File Management
Uploaded by
Okorie Chinedu PFile Management
Uploaded by
Okorie Chinedu PlOMoARcPSD|12193041
File Management - Daniel self prepared lecture notes.
Operating Systems (Monash University)
Studocu is not sponsored or endorsed by any college or university
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
File Management
A file management system is a type of software that manages data files in a computer
system. It has limited capabilities and is designed to manage individual or group
files, such as special office documents and records. It may display report details,
like owner, creation date, state of completion and similar features useful in an office
environment. A file management system is also known as a file manager.
Terms
File manager
In general, file manager refers to a software program that is often a portion of the
operating system that helps a user manage all the files on their computer. For
example, all file managers allow the user to view, edit, copy, and delete the files on
their computer. File Manager is a program included with Windows that enabled
users to manage their files on the computer. A file manager or file browser is a
computer program that provides a user interface to manage files and folders. The
most common operations performed on files or groups of files include creating,
opening (e.g. viewing, playing, editing or printing), renaming, moving or copying,
deleting and searching for files, as well as modifying file attributes, properties and
file permissions. Folders and files may be displayed in a hierarchical tree based on
their directory structure. Some file managers contain features inspired by web
browsers, including forward and back navigational buttons. Some file managers
provide network connectivity via protocols, such as FTP, NFS, SMB or WebDAV. This
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
is achieved by allowing the user to browse for a file server (connecting and
accessing the server's file system like a local file system) or by providing its own full
client implementations for file server protocols.
File manager functions
• Identify and locate a selected file
• Use a directory to describe the location of all files plus their attributes
• On a shared system describe user access control
• Blocking for access to files
• Allocate files to free blocks
• Manage free storage for available blocks
Objectives for a File Management
To meet the management requirements of the user.
To guarantee the data in file are valid.
To optimize performance of the file access.
To support for a variety of storage device type.
Meet the data management needs and requirements of the user
To eliminate the potential for lost data.
To provide a standardized set of I/O interface.
2
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
To provide I/O support for multiple users.
Guarantee that the data in the file are valid
Optimize performance
Provide I/O support for a variety of storage device types
Minimize or eliminate the potential for lost or destroyed data
Provide a standardized set of I/O interface routines
Provide I/O support for multiple users
File systems
A file system is the methods and data structures that an operating system uses to
keep track of files on a disk or partition; that is, the way the files are organized on the
disk. The word is also used to refer to a partition or disk that is used to store the files
or the type of the file system.
Naming
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
FAT
Part of a hard disk where the size and location (and other items of information) of
every file on that disk is recorded for fast access by the computer's operating
system.
FAT features
i. It supports up to 2 Terabytes in size.
ii. Uses space more effectively
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
iii. It is more robust and is more flexible
iv. FAT mirroring can be disabled
v. These features allow for dynamic resizing of partitions.
FAT volume layout
A FAT volume is divided into several regions, which are shown in Figure 12-2. The
file allocation table, which gives the FAT file system format its name, has one entry
for each cluster on a volume. Because the file allocation table is critical to the
successful interpretation of a volume's contents, the FAT format maintains two copies
of the table so that if a file system driver or consistency-checking program (such as
Chkdsk) can't access one (because of a bad disk sector, for example) it can read
from the other.
NTFS File System
NTFS offers major improvements over FAT in the areas of performance, reliability
and compatibility. It is designed to perform standard file operations such as read,
write, and search rapidly on very large hard disks.
The NTFS file system includes security features required for file servers in a
corporate environment and it supports data access control and ownership
privileges. NTFS files and folders can have permissions assigned whether they are
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
shared or not. NTFS is the only Microsoft file system that allows permissions to be
assigned to individual files.
The NTFS design is simple but powerful. Everything on an NTS volume is a file and
everything in a file is an attribute, e.g.: data attribute, security attribute, file name
attribute, etc. Every allocated sector on an NTFS volume belongs to some file.
Features of NTFS
NTFS multiple data streams
NTFS supports multiple data streams, where the stream name identifies a new data
attribute on the file.
NTFS Compressed Files
With compression it is possible to store most files in a way that they take up less
space on the disk than they normally would.
