Registers Running an instruction Scheduling

GP: used by programs for operands
(* + - /) + pointers (can be anything)
SP: special functions
Memory Address Register (MAR)
for fetching memory addresses
Program Counter (PC)
memory address of next instruction
Program Status Word (PSW)
execution mode bit
kernel = 0, user = 1
Memory Boundaries (MEM)
boundary of current process
Stack Pointer (SP)
points to top of stack
- use MAR to get instruction from Critical Region: region of program where shared resources are ac-
memory cessed
- decode instruction into operands + Race condition: processes/threads having different results based on
operators who accesses critical region first
- execute Fixed by Mutual Exclusion: only one process at a time in critical re-
instruction gion (lock (optional to use TLS hardware), other process busy waits
until lock == 0)
Creates Priority Inversion Problem: if p1 is waiting for lock and has
higher priority than p2 inside critical region, will busy wait forever
Fixed by Strict Alteration: take turns running in critical region (turn
switching after each access)
Yield Mutex: allow other process to run while waiting for lock

Call Instruction Ret Instruction Context

- store current values at SP - restore register values from stack Switching
- store return address (entry point - load PC with return address on stack
after subroutine) on stack - decrement SP to previous stack
- load PC with entry point to subrou-
tine
- increment SP to new top of stack
Pre-emptive Scheduling:
- let process run for quantum
- if still running at end of quantum, use clock interrupts to get control
- swap out and do context switching
FIFS: run in order processes arrive
SJF: processes with shortest estimated CPU usage put to top of
queue
Round Robin: FIFS with quantums
Priority Scheduling:
- each process has priority, highest first
- decrease priorities by CPU time spent to avoid starvation
Multi-level feedback queue: multiple queues stacked with bigger
and bigger quantums (2,4,8,etc)
User mode: no privileged instruc- - fed down queues so I/O done straight away while CPU-bound grad-
tions, only OS-allowed memory ually get more and more time
Kernal Mode: all instructions, all
memory (part of OS runs in kernel Memory Management
mode for management) Logical Address = Base + Limit Registers
Interrupts: events that stop CPU - Base = start of physical memory of process (is a physical address)
from executing next instruction—CPU enters kernel mode and executes OS - Limit = max logical memory address allowed to a process
interrupt handler (specified by interrupt vector) MMU—translates logical address to physical address
System Calls: user process asking OS for privileged access - checks logical address < Limit, if so physical address = logical + base
- switches to kernel mode and starts execution at fixed address - needs contiguous memory allocation + entire process must fit in
- control may be returned to user on completion, depends who else wants physical memory at once
Memory Allocation: keep track using linked list of blocks of memory
Processes (running programs) - First-fit = fit memory into first gap that is big enough
PCB: stores pro- - Best-fit = search entire list for gap that fits best
cess environment - Worst-fit = search entire list for gap that fits worst
info (process ID, Memory Deallocation: swap out processes as needed
state, parent, etc) - now total memory of all processes can be bigger than the physical
- update/merge memory nodes if empty after dealloc
Multiprogram- External Fragmentation: small holes created in lists since can’t exact-
ming: multiple processes can share CPU by quickly switching between ly fit process memory in
- isolated environments, slow communication and switching

(2m bits total)

