography:
Public-key encryption, in which a message is encrypted with a recipient's public key. The
message cannot be decrypted by anyone who does not possess the matching private key,
who is thus presumed to be the owner of that key and the person associated with the public
key. This is used in an attempt to ensure confidentiality.
Digital signatures, in which a message is signed with the sender's private key and can be
verified by anyone who has access to the sender's public key. This verification proves that
the sender had access to the private key, and therefore is likely to be the person associated
with the public key. This also ensures that the message has not been tampered, as any
manipulation of the message will result in changes to the encoded message digest, which
otherwise remains unchanged between the sender and receiver.
An analogy to public-key encryption is that of a locked mail box with a mail slot. The mail slot is
exposed and accessible to the public its location (the street address) is, in essence, the public
key. Anyone knowing the street address can go to the door and drop a written message through
the slot. However, only the person who possesses the key can open the mailbox and read the
message.
An analogy for digital signatures is the sealing of an envelope with a personal wax seal. The
message can be opened by anyone, but the presence of the unique seal authenticates the sender.
A central problem with the use of public-key cryptography is confidence/proof that a particular
public key is authentic, in that it is correct and belongs to the person or entity claimed, and has
not been tampered with or replaced by a malicious third party. The usual approach to this problem
is to use a public-key infrastructure (PKI), in which one or more third parties known as certificate
authorities certify ownership of key pairs. PGP, in addition to being a certificate authority


28
structure, has used a scheme generally called the "web of trust", which decentralizes such
authentication of public keys by a central mechanism, and substitutes individual endorsements of
the link between user and public key. To date, no fully satisfactory solution to the "public key
authentication problem" has been found.

Forward Public Key Encryption
The goal of Forward Public Key Encryption (FPKE) encryption is to ensure that the communication
being sent is kept confidential during transit.
To send a message using FPKE, the sender of the message uses the public key of the receiver
to encrypt the contents of the message. The encrypted message is then transmitted electronically
to the receiver and the receiver can then use their own matching private key to decrypt the
message.
The encryption process of using the receivers public key is useful for preserving the confidentiality
of the message as only the receiver has the matching private key to decrypt the message.
Therefore, the sender of the message cannot decrypt the message once it has been encrypted
using the receivers public key. However, FKPE does not address the problem of non-repudiation,
as the message could have been sent by anyone that has access to the receivers public key.
Inverse Public Key Encryption
The goal of Inverse Public Key Encryption (IPKE) is to ensure that the sender of the
communication that is being sent is known to the receiver and that the sender of the message
cannot refute that the message that they have sent was not sent by them. Therefore, the purpose
of IPKE is to ensure the non-repudiation of the message being sent. This is useful in a practical
setting where a sender wishes to make an electronic purchase of shares and the receiver wants
to confirm that it was indeed the actual sender requesting the purchase and not someone else.
IPKE is also known as a digital signature.
To send a message using IPKE, the message is encrypted using the senders private key which
serves as the senders digital signature. The digitally "signed" and encrypted message is then sent
to the receiver who can then use the senders public key to decrypt the message and reveal the
original contents.
IPKE is useful for applying ones digital signature to a message thus enforcing non-repudiation
however, when the message is transmitted it is possible for the message to be intercepted by an
unauthorized person and the unauthorized person could then use the senders public key to
decrypt the contents of the message thus not enforcing the confidentiality of the message being
sent.


29
Certification Authority
In order for Enveloped Public Key Encryption to be as secure as possible, there needs to be a
"gatekeeper" of public and private keys, or else anyone could publish their public key and
masquerade as the intended sender of a communication. This digital key "gatekeeper" is known
as a certification authority. A certification authority is a trusted third party that can issue public and
private keys thus certifying public keys.

Advantages
- Convenience: It solves the problem of distributing the key for encryption. Everyone publishes
their public keys and private keys are kept secret.
- Provides for message authentication: Public key encryption allows the use of digital
signatures which enables the recipient of a message to verify that the message is truly from a
particular sender.
- Detection of tampering: The use of digital signatures in public key encryption allows the
receiver to detect if the message was altered in transit. A digitally signed message cannot be
modified without invalidating the signature.
- Provide for non-repudiation: Digitally signing a message is akin to physically signing a
document. It is an acknowledgement of the message and thus, the sender cannot deny it.
Disadvantages
- Public keys should/must be authenticated: No one can be absolutely sure that a public key
belongs to the person it specifies and so everyone must verify that their public keys belong to
them.
- Slow: Public key encryption is slow compared to symmetric encryption. Not feasible for use in
decrypting bulk messages.
- Uses up more computer resources: It requires a lot more computer supplies compared to
single-key encryption.
- Widespread security compromise is possible: If an attacker determines a person's private
key, his or her entire messages can be read.
- Loss of private key may be irreparable: The loss of a private key means that all received
messages cannot be decrypted.


30
AUTHENTICATION :
Authentication is the act of confirming the truth of an attribute of a single piece of data (datum)
or entity. In contrast with Identification which refers to the act of stating or otherwise indicating a
claim purportedly attesting to a person or thing's identity, Authentication is the process of actually
confirming that identity. It might involve confirming the identity of a person by validating
their identity documents, verifying the validity of a website with a digital certificate, tracing the age
of an artifact by carbon dating, or ensuring that a product is what its packaging and labeling claim
to be. In other words, Authentication often involves verifying the validity of at least one form of
identification.
Basis of most protection mechanisms
Two types of authentication
External: verify the user
Usually username/password combination
May require two passwords or other identification
Internal: verify the process
Dont allow one users process to appear to be that of another user
Network access accentuates the problem
Is the computer who it says it is?
User Authentication:
Three types of authentication:
Something a user knows
e.g. a password, a combination, answers to personal questions
Something a user has
e.g. a badge, a smart card, a key
Something a user is
e.g. fingerprint, signature, voice print, hand geometry, retinal blood
vessel pattern
User identity most often established through passwords, can be considered a
special case of either keys or capabilities.
Passwords must be kept secret.
Frequent change of passwords.
Use of non-guessable passwords.
Log all invalid access attempts.
Encryption