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
NTFS Security and Encryption
All the recourses in a system are treated as objects. Any user who wants access to
these objects should have the right to do so. This feature cannot be overridden in
any way, including attempt to view the volume through another operating system.
One of the security features is encryption. The Encrypting File System provides the
core file encryption technology used to store encrypted files on NTFS volumes and
thus cannot be read by another NT installation. In combination with a standard and
very much safe password on the system itself, this possibility provides the safety of
files selected by the user. If an intruder tries to access, open, read, copy, move or
rename the encrypted file or folder, he/she receives an access denied message.
NTFS Sparse File
A sparse file has an attribute that causes the I/O subsystem to allocate only
meaningful data. Nonzero data is allocated on disk, and non-meaningful data is not.
When a sparse file is read, allocated data is returned, as it was stored; non-allocated
data is returned, by default, as zeros. NTFS deallocates sparse data streams and only
maintains other data as allocated. When a program accesses a sparse file, the file
system yields allocated data as actual data and deallocated data as zeros.
The advantages of NTFS
i. NTFS uses Unicode to save filenames. It was impossible to read or access files
in FAT that contains non-Latin symbols, if you switched to another encoding.
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
ii. NTFS has a built-in security system which controls sharing of files between
users.
iii. NTFS can encrypt and decrypt files and folders while reading or writing them.
iv. It can compress and decompress individual files and folders just as easily.
v. It introduces user quotas, allowing administrators to control disk usage, thus
preventing unfair behavior when a user grabs all available disk space for his
or her needs and deprives all the other users.
vi. NTFS can successfully deal with very large files and partitions.
Disadvantages
NTFS volume layout structure
Partition boot sector
A boot sector or boot block is a region of a hard disk, floppy disk, optical disc, or
other data storage device that contains machine code to be loaded into random-
access memory (RAM) by a computer system's built-in firmware. The purpose of a
boot sector is to allow the boot process of a computer to load a program (usually, but
not necessarily, an operating system) stored on the same storage device.
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Master file table
The master file table (MFT) is a database in which information about every file and
directory on an NT File System (NTFS) volume is stored. There is at least one record
for every file and directory on the NTFS logical volume.
System files
Where executable files (in machine language) that are part of the operating system
or other control program are stored.
File area
Where application file are stored in the hard disk.
File Management Techniques
Directory implementation
In computing, a directory is a file system cataloging structure which contains
references to other computer files, and possibly other directories.
A directory serves as a collection data structure for files; conceptually, it behaves as
precisely that a place for listing and locating files. Internally, directories themselves
reside in disk blocks. On many computers, directories are known as folders or
drawers to provide some relevancy to a workbench or the traditional office file
cabinet. Files are organized by storing related files in the same directory. In a
hierarchical file system, a directory contained inside another directory is called a
subdirectory.
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
The choice of the directory implementation is crucial for the efficiency,
performance, and reliability of the file system.
Directories are implemented in two ways.
Linear list
Where each entry referring to a file in that directory
Advantages
Simple to program
Disadvantages
Time-consuming to execute
Hash table
Hash tables are unordered structures; you would typically sort them in
memory to list a whole directory.
Advantages
Fasterfile search
Disadvantages
Decreases directory search time
10
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
File allocation methods
File allocation method refers to how disk blocks are allocated for files:
Contiguous allocation
Contiguous allocation maps a file to a linear sequence of blocks on the disk.
Contiguous allocation supports sequential and direct access well, but is very prone
to external fragmentation and requires prior file size knowledge. Each file occupies
a set of contiguous blocks on the disk.
Advantages
Simple – only starting location (block #) and length (number of blocks) are
required
Random access
Disadvantages
Wasteful of space
Files cannot grow
11
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Linked allocation
Linked allocation treats disk blocks as nodes on a linked list. A file’s directory entry
serves as the list head, and each disk block stores a pointer to the next disk block.
Each file is a linked list of disk blocks: blocks may be scattered anywhere on the
disk.
It is Simple – need only starting address.