Threads (bits of a process)
Execution context of a process—abstracts the CPU
Same shared process heap, but individual thread stacks
TCB: thread context data (thread ID, pro- Paged Memory: break up process memory into fixed-size pages,
cess PCB, SP + PC of process, etc) physical memory into frames of same size
Multithreading: multiple parts of process - pages now fit perfectly into frames
can share CPU - process can only have needed pages of memory allocated, can now
- threads that are waiting for I/O now won’t be bigger than physical memory itself
block whole process Internal Fragmentation: can’t fully fill up pages with process
- fast communication and switching - larger page size = more frags but faster to traverse
- process runs faster if using multi-core CPU, - smaller page size = less frags but slower to traverse
can have thread per core - (CPU speed vs memory efficiency)
Memory Management (cont’d)
Page Table: track pages + allocated frames, translate page to frame
- [p|d] -> [f|d]
- present bit = if doesn’t have frame, page fault if accessed
- referenced bit = if page has been accessed
- modified bit = if page has been modified
Paged MMU: sends page offset d to memory, page table translates p
Page Fault: put page in next free frame or replace, restart process at
fault
Page Replacement Algorithms:
- FIFO = first in first out
- Second-chance = FIFO but if page is referenced, send to tail and try
again
- LRU = evict least recently used, approximated by aging bit counter
(shift right every cycle, evict page with lowest—if too short is bad)
Temporal Locality—if process uses memory address, will use again
Spatial Locality—if process uses memory address, will use nearby
addresses soon
Translation Lookaside Buffer—hardware cache to store recently used
page’s physical ad-
dresses (saves time
translating through
page table)
- valid bit for each
page address, invali-
dated if swapped or
context switched
- if not in TLB (miss),
translate in page table
and copy over
Secure Communication
Want confidentiality + authentication + integrity
Encryption: confidentiality
- AES = breaks data into blocks and encrypts separately
- ECB = each blocked encrypted/decrypted using same key (but
patterns emerge, susceptible to replay attacks)
- Symmetric Encryption = same key for encryption/decryption
- Asymmetric Encryption = public key to encrypt, private key to de-
crypt (bad for encrypting large messages, is inefficient)
- Hybrid Encryption = shared secret key generated from public key
(combines fast unsecure symmetric with slow secure asymmetric)
MAC: integrity (usually a fixed-length hash function)
- uses shared secret key, generates tag = mac(m, Ks)
- send (plaintext) message and tag, verify tag by mac of message + Ks
Digital Signatures: verification (hash message if too long, asymmetric)
- sign message using private signing key, verify with public verify key
- send sign(m, Ksign) + message, receiver can verify using public key
Authenticated Encryption: encrypt then MAC
Digital Certificate: verify public key is real
- self-signed CA’s bind person to their public key
Open Systems Interconnection (OSI) Model
Application Layer: Domain Name System (DNS)
Maps domain names to IP addresses (not case sensitive, back-to-front)
Resource Records: instructions for DNS, held in authoritative DNS servers
- A = IPv4, AAAA = IPv6, MX = mail server, NS = name server, CNAME
Name Server Zones: translates domain name to IP, domain request sent up
hierarchy (returns if cached—may go all the way to root)
- top-level DNS servers: .org, .com, etc
- other authoritative: organisation DNS servers ran internally by or ISPs
- local DNS servers: ISPs have default name servers to handle queries + for-
ward requests (min 2 per ISP)
- root name servers: contains all top-level domain names, last line of defence
Application Layer: Hypertext Transfer Protocol (HTTP)
URL: scheme:[//[user[:password]@]host[:port]][/path][?query][#fragment]
- nobody uses user\password anymore in URL, not secure at all
WWW: all websites/pages that can be publicly accessed
HTTP: gets resources asked for by URLs, allows hyperlinks
- client initiates TCP connection on port 80
- server accepts, browser/client asks for objects as needed
Response codes: 1xx info, 2xx success, 3xx redirection, 4xx client error, 5xx
server error
HTTP 1.0: single-use
connection, only loads
one object (2 requests
needed per object—
one to initiate new
connection each time,
OS overhead)
HTTP 1.1: persistent
connection (loads as
many object as you
like)
- allows pipelining (don’t need to wait for response before sending more
requests)
HTTP 2: decrease latency, do multiplexing + compression
HTTP 3: decrease latency, over QUIC
HTTPS: run over TLS, adds encryption
Web cache: browser caches website page, checks if not expired/modified
before loading
Web server: multi-threaded server, thread per request
- get requested data from cache/disk, log request for security
Application Layer: Email
User Agents encapsulate mail, MTAs send email to server (which then uses
own MTA to send to destination)
SMTP: slow reliable delivery service over TCP port 25, lots of back-and-forth
- only allows 7-bit ASCII, gets email from client to server using MTAs
MIME: converts complex attachments (e.g. images) to ASCII for SMTP
- extra headers: version, [content:] description, id, transfer encoding, type
Receiving emails:
- local server that is always up
- POP3: can download from mail server (most work offloaded to user)
- HTTP: gmail, outlook, etc (retrieve + compare + manage, online)
- IMAP: can query mail server (retrieve + manage, most work on server)