31
Possible mechanisms
Recognize repeated login attempts
Disconnect after some threshold is reached
Disregard correct passwords after some threshold of failures has
been reached
Make login process slow handle computer generated attempts
Network Authentication :
Need to be able to communicate between computers without significantly
increasing the overhead involved
Most typical access is for file transport
Email
Messages
File downloading
Obtaining network services
Program Threats :
Trojan Horse
Code segment that misuses its environment.
Exploits mechanisms for allowing programs written by users to be executed
by other users.
Trap Door
Specific user identifier or password that circumvents normal security
procedures.
Could be included in a compiler.
System Threats :
Worms use spawn mechanism; standalone program
Internet worm
Exploited UNIX networking features (remote access) and bugs in finger and
sendmail programs.
Grappling hook program uploaded main worm program.
Viruses fragment of code embedded in a legitimate program.
Mainly effect microcomputer systems.
Downloading viral programs from public bulletin boards or exchanging
floppy disks containing an infection.
Safe computing.


32

Threat Monitoring :
Check for suspicious patterns of activity i.e., several incorrect password attempts
may signal password guessing.
Audit log records the time, user, and type of all accesses to an object; useful for
recovery from a violation and developing better security measures.
Scan the system periodically for security holes; done when the computer is
relatively unused.
Check for:
Short or easy-to-guess passwords
Unauthorized set-uid programs
Unauthorized programs in system directories
Unexpected long-running processes
Improper directory protections
Improper protections on system data files
Dangerous entries in the program search path (Trojan horse)
Changes to system programs: monitor checksum values
Kerberos Network Authentication :
A set of network protocols used to authen-ticate access to a computer by a user
at a different computer using an unsecure network
Assumes information over network could be tampered with
Does not assume OS on either machine is secure
Developed at MIT in 80s; widely used


33

Once these steps completed, client and server processes both have copy of
session key and can begin secure communication
Authentication server MUST be trusted
It has copy of clients ID, knows how to encrypt info that only client can
decrypt, knows how to encrypt info that only server can decrypt, and can
create unique session key


34

MULTIPROCESSOR SYSTEM ARCHITECTURE :
Multiprocessor system is an interconnection of two or more CPUs with
memory and input-output equipment
The components that forms multiprocessor are CPUs IOPs connected to input
output devices , and memory unit that may be partitioned into a number of
separate modules.
Multiprocessor are classified as multiple instruction stream, multiple data stream
(MIMD) system.
Why Choose a Multiprocessor?
A single CPU can only go so fast, use more than one CPU to improve
performance
Multiple users
Multiple applications
Multi-tasking within an application
Responsiveness and/or throughput
Share hardware between CPUs


35
Multiprocessing is the use of two or more central processing units (CPUs) within a single
computer system. The term also refers to the ability of a system to support more than one
processor and/or the ability to allocate tasks between them. There are many variations on this
basic theme, and the definition of multiprocessing can vary with context, mostly as a function
of how CPUs are defined (multiple cores on one die, multiple dies in one package, multiple
packages in one system unit, etc.).
According to some on-line dictionaries, a multiprocessor is a computer system having two
or more processing units (multiple processors) each sharing main memory and peripherals,
in order to simultaneously process programs. A 2009 textbook defined multiprocessor system
similarly, but noting that the processors may share "some or all of the systems memory and
I/O facilities"; it also gave tightly coupled system as a synonymous term.
At the operating system level, multiprocessing is sometimes used to refer to the execution of
multiple concurrent processes in a system as opposed to a single process at any one
instant. When used with this definition, multiprocessing is sometimes contrasted
with multitasking, which may use just a single processor but switch it in time slices between
tasks (i.e. a time-sharing system). Multiprocessing however means true parallel execution of
multiple processes using more than one processor. Multiprocessing doesn't necessarily mean
that a single process or task uses more than one processor simultaneously; the term parallel
processing is generally used to denote that scenario. Other authors prefer to refer to the
operating system techniques as multiprogramming and reserve the term multiprocessing for
the hardware aspect of having more than one processor. The remainder of this article
discusses multiprocessing only in this hardware sense.
In Flynn's taxonomy, multiprocessors as defined above are MIMD machines. As they are
normally construed to be tightly coupled (share memory), multiprocessors are not the entire
class of MIMD machines, which also contains message passing multicomputer systems.


36

Use of a cache coherence protocol is crucial to ensure that caches do not contain
stale copies of data
Snooping-based approach (bus interconnection)
CPU snoops on the bus to analyze traffic and eliminate stale copies
Write-invalidate variant
At a write, CPU updates memory and invalidates copies in
other caches
Directory-based approach
Directory contains information about copies in caches
TLB coherence is an analogous problem
Solution: TLB shootdown action
Multiprocessor Systems are classified according to the manner of associating
CPUs and memory units
Uniform memory access (UMA) architecture
Previously called tightly coupled multiprocessor
Also called symmetrical multiprocessor (SMP)
Examples: Balance system and VAX 8800
Nonuniform memory access (NUMA) architecture
Examples: HP AlphaServer and IBMNUMA-Q
No-remote-memory-access (NORMA) architecture
Example: Hypercube system by Intel
Is actually a distributed system (discussed later)