Advantages
No waste of space
No random access
No external fragmentation, no need for no need to know the file size in
advance or with files that grow over time
Disadvantages
Very difficult to implement direct access
12
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
High relative fragility of a linked list (i.e., one bad pointer screws everything
up).
cost is increased overhead
Indexed allocation
Indexed allocation uses an index block, which resembles the page tables used for
main memory management. Each file has an index block, and this index block
contains all of the pointers to the file’s data blocks. The file’s directory entry points
to its index block. Like linked allocation, indexed allocation addresses external
fragmentation and file size issues, but may actually have more overhead — the index
block itself particularly for small files (because even a zero length file uses up at
least one disk block).
13
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Advantages
Does not suffer from external fragmentation
Much more effective for direct access
Disadvantages
Inefficient for small files
Directory Levels
Single-Level Directory
In this type of directory system, there is a root directory which has all files. It has a
simple architecture and there are no sub directories. Advantage of single level
14
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
directory system is that it is easy to find a file in the directory. This type of directory
system is used in cameras and phones.
Two Level or Hierarchical directory system
In a hierarchical directory system, files are grouped together to form a sub
directory. At the top of the hierarchy is the root directory and then there are sub
directories which has files.
Advantages
Users can be provided access to a sub directory rather than the entire
directory.
Provides a better structure to file system
Managing millions of files is easy with this architecture.
15
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Tree-structured directory
It is an extension to the two-tiered directory structure, and the one with which we are
all most familiar. Each user / process has the concept of a current directory from
which all files may be accessed using either absolute pathnames or relative
pathnames. Directories are stored the same as any other file in the system, except
there is a bit that identifies them as directories, and they have some special structure
that the OS understands.
Acyclic-Graph Directories
Have shared subdirectories and files
16
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
General Graph Directory
17
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
File Sharing
File sharing is the practice of sharing or offering access to digital information or
resources, including documents, multimedia, graphics, computer programs, images
and e-books. It is the private or public distribution of data or resources in a network
with different levels of sharing privileges. Operating systems also provide file-
sharing methods, such as network file sharing (NFS).
The file system should provide a flexible tool for allowing extensive file sharing
among users.
Access Rights
These are permissions by users to access files in a system. The file system should
provide a number of options so that the way in which a particular file is accessed can
be controlled. Typically, users or groups of users are granted certain access rights
to a file. A wide range of access rights has been used. The following list is
representative of access rights that can be assigned to a particular user for a
particular file:
None
The user may not even learn of the existence of the file, much less access it. To
enforce this restriction, the user would not be allowed to read the user directory that
includes this file.
18
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Knowledge
The user can determine that the file exists and who its owner is. The user is then able
to petition the owner for additional access rights.
Execution
The user can load and execute a program but cannot copy it. Proprietary programs
are often made accessible with this restriction.
Reading
The user can read the file for any purpose, including copying and execution. Some
systems are able to enforce a distinction between viewing and copying. In the
former case, the contents of the file can be displayed to the user, but the user has no
means for making a copy.
Appending
The user can add data to the file, often only at the end, but cannot modify or delete
any of the file’s contents. This right is useful in collecting data from a number of
sources.
Updating
The user can modify, delete, and add to the file’s data. This normally includes
writing the file initially, rewriting it completely or in part, and removing all or a
portion of the data. Some systems distinguish among different degrees of updating.
19
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Changing protection
The user can change the access rights granted to other users. Typically, this right is
held only by the owner of the file. In some systems, the owner can extend this right
to others. To prevent abuse of this mechanism, the file owner will typically be able to
specify which rights can be changed by the holder of this right.
Deletion
The user can delete the file from the file system. These rights can be considered to
constitute a hierarchy, with each right implying those that precede it. Thus, if a
particular user is granted the updating right for a particular file, then that user is also
granted the following rights: knowledge, execution, reading, and appending.
User Access Rights
Specific User
Owner All
Users Groups
usually the
initial creator of all users who
the file have access to
this system
individual users a set of users
who are who are not
has full rights
designated by individually
user ID defined
these are public
may grant rights files
to others
20
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
One user is designated as owner of a given file, usually the person who initially
created a file. The owner has all of the access rights listed previously and may grant
rights to others. Access can be provided to different classes of users:
Specific user
Individual users who are designated by user ID
User groups
A set of users who are not individually defined. The system must have some
way of keeping track of the membership of user groups.