Transport Layer: Sockets

Creates pipe between client and server (client = whoever started socket)
2 sockets per interfaced
Listening socket = half socket [protocol, local IP, local port no.]
Connection socket = full socket
[half socket, remote IP, remote
port no.]
Blocking wait until more data
sent, Non-blocking read data
that has arrived

- can only interact with immediate layer above/below TLS: encrypts plain text data of
sockets, extra step to set up
- provide service to layer above (email, file sharing, etc)
crypto at start
- protocols define format for talking to entities in same layer - runs on top of transport layer
TCP/IP Model: Application, Transport, Internet/Network, Link (how HTTPS works)
Transport Layer: User Datagram Protocol (UDP)
Sends datagrams over IP, connectionless
- datagram = packet that is purely data, no connection set up
- 3-tuple sockets, 5-tuple packets
- simple + efficient thanks to small headers
- unreliable since no error + flow control + no resending bad packets
- only ever guessing client/server are same connection
- client: dynamic port <-> server: well-known port
Multiplexing: combine streams into single for IP, split out afterwards
- port numbers specify well-known port of server it wants
- servers spawned on packet request, don’t need to be always up
Ports: 0-65535, well-known (0-1023), registered (1024-49151), rest
are dynamic (for clients)
Transport Layer: Transmission Control Protocol (TCP)
Reliably sends data/segments over IP, connection-oriented
- data given to TCP in byte streams, converts to segments (can’t tell
where data ends—data reconstructed by other TCP entities using the
headers)
- data sent both ways simultaneously => fully duplex
Buffering segments: reduces header overhead, more latency
- buffers data by waiting until buffer full or timer runs out
- buffer size for segments decided per entity, constrained by Max
Transfer Unit of 1500 and IP header payload of 65535
Transport Layer: TCP Three-way Handshake
Ensure only one connection is active
Sequence number: ++length of data sent, set initially by agreed-upon
sequencing strategy (e.g. random)
Acknowledge number: last received sequence number
- always acknowledge received segments, even if not sending any-
thing
Flags:
- SYN = 1 if doing handshake
- ACK = 0 if entity initiating connection
- FIN: soft close, still receive data but not sending anymore
- RST: hard close, no more data accepted
Transport Layer: TCP Sliding Window
Controls how much data to send/receive based on whether its processed
Window Size: header in TCP, how much data left in receiver’s buffer
- if full, sender waits until enough space for next segment
- can still send ACK packets with no data, zero window probes so the receiver
re-announces the ack number and Window Size
Window Update: receiver tells sender packets are now all read, send more
Persist Timer: start on sender receiving zero-size window, periodically send
zero window probes
- can also send urgent (priority) segments using URG flag
Segment Loss: repeat ACK of last in-order packet for every received segment
- after 3 duplicate packets (4 identical ACKs), sender can be sure of loss and
resend lost packet
Go-back-N: retransmit everything again from lost packet
- receiver doesn’t need to store packets but can cause buffer overflow
Selective Repeat: only send lost packet (fast retransmit)
- receiver must store packets since packets can arrive out of order
Transport Layer: TCP Congestion Control
CWND: additional window at sender that dynamically changes size
- sender uses whichever is smallest, sender window or congestion window
Slow-Start: initially CWND = max size of a segment
- size doubled if all segments in window ACKed
- if segment lost, halve size of CWND and begin Slow-Start again
- if timeout of size threshold hit, increment by 1 instead
ECE: if received segment has ECE flag, act as if lost a segment and put CWR
flag in next sent segment
- means receiver buffer is about to overflow
- layer violation, flags supported by IP
Network Layer: Packet Forwarding
Gets data end-to-end, network code mostly ran over routers
Connectionless: Datagram Network (IP)
- routers know other routers around them
- use routing algorithm to get packet to destination (treats each packet indi-
vidually, packet switched network)
- each router holds full routing table that is updated dynamically
Connection-Oriented:
Virtual Circuit
- each node acts as single
link of network with a
defined path to all nodes
- each router holds small
set routing table, says where to go next if want node x
Network Layer: Internet Protocol (IP)
Performs routing algorithms, best effort to destination for packet
- negotiate parameters at runtime, want scalability + flexibility
- redundancy paths in place for packets