37


38

SMP Architecture :
Popularly use a bus or a cross-bar switch as the interconnection network
Only one conversation can be in progress over the bus at any time; other
conversations are delayed
CPUs face unpredictable delays in accessing memory
Bus may become a bottleneck
With a cross-bar switch, performance is better


39
Switch delays are also more predictable
Cache coherence protocols add to the delays
SMP systems do not scale well beyond a small number of CPUs
NUMA Architecture :
Actual performance of a NUMA system depends on the nonlocal memory
accesses made by processes


40
How multiprocessor are classified?
Multiprocessor are classified by the way their memory is organized, mainly it is
classified into two types
1. Tightly coupled multiprocessor
2. Loosely coupled multiprocessor
Tightly coupled Multiprocessor :
A multiprocessor is a tightly coupled computer system having two or more
processing units (Multiple Processors) each sharing main memory and
peripherals, in order to simultaneously process programs
Tightly coupled Multiprocessor is also know as shared memory system
Loosely-coupled multiprocessor :
Loosely-coupled multiprocessor systems (often referred to as clusters ) are
based on multiple standalone single or dual processor commodity computers
interconnected via a high speed communication system.
Loosely-coupled multiprocessor is also known as distributed memory.
Example : A Linux beowulf cluster


41
Interconnection Structures :
The physical forms for establishing an interconnection network .
1. Time shared common bus.
2. Multiport memory.
3. Crossbar switch
4. Multistage switching network.
5. Hypercube system.
1. Time shared common bus. :
A system common bus multiprocessor system consists of a number of
processors connected through path to a memory unit.

2. Multiport Memory :
A multiport memory system employs separate buses between each memory
module and each CPU.


42

3. Cross bar switch :


43
4. Multistage switching Network :
The basic component of a multistage network is a two- input , two- output
interchange switch.

5. Hypercube Interconnection :
The hypercube or binary n-cube multiprocessor structure is loosely coupled
system composed of N=2
n
processor interconnected in an n-dimensional binary
cube.
Hyper cube structures for n = 1,2,3.


44
FLYNNS CLASSIFICATION : This classification was first studied and proposed by Michael Flynn
in 1972. Flynn did not consider the machine architecture for classification of parallel computers;
he introduced the concept of instruction and data streams for categorizing of computers. All the
computers classified by Flynn are not parallel computers, but to grasp the concept of parallel
computers, it is necessary to understand all types of Flynns classification. Since, this
classification is based on instruction and data streams, first we need to understand how the
instruction cycle works.
Instruction Cycle : The instruction cycle consists of a sequence of steps needed for the execution
of an instruction in a program. A typical instruction in a program is composed of two parts: Opcode
and Operand. The Operand part specifies the data on which the specified operation is to be done.
The Operand part is divided into two parts: addressing mode and the Operand. The addressing
mode specifies the method of determining the addresses of the actual data on which the operation
is to be performed and the operand part is used as an argument by the method in determining
the actual address.

The control unit of the CPU of the computer fetches instructions in the program, one at a time.
The fetched Instruction is then decoded by the decoder which is a part of the control unit and the
processor executes the decoded instructions. The result of execution is temporarily stored in
Memory Buffer Register (MBR) (also called Memory Data Register).


45

Instruction Stream and Data Stream : The term stream refers to a sequence or flow of either
instructions or data operated on by the computer. In the complete cycle of instruction execution,
a flow of instructions from main memory to the CPU is established. This flow of instructions is
called instruction
stream. Similarly, there is a flow of operands between processor and memory bi-directionally.
This flow of operands is called data stream. These two types of streams are shown in Figure.


46

Flynns Classification :
Flynns classification is based on multiplicity of instruction streams and data streams observed
by the CPU during program execution. Let Is and Ds are minimum number of streams flowing at
any point in the execution, then the computer organisation can be categorized as follows:
1) Single Instruction and Single Data stream (SISD) :
In this organisation, sequential execution of instructions is performed by one CPU containing a
single processing element (PE), i.e., ALU under one control unit as shown in Figure. Therefore,
SISD machines are conventional serial computers that process only one stream of instructions
and one stream of data. This type of computer organisation is depicted in the diagram:

2) Single Instruction and Multiple Data stream (SIMD) :
In this organisation, multiple processing elements work under the control of a single control unit.
It has one instruction and multiple data stream. All the processing elements of this organization
receive the
same instruction broadcast from the CU. Main memory can also be divided into modules for
generating multiple data streams acting as a distributed memory as shown in Figure. Therefore,
all the processing elements simultaneously execute the same instruction and are said to be 'lock-
stepped' together. Each processor takes the data from its own memory and hence it has on


47
distinct data streams. (Some systems also provide a shared global memory for communications.)
Every processor must be allowed to complete its instruction before the next instruction is taken
for execution. Thus, the execution of instructions is synchronous. Examples of SIMD organisation
are ILLIAC-IV, PEPE, BSP, STARAN, MPP, DAP and the Connection Machine (CM-1).
This type of computer organisation is denoted as:

3) Multiple Instruction and Single Data stream (MISD) :
In this organization, multiple processing elements are organised under the control of
multiple control units. Each control unit is handling one instruction stream and processed
through its corresponding processing element. But each processing element is
processing only a single data stream at a time. Therefore, for handling multiple instruction
streams and single data stream, multiple control units and multiple processing elements
are organised in this classification. All processing elements are interacting with the
common shared memory for the organisation of single data stream as shown in Figure 6.
The only known example of a computer capable of MISD operation is the C.mmp built by
Carnegie-Mellon University.
Is > 1
Ds = 1