All
All users who have access to this system. These are public files.
Mode of access
Read
Write
Execute
Disk space management
File systems allocate space in a granular manner, usually multiple physical units on
the device. The file system is responsible for organizing files and directories, and
keeping track of which areas of the media belong to which file and which are not
being used.
This results in unused space when a file is not an exact multiple of the allocation unit.
The size of the allocation unit is chosen when the file system is created. Choosing the
21
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
allocation size based on the average size of the files expected to be in the file system
can minimize the amount of unusable space. Frequently the default allocation may
provide reasonable usage. Choosing an allocation size that is too small results in
excessive overhead if the file system will contain mostly very large files.
Disk space management methods
The major methods of allocating disk space are:
Continuous
In contiguous allocation, files are assigned to contiguous area of secondary
storage. A linear ordering of disk addresses is seen on the disk. The
technique, in which the operating system provides units of file space on
demand by user running processes, is known as dynamic allocation of disk
space.
Advantages
Successive logical records are physically adjacent and require no head
movement. So disk seek time is minimal and speeds up access of records.
Also, this scheme is relatively simple to implement.
22
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Non-Continuous
This scheme has replaced the previous ones. The popular non-contiguous
storages because the files do tend either to grow or shrink over time and
users rarely know in advance how large their files will be contiguous.
Types of non-continuous allocation
Linked/Chained Collection
Linked allocation is essentially a disk-based version of the linked list. The disk
blocks may be scattered anywhere on the disk. The directory contains a
pointer to the first and last block of the file. Also each block contains pointers
to the next block, which are not made available to the user. It can be used
effectively for sequential access only but there also it may generate long
seeks between blocks. Another issue is the extra storage space required for
pointers. Yet the reliability problem is also there due to loss/damage of any
pointer.
23
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Indexed Allocation
Index allocation addresses many of the problems of contiguous and chained
allocation. In this case, the file allocation table contains a separate one-level
index for each file; the index has one entry for each portion allocated to file.
Typically, the file indexes are not physically stored as part of the file
allocation table. Rather, the index for a file is kept in a separate block, and
entry for the file in the allocation table points to that block. The allocation may
be on the basis of either fixed size blocks or variable size portions.
24
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
File system management
The system that an operating system or program uses to organize and keep track of
files. It is the subsystem of an operating system that manages the data storage
organization on disk, and provides services to processes related to file access. In
this sense, it interfaces the application programs with the low-level media-I/O
subsystem, freeing on the application programmers from having to deal with low-
level intricacies and allowing them to implement I/O using convenient data-
organizational abstractions like files and records. On the other end, the FMS services
often is the only way thorough which applications can access the data stored in the
files, thus achieving an encapsulation of the data themselves which can be usefully
exploited for the purposes of data protection, maintenance and control.
25
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Functions of file system management
Data Management
An FMS should provide data management services to the applications through
convenient abstractions, simplifying and making device-independent the
common operations involved in data access and modification.
Generality with respect to storage devices
The FMS data abstractions and access methods should remain unchanged
irrespective of the devices involved in data storage.
Validity
An FMS should guarantee that at any given moment the stored data reflect the
operations performed on them, regardless of the time delays involved in
actually performing those operations. Appropriate access synchronization
mechanism should be used to enforce validity when multiple accesses from
independent processes are possible.
Protection
Illegal or potentially dangerous operations on the data should be controlled
by the FMS, by enforcing a well-defined data protection policy.
26
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Concurrency
In multiprogramming systems, concurrent access to the data should be
allowed with minimal differences with respect to single-process access, save
for access synchronization enforcement.
Performance
The above functionalities should be offered achieving at the same a good
compromise in terms of data access speed and data transferring rate.
Function of file system management to end user (or application)
File creation, modification and deletion.
User's (or user groups') ownership of files, and access control on the basis of
ownership permissions.
Facilities to structure data within files (predefined record formats, etc.).
Facilities for maintaining data redundancy against technical failure (back-ups,
disk mirroring, etc.).