- 2 addresses used per network for network interface + broadcasting
IPv4: 32-bits in 4 parts, 0.0.0.0 -> 255.255.255.255
- IP address = network.host, hierarchical, given to network interfaces
- need a network mask of 1’s to figure out which is network and
which is host (e.g. 128.250.0.0/19, /19 prefix means 13 bits available
for host, 213 possible)
Route Aggregation: can automatically let prefixes overlap in routers’
internal routing tables
- halves size of routing table, longest prefix selected
IPv6: 128-bits in 8 parts, 8000::123:4567:89AB:CDEF
- improved security, smaller header => faster
- backwards-compatible with IPv4, ::ffff:192.31.2.46
Network Layer: Routing
Delay vs Bandwidth: simple, minimise number of hops for packet
- reduces packet bandwidth + improves delay
- hopefully also reduces distance travelled (not guaranteed)
Static Routing Algorithms: calculated at boot for all possible paths,
does not adapt to network topology (bad if a router fails)
Dynamic Routing Algorithms: adapts to topology, optimises based on
a chosen weight (e.g. distance, hops, etc)
Flooding: simplest adaptive routing, inefficient but robust
- forward received packets to all other immediate neighbours
- finds shortest path but lots of conges-
tion + duplicate packets
Bellman’s Optimality Principle: if J on
optimal path from I to K, path from J to
K is also optimal (not true for different
weighting nor negative weights)
Sink Tree: best paths form a tree to/
from chosen node
Dijkstra’s: unseen, open = visited its
neighbour, closed = visited
- select node with lowest cost as new
root node
- update cost of node if better cost
found
- shortest path found once destination
closed
Link State Routing: find current network topology, only for dynamic
- each router maintains map of network topology
- send HELLO packet to find neighbour, must respond with ID
- find weight through ECHO packet or 1/bandwidth (auto or manual)
- use Flooding, every other router guaranteed to receive update
- avoid waste by only accepting if sequence number (32-bit) larger
- age decremented every second, discarded at 0 (fixes problem of
routers crashing and restarting sequence number at 0—will send
round to everyone otherwise, )
- updates all routers on router failure
Network Layer: Border Gateway Protocol (BGP)
Protocol for collections of networks (ASes), e.g. Google
- determines best network routes for entire internet, BGP routes advertised
(typically by ISPs) to neighbouring ASes and spread across internet
- operates with manual oversight, peering rules + have to consider politics,
e.g. don’t want to go through North Korea routes, ISPs don’t want other ISP
traffic on their network, no commercial traffic on academic networks
- Bellman’s Optimality Principle fails here due to this, can’t always do short-
est path
- provider advertises routes for entire internet, customer pays to use
- peers can agree to move each other’s traffic for free
BGP Attacks: can maliciously advertise incorrect routes, or ones redirecting to
malicious websites
Network Layer: Subnetting
Break up internet into smaller networks (subnets)
Use subnet mask to find which subnet to send to, bitwise AND with mask of
each subnet to see if matches afterwards (external doesn’t need to know it)
Changes can be made to subnets without external impact, routing only chang-
es internally not externally
Network Layer: Internet Control Protocols (ICPs)
Data Plane vs Control Plane: network protocols don’t actually really form a
single stack, e.g. BGP on network uses TCP for updates
- think of them as different planes of protocols
- Data Plane: packet
processing/forwarding
- Control Plane:
choosing routes
- Management Plane:
setting BGP policies
Internet Control Message Protocol (ICMP): e.g. PING messages uses ECHO
- Traceroute exploits Time Exceeded message, increments TTL (no. hops) for
each successful hop—returns IP address at each hop in message
Dynamic Host Configuration Protocol (DHCP): each host/interface needs
unique IP address, DHCP does automatically
- host broadcasts DHCP DISCOVER using UDP
- DHCP responds with DHCP OFFER with unique IP address on a lease, expires
after set amount of time
MAC Address: every network interface has globally unique ID
- DHCP sends new IP address over network layer to host identified by MAC
Address Resolution Protocol (ARP): link between internet and underlying
network, translates IP to MAC
- broadcasts packet asking who owns target IP address (everyone can see)
- owner responds with MAC address
- run a lot, e.g. to figure out how to talk to nearest router
- simple but security nightmare, no authentication
- ARP spoofing is gateway attack for most man-in-the-middle attacks (can just
say IP address is mine, but need to be on same local network)