48

This classification is not popular in commercial machines as the concept of single data
streams executing on multiple processors is rarely applied. But for the specialized
applications, MISD organisation can be very helpful. For example, Real time computers
need to be fault tolerant where several processors execute the same data for producing
the redundant data. This is also known as N- version programming. All these redundant
data are compared as results which should be same; otherwise faulty unit is replaced.
Thus MISD machines can be applied to fault tolerant real time computers.
4) Multiple Instruction and Multiple Data stream (MIMD) :
In this organization, multiple processing elements and multiple control units are
organized as in MISD. But the difference is that now in this organization multiple
instruction streams operate on multiple data streams. Therefore, for handling multiple
instruction streams, multiple control units and multiple processing elements are organized
such that multiple processing elements are handling multiple data streams from the Main
memoryas shown in Figure 7. The processors work on their own data with their own
instructions. Tasks executed by different processors can start or finish at different times.
They are not lock-stepped, as in SIMD computers, but run asynchronously. This
classification actually recognizes the parallel computer. That means in the real sense
MIMD organisation is said to be a Parallel computer. All multiprocessor systems fall under
this classification. Examples include; C.mmp, Burroughs D825, Cray-2, S1, Cray X-MP,
HEP, Pluribus, IBM 370/168 MP, Univac 1100/80, Tandem/16, IBM 3081/3084,


49
Is > 1
Ds > 1

Of the classifications discussed above, MIMD organization is the most popular for a
parallel computer. In the real sense, parallel computers execute the instructions in MIMD
mode.


50
STRUCTURE OF MULTIPROCESSOR OPERATING SYSTEM :


51


52


53
The simplest possible way to organize a multiprocessor operating system is to statically divide
memory into as many partitions as there are CPUs and give each CPU its own private memory
and its own private copy of the operating system. In effect, the n CPUs then operate
as n independent computers. One obvious optimization is to allow all the CPUs to share the
operating system code and make private copies of only the data.
This scheme is still better than having n separate computers since it allows all the machines to
share a set of disks and other I/O devices, and it also allows the memory to be shared flexibly.
For example, if one day an unusually large program has to be run, one of the CPUs can be
allocated an extra large portion of memory for the duration of that program. In addition, processes
can efficiently communicate with one another by having, say a producer be able to write data into
memory and have a consumer fetch it from the place the producer wrote it.
Still, from an operating systems' perspective, having each CPU have its own operating system is
as primitive as it gets.
It is worth explicitly mentioning four aspects of this design that may not be obvious. First, when a
process makes a system call, the system call is caught and handled on its own CPU using the
data structures in that operating system's tables.
Second, since each operating system has its own tables, it also has its own set of processes that
it schedules by itself. There is no sharing of processes. If a user logs into CPU 1, all of his
processes run on CPU 1. As a consequence, it can happen that CPU 1 is idle while CPU 2 is
loaded with work.
Third, there is no sharing of pages. It can happen that CPU 1 has pages to spare while CPU 2 is
paging continuously. There is no way for CPU 2 to borrow some pages from CPU 1 since the
memory allocation is fixed.
Fourth, and worst, if the operating system maintains a buffer cache of recently used disk blocks,
each operating system does this independently of the other ones. Thus it can happen that a
certain disk block is present and dirty in multiple buffer caches at the same time, leading to
inconsistent results. The only way to avoid this problem is to eliminate the buffer caches. Doing
so is not hard, but it hurts performance considerably.


54


55

For these reasons, this model is rarely used any more, although it was used in the early days of
multiprocessors, when the goal was to port existing operating systems to some new
multiprocessor as fast as possible. Here, one copy of the operating system and its tables are
present on CPU 1 and not on any of the others. All system calls are redirected to CPU 1 for
processing there. CPU 1 may also run user processes if there is CPU time left over. This model
is called master-slave since CPU 1 is the master and all the others are slaves.
The master-slave model solves most of the problems of the first model. There is a single data
structure (e.g., one list or a set of prioritized lists) that keeps track of ready processes. When a
CPU goes idle, it asks the operating system for a process to run and it is assigned one. Thus it
can never happen that one CPU is idle while another is overloaded. Similarly, pages can be
allocated among all the processes dynamically and there is only one buffer cache, so
inconsistencies never occur.
The problem with this model is that with many CPUs, the master will become a bottleneck. After
all, it must handle all system calls from all CPUs. If, say, 10% of all time is spent handling system
calls, then 10 CPUs will pretty much saturate the master, and with 20 CPUs it will be completely


56
overloaded. Thus this model is simple and workable for small multiprocessors, but for large ones
it fails.

Our third model, the SMP (Symmetric Multiprocessor), eliminates this asymmetry. There is one
copy of the operating system in memory, but any CPU can run it. When a system call is made,
the CPU on which the system call was made traps to the kernel and processes the system call.
This model balances processes and memory dynamically, since there is only one set of operating
system tables. It also eliminates the master CPU bottleneck, since there is no master, but it
introduces its own problems. In particular, if two or more CPUs are running operating system code
at the same time, disaster will result. Imagine two CPUs simultaneously picking the same process
to run or claiming the same free memory page. The simplest way around these problems is to
associate a mutex (i.e., lock) with the operating system, making the whole system one big critical
region. When a CPU wants to run operating system code, it must first acquire the mutex. If the
mutex is locked, it just waits. In this way, any CPU can run the operating system, but only one at
a time.