Logical identification and structuring of the data, via file names and
hierarchical directory structures.
27
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
File system performance
Disk access is the bottleneck for the file system performance. Most systems maintain
a separate section of main memory for a disk cache (block cache, or buffer cache),
where blocks are kept under the assumption that they will be re-used in near future.
Logical file system
The logical file system is the level of the file system at which users can request file
operations by system call. This level of the file system provides the kernel with a
consistent view of what might be multiple physical file systems and multiple file
system implementations. As far as the logical file system is concerned, file system
types, whether local, remote, or strictly logical, and regardless of implementation,
are indistinguishable.
A consistent view of file system implementations is made possible by the virtual file
system abstraction. This abstraction specifies the set of file system operations that an
implementation must include in order to carry out logical file system requests.
Physical file systems can differ in how they implement these predefined operations,
but they must present a uniform interface to the logical file system. Each set of
predefined operations implemented constitutes a virtual file system. As such, a
single physical file system can appear to the logical file system as one or more
separate virtual file systems.
Virtual file system operations are available at the logical file system level through
the virtual file system switch. This array contains one entry for each virtual file
28
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
system, with each entry holding entry point addresses for separate operations. Each
file system type has a set of entries in the virtual file system switch.
The logical file system and the virtual file system switch support other operating
system file-system access semantics. This does not mean that only other operating
system file systems can be supported. It does mean, however, that a file system
implementation must be designed to fit into the logical file system model.
Operations or information requested from a file system implementation need be
performed only to the extent possible.
Logical file system can also refer to the tree of known path names in force while the
system is running. A virtual file system that is mounted onto the logical file system
tree itself becomes part of that tree. In fact, a single virtual file system can be
mounted onto the logical file system tree at multiple points, so that nodes in the
virtual subtree have multiple names. Multiple mount points allow maximum
flexibility when constructing the logical file system view.
Physical file system
Storage space on a computer usually resides on several devices. This encompasses
several different types of media, including hard drives, CD-ROM drives, and floppy
drives. Each of these devices has a distinct physical file system associated with it.
29
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
File allocation
This is the way files size and location in the hard disk are recorded for fast access by
the computer's operating system.
File allocation features
i. It supports up to 2 Terabytes in size.
ii. Uses space more effectively
iii. It is more robust and is more flexible
iv. FAT mirroring can be disabled
v. These features allow for dynamic resizing of partitions.
Operating system security
Operating system security is the process of ensuring OS integrity, confidentiality
and availability. OS security refers to specified steps or measures used to protect the
OS from threats, viruses, worms, malware or remote hacker intrusions. OS security
encompasses all preventive-control techniques, which safeguard any computer
assets capable of being stolen, edited or deleted if OS security is compromised.
File protection
Refers to the prevention of erasing of or writing upon a disk but allows a program to
read the data from the disk
Physical file protection is provided on the storage medium by turning a switch,
moving a lever or covering a notch. Writing is prohibited even if the software directs
30
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
the computer to do so. For example, on the earlier half-inch tape, a plastic ring in the
center of the reel was removed.
Logical file protection is provided by the operating system, which can designate
files as read only. This allows both regular (read/write) and read only files to be
stored on the same disk volume. Files can also be designated as hidden files, which
make them invisible to most software programs.
File security
Security refers to providing a protection system to computer system resources such
as CPU, memory, disk, software programs and most importantly data/information
stored in the computer system. If a computer program is run by unauthorized user
then he/she may cause severe damage to computer or data stored in it. So a
computer system must be protected against unauthorized access, malicious access
to system memory, viruses, worms etc.
Importance of File Protection and security
To avoid modification of file information
To safeguard system files
To avoid deletion of important system files
File Protection and security objectives
Data confidentiality
Data integrity
31
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
System availability
Privacy
Malicious intruders
Accidental data loss
Software security and application security
Software security is an idea implemented to protect software against malicious
attack and other hacker risks so that the software continues to function correctly
under such potential risks. Security is necessary to provide integrity, authentication
and availability. Any compromise to integrity, authentication and availability makes
a software unsecure. Software systems can be attacked to steal information, monitor
content, introduce vulnerabilities and damage the behavior of software. Malware
can cause DoS (denial of service) or crash the system itself.