57
This model works, but is almost as bad as the master-slave model. Again, suppose that 10% of
all run time is spent inside the operating system. With 20 CPUs, there will be long queues of CPUs
waiting to get in. Fortunately, it is easy to improve. Many parts of the operating system are
independent of one another. For example, there is no problem with one CPU running the
scheduler while another CPU is handling a file system call and a third one is processing a page
fault.
This observation leads to splitting the operating system up into independent critical regions that
do not interact with one another. Each critical region is protected by its own mutex, so only one
CPU at a time can execute it. In this way, far more parallelism can be achieved. However, it may
well happen that some tables, such as the process table, are used by multiple critical regions. For
example, the process table is needed for scheduling, but also for the fork system call and also for
signal handling. Each table that may be used by multiple critical regions needs its own mutex. In
this way, each critical region can be executed by only one CPU at a time and each critical table
can be accessed by only one CPU at a time.
Most modern multiprocessors use this arrangement. The hard part about writing the operating
system for such a machine is not that the actual code is so different from a regular operating
system. It is not. The hard part is splitting it into critical regions that can be executed concurrently
by different CPUs without interfering with one another, not even in subtle, indirect ways. In
addition, every table used by two or more critical regions must be separately protected by a mutex
and all code using the table must use the mutex correctly.
Furthermore, great care must be taken to avoid deadlocks. If two critical regions both need
table Aand table B, and one of them claims A first and the other claims B first, sooner or later a
deadlock will occur and nobody will know why. In theory, all the tables could be assigned integer
values and all the critical regions could be required to acquire tables in increasing order. This
strategy avoids deadlocks, but it requires the programmer to think very carefully which tables
each critical region needs to make the requests in the right order.
As the code evolves over time, a critical region may need a new table it did not previously need.
If the programmer is new and does not understand the full logic of the system, then the temptation
will be to just grab the mutex on the table at the point it is needed and release it when it is no
longer needed. However reasonable this may appear, it may lead to deadlocks, which the user
will perceive as the system freezing. Getting it right is not easy and keeping it right over a period
of years in the face of changing programmers is very difficult.


58
PROCESS SYNCHRONIZATION :
Process synchronizationrefers to the idea that multiple processes are to join up or handshake at a
certain point, in order to reach an agreement or commit to a certain sequence of action. Data
synchronization refers to the idea of keeping multiple copies of a dataset in coherence with one
another, or to maintain data integrity. Process synchronization primitives are commonly used to
implement data synchronization.
Process synchronization is required when one process must wait for another to complete some
operation before proceeding. For example, one process (called a writer) may be writing data to a
certain main memory area, while another process (a reader) may be reading data from that area
and sending it to the printer. The reader and writer must be synchronized so that the writer does
not overwrite.


59

Queued locks may not be scalable
In NUMA, spin locks may lead to lock starvation
Sleep locks may be preferred to spin locks if the memory or network traffic
densities are high


60


61


62


63


64


65


66


67


68


69


70


71


72


73


74


75

SCHEDULING :
The process scheduling is the activity of the process manager that handles the removal of the
running process from the CPU and the selection of another process on the basis of a particular
strategy.
Process scheduling is an essential part of a Multiprogramming operating system. Such operating
systems allow more than one process to be loaded into the executable memory at a time and
loaded process shares the CPU using time multiplexing.
Scheduling Queues
Scheduling queues refers to queues of processes or devices. When the process enters into the
system, then this process is put into a job queue. This queue consists of all processes in the
system. The operating system also maintains other queues such as device queue. Device queue
is a queue for which multiple processes are waiting for a particular I/O device. Each device has
its own device queue.
This figure shows the queuing diagram of process scheduling.
Queue is represented by rectangular box.


76
The circles represent the resources that serve the queues.
The arrows indicate the process flow in the system.

Queues are of two types
Ready queue
Device queue
A newly arrived process is put in the ready queue. Processes waits in ready queue for allocating
the CPU. Once the CPU is assigned to a process, then that process will execute. While executing
the process, any one of the following events can occur.
The process could issue an I/O request and then it would be placed in an I/O queue.
The process could create new sub process and will wait for its termination.
The process could be removed forcibly from the CPU, as a result of interrupt and put back in the
ready queue.
Two State Process Model
Two state process model refers to running and non-running states which are described below.


77
S.N. State & Description
1
Running
When new process is created by Operating System that process enters into
the system as in the running state.
2
Not Running
Processes that are not running are kept in queue, waiting for their turn to
execute. Each entry in the queue is a pointer to a particular process. Queue is
implemented by using linked list. Use of dispatcher is as follows. When a
process is interrupted, that process is transferred in the waiting queue. If the
process has completed or aborted, the process is discarded. In either case,
the dispatcher then selects a process from the queue to execute.
Schedulers
Schedulers are special system softwares which handles process scheduling in various ways.Their
main task is to select the jobs to be submitted into the system and to decide which process to run.
Schedulers are of three types
Long Term Scheduler
Short Term Scheduler
Medium Term Scheduler
Long Term Scheduler
It is also called job scheduler. Long term scheduler determines which programs are admitted to
the system for processing. Job scheduler selects processes from the queue and loads them into
memory for execution. Process loads into the memory for CPU scheduling. The primary objective
of the job scheduler is to provide a balanced mix of jobs, such as I/O bound and processor bound.
It also controls the degree of multiprogramming. If the degree of multiprogramming is stable, then
the average rate of process creation must be equal to the average departure rate of processes
leaving the system.
On some systems, the long term scheduler may not be available or minimal. Time-sharing
operating systems have no long term scheduler. When process changes the state from new to
ready, then there is use of long term scheduler.
Short Term Scheduler
It is also called CPU scheduler. Main objective is increasing system performance in accordance
with the chosen set of criteria. It is the change of ready state to running state of the process. CPU
scheduler selects process among the processes that are ready to execute and allocates CPU to
one of them.


78
Short term scheduler also known as dispatcher, execute most frequently and makes the fine
grained decision of which process to execute next. Short term scheduler is faster than long term
scheduler.
Medium Term Scheduler
Medium term scheduling is part of the swapping. It removes the processes from the memory. It
reduces the degree of multiprogramming. The medium term scheduler is in-charge of handling
the swapped out-processes.