Security vulnerabilities
In computer security, vulnerability is a weakness which allows an attacker to reduce
a system's information assurance. Vulnerability is the intersection of three elements:
a system susceptibility or flaw, attacker access to the flaw, and attacker capability to
exploit the flaw.
Application Vulnerability
Application vulnerability is a system flaw or weakness in an application that could be
exploited to compromise the security of the application. Once an attacker has found
32
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
a flaw, or application vulnerability, and determined how to access it, the attacker has
the potential to exploit the application vulnerability to facilitate a cyber-crime. These
crimes target the confidentiality, integrity, or availability of resources possessed by
an application, its creators, and its users.
Types of Security Vulnerabilities
Buffer Overflows
A buffer overflow occurs when an application attempts to write data past the end of a
buffer. Buffer overflows can cause applications to crash, can compromise data, and
can provide an attack vector for further privilege escalation to compromise the
system on which the application is running.
Invalidated Input
As a general rule, you should check all input received by your program to make
sure that the data is reasonable. Any input received by your program from an
untrusted source is a potential target for attack.
Race Conditions
A race condition exists when changes to the order of two or more events can cause a
change in behavior. If the correct order of execution is required for the proper
functioning of the program, this is a bug. If an attacker can take advantage of the
situation to insert malicious code, change a filename, or otherwise interfere with the
33
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
normal operation of the program, the race condition is security vulnerability.
Attackers can sometimes take advantage of small time gaps in the processing of
code to interfere with the sequence of operations, which they then exploit.
Interprocess Communication
Separate processes either within a single program or in two different programs
sometimes have to share information. Common methods include using shared
memory or using some messaging protocol, such as Sockets, provided by the
operating system. These messaging protocols used for interprocess communication
are often vulnerable to attack; thus, when writing an application, you must always
assume that the process at the other end of your communication channel could be
hostile.
Insecure File Operations
Programmers often make assumptions about the ownership, location, or attributes of
a file that might not be true. For example, you might assume that you can always
write to a file created by your program. However, if an attacker can change the
permissions or flags on that file after you create it, and if you fail to check the result
code after a write operation, you will not detect the fact that the file has been
tampered with.
34
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Access Control Problems
Access control is the process of controlling who is allowed to do what. This ranges
from controlling physical access to a computer keeping your servers in a locked
room, for example to specifying who has access to a resource and what they are
allowed to do with that resource. Some access control mechanisms are enforced by
the operating system, some by the individual application or server, some by a
service in use. Many security vulnerabilities are created by the careless or improper
use of access controls, or by the failure to use them at all.
Security attacks
Security attack refers to a process whereby a person compromises your computer
by installing harmful malicious software in your computer without your knowledge.
This malicious software includes viruses, spywares, adwares, and Trojan horses.
This software often deletes certain vital files on your computer, making your
computer to function abnormally, spying on your online surfing habits, and cause
advertisements to pop up on your screen when you are online.
Types of attack
Passive Attack
A passive attack monitors unencrypted traffic and looks for clear-text passwords and
sensitive information that can be used in other types of attacks. Passive attacks
include traffic analysis, monitoring of unprotected communications, decrypting
35
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
weakly encrypted traffic, and capturing authentication information such as
passwords. Passive interception of network operations enables adversaries to see
upcoming actions. Passive attacks result in the disclosure of information or data files
to an attacker without the consent or knowledge of the user.
Active Attack
In an active attack, the attacker tries to bypass or break into secured systems. This
can be done through stealth, viruses, worms, or Trojan horses. Active attacks include
attempts to circumvent or break protection features, to introduce malicious code,
and to steal or modify information. These attacks are mounted against a network
backbone, exploit information in transit, electronically penetrate an enclave, or
attack an authorized remote user during an attempt to connect to an enclave. Active
attacks result in the disclosure or dissemination of data files, DoS, or modification of
data.
Distributed Attack
A distributed attack requires that the adversary introduce code, such as a Trojan
horse or back-door program, to a “trusted” component or software that will later be
distributed to many other companies and users Distribution attacks focus on the
malicious modification of hardware or software at the factory or during distribution.
These attacks introduce malicious code such as a back door to a product to gain
unauthorized access to information or to a system function at a later date.
36
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Insider Attack
An insider attack involves someone from the inside, such as a disgruntled
employee, attacking the network Insider attacks can be malicious or no malicious.
Malicious insiders intentionally eavesdrop, steal, or damage information; use
information in a fraudulent manner; or deny access to other authorized users. No
malicious attacks typically result from carelessness, lack of knowledge, or
intentional circumvention of security for such reasons as performing a task
Close-in Attack
A close-in attack involves someone attempting to get physically close to network
components, data, and systems in order to learn more about a network Close-in
attacks consist of regular individuals attaining close physical proximity to networks,
systems, or facilities for the purpose of modifying, gathering, or denying access to
information. Close physical proximity is achieved through surreptitious entry into
the network, open access, or both.
One popular form of close in attack is social engineering in a social engineering
attack, the attacker compromises the network or system through social interaction
with a person, through an e-mail message or phone. Various tricks can be used by
the individual to revealing information about the security of company. The
information that the victim reveals to the hacker would most likely be used in a
subsequent attack to gain unauthorized access to a system or network.
37
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Phishing Attack
In phishing attack the hacker creates a fake web site that looks exactly like a popular
site such as PayPal. The phishing part of the attack is that the hacker then sends an e-
mail message trying to trick the user into clicking a link that leads to the fake site.
When the user attempts to log on with their account information, the hacker records
the username and password and then tries that information on the real site.
Hijack attack
Hijack attack In a hijack attack, a hacker takes over a session between you and
another individual and disconnects the other individual from the communication.
You still believe that you are talking to the original party and may send private
information to the hacker by accident.
Spoof attack
Spoof attack in a spoof attack, the hacker modifies the source address of the packets
he or she is sending so that they appear to be coming from someone else. This may
be an attempt to bypass your firewall rules.
Buffer overflow
Buffer overflow A buffer overflow attack is when the attacker sends more data to an
application than is expected. A buffer overflow attack usually results in the attacker
gaining administrative access to the system in a command prompt or shell.
38
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Exploit attack
Exploit attack In this type of attack, the attacker knows of a security problem within
an operating system or a piece of software and leverages that knowledge by
exploiting the vulnerability.
Password attack
Password attack an attacker tries to crack the passwords stored in a network account
database or a password-protected file. There are three major types of password
attacks: a dictionary attack, a brute-force attack, and a hybrid attack. A dictionary
attack uses a word list file, which is a list of potential passwords. A brute-force attack
is when the attacker tries every possible combination of characters.
39
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Authorization and authentication
Authentication is the process of verifying who you are. When you log on to a PC with
a user name and password you are authenticating.
Authentication is the process of proving authenticity. Something is authentic if it is
not false or an imitation. In software, authentication is validating that an entity is who
or what it claims to be. That is, authentication is proving that you are you, or that a
computer or a particular program is what it claims to be.
Authorization is the process of verifying that you have access to something. Gaining
access to a resource (e.g. directory on a hard disk) because the permissions
configured on it allow you access is authorization.
Authorization is the process of authorizing. Something is authorized to do X if it has
permission or approval to do X. In software, authorization is validating that a user
can perform a given action. That is, once a user is authenticated as a particular user,
authorization is about what that user can and cannot do.
Viruses and worms
A Virus is a program that piggy-backs on other programs. It can be attached to a
Word or Excel file. Each time the file is run, the virus runs too. It attaches itself to
other programs and continues to reproduce.
40
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
A Worm uses computer networks to replicate itself. It searches for servers with
security holes and copies itself there. It then begins the search and replication
process again.
A Trojan horse is a computer program masquerading as a game or a “cute”
program. However, when it runs it does something else - like erasing your hard
drive or blocking your screen with a graphic will not go away.
Audit trail
A record showing who has accessed a computer system and what operations he or
she has performed during a given period of time. Audit trails are useful both for
maintaining security and for recovering lost transactions. Most accounting systems
and database management systems include an audit trail component. In addition,
there are separate audit trail software products that enable network administrators
to monitor use of network resources.