Running process may become suspended if it makes an I/O request. Suspended processes
cannot make any progress towards completion. In this condition, to remove the process from
memory and make space for other process, the suspended process is moved to the secondary
storage. This process is called swapping, and the process is said to be swapped out or rolled out.
Swapping may be necessary to improve the process mix.
Comparison between Scheduler
S.N. Long Term Scheduler Short Term Scheduler Medium Term Scheduler
1 It is a job scheduler It is a CPU scheduler
It is a process swapping
scheduler.
2
Speed is lesser than short
term scheduler
Speed is fastest among
other two
Speed is in between both
short and long term
scheduler.
3
It controls the degree of
multiprogramming
It provides lesser
control over degree of
multiprogramming
It reduces the degree of
multiprogramming.


79
4
It is almost absent or
minimal in time sharing
system
It is also minimal in time
sharing system
It is a part of Time sharing
systems.
5
It selects processes from
pool and loads them into
memory for execution
It selects those
processes which are
ready to execute
It can re-introduce the
process into memory and
execution can be
continued.
Context Switch
A context switch is the mechanism to store and restore the state or context of a CPU in Process
Control block so that a process execution can be resumed from the same point at a later time.
Using this technique a context switcher enables multiple processes to share a single CPU.
Context switching is an essential part of a multitasking operating system features.
When the scheduler switches the CPU from executing one process to execute another, the
context switcher saves the content of all processor registers for the process being removed from
the CPU, in its process descriptor. The context of a process is represented in the process control
block of a process.
Context switch time is pure overhead. Context switching can significantly affect performance as
modern computers have a lot of general and status registers to be saved. Content switching times
are highly dependent on hardware support. Context switch requires ( n + m ) bxK time units to
save the state of the processor with n general registers, assuming b are the store operations are
required to save n and m registers of two process control blocks and each store instruction
requires K time units.


80

Some hardware systems employ two or more sets of processor registers to reduce the amount of
context switching time. When the process is switched, the following information is stored.
Program Counter
Scheduling Information
Base and limit register value
Currently used register
Changed State
I/O State
Accounting

We'll discuss four major scheduling algorithms here which are following
First Come First Serve (FCFS) Scheduling
Shortest-Job-First (SJF) Scheduling
Priority Scheduling


81
Round Robin(RR) Scheduling
Multilevel Queue Scheduling
First Come First Serve (FCFS)
Jobs are executed on first come, first serve basis.
Easy to understand and implement.
Poor in performance as average wait time is high.

Wait time of each process is following
Process Wait Time : Service Time - Arrival Time
P0 0 - 0 = 0
P1 5 - 1 = 4
P2 8 - 2 = 6
P3 16 - 3 = 13
Average Wait Time: (0+4+6+13) / 4 = 5.55
Shortest Job First (SJF)
Best approach to minimize waiting time.


82
Impossible to implement
Processer should know in advance how much time process will take.

P0 3 - 0 = 3
P1 0 - 0 = 0
P2 16 - 2 = 14
P3 8 - 3 = 5
Priority Based Scheduling
Each process is assigned a priority. Process with highest priority is to be executed first and so
on.
Processes with same priority are executed on first come first serve basis.
Priority can be decided based on memory requirements, time requirements or any other resource
requirement.


83

P0 0 - 0 = 0
P1 3 - 1 = 2
P2 8 - 2 = 6
P3 16 - 3 = 13
Round Robin Scheduling
Each process is provided a fix time to execute called quantum.
Once a process is executed for given time period. Process is preempted and other process
executes for given time period.
Context switching is used to save states of preempted processes.


84

P0 (0-0) + (12-3) = 9
P1 (3-1) = 2
P2 (6-2) + (14-9) + (20-17) = 12
P3 (9-3) + (17-12) = 11
Multi Queue Scheduling
Multiple queues are maintained for processes.
Each queue can have its own scheduling algorithms.
Priorities are assigned to each queue.


85

MEMORY MANAGEMENT :
Memory management is the functionality of an operating system which handles or manages
primary memory. Memory management keeps track of each and every memory location either it
is allocated to some process or it is free. It checks how much memory is to be allocated to
processes. It decides which process will get memory at what time. It tracks whenever some
memory gets freed or unallocated and correspondingly it updates the status.
Memory management provides protection by using two registers, a base register and a limit
register. The base register holds the smallest legal physical memory address and the limit register
specifies the size of the range. For example, if the base register holds 300000 and the limit register
is 1209000, then the program can legally access all addresses from 300000 through 411999.


86

Instructions and data to memory addresses can be done in following ways
Compile time -- When it is known at compile time where the process will reside, compile time
binding is used to generate the absolute code.
Load time -- When it is not known at compile time where the process will reside in memory, then
the compiler generates re-locatable code.
Execution time -- If the process can be moved during its execution from one memory segment
to another, then binding must be delayed to be done at run time
Dynamic Loading
In dynamic loading, a routine of a program is not loaded until it is called by the program. All
routines are kept on disk in a re-locatable load format. The main program is loaded into memory
and is executed. Other routines methods or modules are loaded on request. Dynamic loading
makes better memory space utilization and unused routines are never loaded.
Dynamic Linking
Linking is the process of collecting and combining various modules of code and data into a
executable file that can be loaded into memory and executed. Operating system can link system
level libraries to a program. When it combines the libraries at load time, the linking is called static
linking and when this linking is done at the time of execution, it is called as dynamic linking.
In static linking, libraries linked at compile time, so program code size becomes bigger whereas
in dynamic linking libraries linked at execution time so program code size remains smaller.


87
Logical versus Physical Address Space
An address generated by the CPU is a logical address whereas address actually available on
memory unit is a physical address. Logical address is also known a Virtual address.
Virtual and physical addresses are the same in compile-time and load-time address-binding
schemes. Virtual and physical addresses differ in execution-time address-binding scheme.
The set of all logical addresses generated by a program is referred to as a logical address space.
The set of all physical addresses corresponding to these logical addresses is referred to as a
physical address space.
The run-time mapping from virtual to physical address is done by the memory management unit
(MMU) which is a hardware device. MMU uses following mechanism to convert virtual address to
physical address.
The value in the base register is added to every address generated by a user process which is
treated as offset at the time it is sent to memory. For example, if the base register value is 10000,
then an attempt by the user to use address location 100 will be dynamically reallocated to location
10100.
The user program deals with virtual addresses; it never sees the real physical addresses.
Swapping
Swapping is a mechanism in which a process can be swapped temporarily out of main memory
to a backing store , and then brought back into memory for continued execution.
Backing store is a usually a hard disk drive or any other secondary storage which fast in access
and large enough to accommodate copies of all memory images for all users. It must be capable
of providing direct access to these memory images.
Major time consuming part of swapping is transfer time. Total transfer time is directly proportional
to the amount of memory swapped. Let us assume that the user process is of size 100KB and
the backing store is a standard hard disk with transfer rate of 1 MB per second. The actual transfer
of the 100K process to or from memory will take
100KB / 1000KB per second
= 1/10 second
= 100 milliseconds


88

Memory Allocation
Main memory usually has two partitions
Low Memory -- Operating system resides in this memory.
High Memory -- User processes then held in high memory.
Operating system uses the following memory allocation mechanism.
S.N. Memory Allocation Description
1 Single-partition allocation
In this type of allocation, relocation-register
scheme is used to protect user processes from
each other, and from changing operating-
system code and data. Relocation register
contains value of smallest physical address
whereas limit register contains range of logical
addresses. Each logical address must be less
than the limit register.
2 Multiple-partition allocation
In this type of allocation, main memory is
divided into a number of fixed-sized partitions
where each partition should contain only one
process. When a partition is free, a process is
selected from the input queue and is loaded


89
into the free partition. When the process
terminates, the partition becomes available for
another process.
Fragmentation
As processes are loaded and removed from memory, the free memory space is broken into little
pieces. It happens after sometimes that processes can not be allocated to memory blocks
considering their small size and memory blocks remains unused. This problem is known as
Fragmentation.
Fragmentation is of two types
S.N. Fragmentation Description
1 External fragmentation
Total memory space is enough to satisfy a request
or to reside a process in it, but it is not contiguous so
it can not be used.
2 Internal fragmentation
Memory block assigned to process is bigger. Some
portion of memory is left unused as it can not be
used by another process.
External fragmentation can be reduced by compaction or shuffle memory contents to place all
free memory together in one large block. To make compaction feasible, relocation should be
dynamic.
Paging
External fragmentation is avoided by using paging technique. Paging is a technique in which
physical memory is broken into blocks of the same size called pages (size is power of 2, between
512 bytes and 8192 bytes). When a process is to be executed, it's corresponding pages are
loaded into any available memory frames.
Logical address space of a process can be non-contiguous and a process is allocated physical
memory whenever the free memory frame is available. Operating system keeps track of all free
frames. Operating system needs n free frames to run a program of size n pages.
Address generated by CPU is divided into
Page number (p) -- page number is used as an index into a page table which contains base
address of each page in physical memory.
Page offset (d) -- page offset is combined with base address to define the physical memory
address.


90

Following figure show the paging table architecture.

Segmentation
Segmentation is a technique to break memory into logical pieces where each piece represents a
group of related information. For example ,data segments or code segment for each process,


91
data segment for operating system and so on. Segmentation can be implemented using or without
using paging.
Unlike paging, segment are having varying sizes and thus eliminates internal fragmentation.
External fragmentation still exists but to lesser extent.

Address generated by CPU is divided into
Segment number (s) -- segment number is used as an index into a segment table which contains
base address of each segment in physical memory and a limit of segment.
Segment offset (o) -- segment offset is first checked against limit and then is combined with base
address to define the physical memory address.


92

FAULT TOLERANCE :
Fault tolerance or graceful degradation is the property that enables a system to continue
operating properly in the event of the failure of (or one or more faults within) some of its
components. If its operating quality decreases at all, the decrease is proportional to the severity
of the failure, as compared to a navely designed system in which even a small failure can cause
total breakdown. Fault tolerance is particularly sought after in high-availability or life-critical
systems.
A fault-tolerant design enables a system to continue its intended operation, possibly at a
reduced level, rather than failing completely, when some part of the system fails.
[1]
The term is
most commonly used to describe computer systems designed to continue more or less fully
operational with, perhaps, a reduction in throughput or an increase in response time in the event
of some partial failure. That is, the system as a whole is not stopped due to problems either in
the hardware or the software. An example in another field is a motor vehicle designed so it will
continue to be drivable if one of the tires is punctured. A structure is able to retain its integrity in
the presence of damage due to causes such as fatigue, corrosion, manufacturing flaws, or impact.
Fault tolerance is not just a property of individual machines; it may also characterise the rules by
which they interact. For example, the Transmission Control Protocol (TCP) is designed to allow
reliable two-way communication in a packet-switched network, even in the presence of
communications links which are imperfect or overloaded. It does this by requiring the endpoints


93
of the communication to expect packet loss, duplication, reordering and corruption, so that these
conditions do not damage data integrity, and only reduce throughput by a proportional amount.
Recovery from errors in fault-tolerant systems can be characterized as either roll-forward or roll-
back. When the system detects that it has made an error, roll-forward recovery takes the system
state at that time and corrects it, to be able to move forward. Roll-back recovery reverts the system
state back to some earlier, correct version, for example using check pointing, and moves forward
from there. Roll-back recovery requires that the operations between the checkpoint and the
detected erroneous state can be made idempotent. Some systems make use of both roll-forward
and roll-back recovery for different errors or different parts of one error.
Within the scope of an individual system, fault tolerance can be achieved by anticipating
exceptional conditions and building the system to cope with them, and, in general, aiming for self-
stabilization so that the system converges towards an error-free state. However, if the
consequences of a system failure are catastrophic, or the cost of making it sufficiently reliable is
very high, a better solution may be to use some form of duplication. In any case, if the
consequence of a system failure is so catastrophic, the system must be able to use reversion to
fall back to a safe mode. This is similar to roll-back recovery but can be a human action if humans
are present in the loop.


94


95


96


97


98

UNIX OPERATING SYSTEM :
Unix is a multitasking, multiuser computer operating system that exists in many variants. The
original Unix was developed at AT&T'sBell Labs research center by Ken Thompson, Dennis
Ritchie, and others. From the power user's or programmer's perspective, Unix systems are
characterized by a modular design that is sometimes called the "Unix philosophy," meaning the
OS provides a set of simple tools that each perform a limited, well-defined function, with a
unified filesystem as the main means of communication and a shell scripting and command
language to combine the tools to perform complex workflows.
The C programming language was designed by Dennis Ritchie as a systems programming
language for Unix, allowing for portability beyond the initial PDP-11 development platform and the
use of Unix on numerous computing platforms.
During the late 1970s and 1980s, Unix developed into a standard operating system for academia.
AT&T tried to commercialize it by licensing the OS to third-party vendors, leading to a variety of
both academic (e.g., BSD) and commercial variants of Unix (such asXenix) and eventually to the
"Unix wars" between groups of vendors. AT&T finally sold its rights in Unix to Novell in the early
1990s.


99
The history of Unix dates back to the mid-1960s when the Massachusetts Institute of
Technology, AT&T Bell Labs, and General Electric were developing an experimental time
sharing operating system called Multics for the GE-645 mainframe. Multics introduced many
innovations, but had many problems. Bell Labs, frustrated by the size and complexity of Multics
but not the aims, slowly pulled out of the project. Their last researchers to leave Multics, Ken
Thompson, Dennis Ritchie, M. D. McIlroy, and J. F. Ossanna,
[11]
decided to redo the work on a
much smaller scale.


100


101


102


103
The UNIX operating system is made up of three parts; the kernel, the shell and the programs.
The kernel
The kernel of UNIX is the hub of the operating system: it allocates time and memory to
programs and handles the filestore and communications in response to system calls.
As an illustration of the way that the shell and the kernel work together, suppose a user
types rm myfile (which has the effect of removing the filemyfile). The shell searches the
filestore for the file containing the program rm, and then requests the kernel, through system
calls, to execute the program rm on myfile. When the process rm myfile has finished
running, the shell then returns the UNIX prompt % to the user, indicating that it is waiting for
further commands.
The shell
The shell acts as an interface between the user and the kernel. When a user logs in, the login
program checks the username and password, and then starts another program called the
shell. The shell is a command line interpreter (CLI). It interprets the commands the user types
in and arranges for them to be carried out. The commands are themselves programs: when
they terminate, the shell gives the user another prompt (% on our systems).
The adept user can customise his/her own shell, and users can use different shells on the
same machine. Staff and students in the school have thetcsh shell by default.
The tcsh shell has certain features to help the user inputting commands.
Filename Completion - By typing part of the name of a command, filename or directory and
pressing the [Tab] key, the tcsh shell will complete the rest of the name automatically. If the
shell finds more than one name beginning with those letters you have typed, it will beep,
prompting you to type a few more letters before pressing the tab key again.
History - The shell keeps a list of the commands you have typed in. If you need to repeat a
command, use the cursor keys to scroll up and down the list or type history for a list of
previous commands.


104
Files and processes
Everything in UNIX is either a file or a process.
A process is an executing program identified by a unique PID (process identifier).
A file is a collection of data. They are created by users using text editors, running compilers
etc.
Examples of files:
a document (report, essay etc.)
the text of a program written in some high-level programming language
instructions comprehensible directly to the machine and incomprehensible to a casual
user, for example, a collection of binary digits (an executable or binary file);
a directory, containing information about its contents, which may be a mixture of other
directories (subdirectories) and ordinary files.
The Directory Structure
All the files are grouped together in the directory structure. The file-system is arranged in a
hierarchical structure, like an inverted tree. The top of the hierarchy is traditionally
called root (written as a slash / )

In the diagram above, we see that the home directory of the undergraduate
student "ee51vn" contains two sub-directories (docs and pics) and a file called report.doc.


105
AMOEBA :
Amoeba was a distributed operating system developed by Andrew S. Tanenbaum and others at
the Vrije Universiteit. The aim of the Amoeba project is to build a timesharing system that makes an
entire network of computers appear to the user as a single machine. Development at the Vrije
Universiteit was stopped: the files in the latest version (5.3) were last modified on 12 February 2001.
Recent development is carried forward by Dr. Stefan Bosse at BSS Lab.
The system uses FLIP as a network protocol.
The Python programming language was originally developed for this platform.


106


107


108

Process concept:
Amoeba supports traditional process concept
Processes consists of several threads (at least one)
Each thread has his own registers, Instruction Pointer, stack; but all threads of a process
share the same memory region
Example: File server. Each request is handled by one thread, but all threads use the
same cache; synchronization through Mutex and Semaphores


109


110


111

System Programming Unit-5 by Arun Pratap Singh

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

System Programming Unit-5 by Arun Pratap Singh

Încărcat de

Drepturi de autor:

Formate disponibile

UNIT : V

S-ar putea să vă placă și