An audit trail also called audit log is a security-relevant chronological record, set of
records, and/or destination and source of records that provide documentary
evidence of the sequence of activities that have affected at any time a specific
operation, procedure, or event. Audit records typically result from activities such as
financial transactions, scientific research and health care data transactions, or
communications by individual people, systems, accounts, or other entities.
41
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Importance of Audit trail or Logs
Accountability
Log data can identify what accounts are associated with certain events. This
information then can be used to highlight where training and/or disciplinary actions
are needed.
Reconstruction
Log data can be reviewed chronologically to determine what was happening both
before and during an event. For this to happen, the accuracy and coordination of
system clocks are critical. To accurately trace activity, clocks need to be regularly
synchronized to a central source to ensure that the date/time stamps are in synch.
Intrusion Detection
Unusual or unauthorized events can be detected through the review of log data,
assuming that the correct data is being logged and reviewed. The definition of what
constitutes unusual activity varies, but can include failed login attempts, login
attempts outside of designated schedules, locked accounts, port sweeps, network
activity levels, memory utilization, key file/data access, etc.
Problem Detection
In the same way that log data can be used to identify security events, it can be used
to identify problems that need to be addressed.
42
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Access control verification
Access control is the selective restriction of access to a place or other resource. The
act of accessing may mean consuming, entering, or using. Permission to access a
resource is called authorization. Each file management system has its own method to
control file access.
Types of Access Control Verification Module
a) Access control matrix
In computer science, an Access Control Matrix or Access Matrix is an abstract,
formal security model of protection state in computer systems that
characterize the rights of each subject with respect to every object in the
system
Advantages
i. Easy to implement
ii. Works well for systems with few files & few users
iii. Results in space wastage because of null entries
43
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
b) Access control lists
An access control list is a table that tells a computer operating system which
access rights each user has to a particular system object, such as a file
directory or individual file. Each object has a security attribute that identifies
its access control list. The list has an entry for each system user with access
privileges. The most common privileges include the ability to read a file, to
write to the file or files, and to execute the file
Contains the name of only those users who may use file; those denied any
access are grouped under “WORLD”. List is shortened by putting users into
categories:
SYSTEM: personnel with unlimited access to all files
OWNER: Absolute control over all files created in own account
GROUP: All users belonging to appropriate group have access
WORLD: All other users in system
44
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Advantages
i. Modification of access control matrix technique
ii. Each file is entered in list & contains names of users who are allowed
access to it and type of access permitted
c) Capability lists
Lists all the access rights or capabilities that a user has. A row of an access
matrix that contains the access rights of a given user to various files and other
resources of a computer system.
Examples
Fred --> /dev/console(RW)--> fred/prog.c(RW)--> fred/letter(RW) -->
/usr/ucb/vi(X) Jane --> /dev/console(RW)--> fred/prog.c(R)--> fred/letter() --
> /usr/ucb/vi(X)
45
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
When a process tries to gain access to an object, the operating system can
check the appropriate capability list.
Advantages
i. Lists every user and the files to which each has access
ii. Can control access to devices as well as to files
Disadvantages
i. If each capability list has an entry for all objects, many entries will indicate
that no access is allowed. The set of objects accessible by one user,
specially privileged users, may be very large.
ii. It can be expensive to search capability lists for such users, unless we use
capability-based addressing, presented later when we discuss capabilities
in more detail.
iii. An initial capability list must be generated for a new user. It is not clear
what the initial list should look like.
46
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
d) Lockword control
It is similar to a password but protects a single file
Advantages
i. Requires smallest amount of storage for file protection
Disadvantages
ii. Can be guessed by hackers or passed on to unauthorized users
iii. Generally doesn’t control type of access to file
iv. Anyone who knows lockword can read, write, execute, or delete file
Data Compression
A technique used to save space in files
Methods for data compression
47
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Records with repeated characters
Repeated characters are replaced with a code
Examples
ADAMSbbbbbbbbbb => ADAMSb10
300000000 => 3#8
Repeated terms
Compressed by using symbols to represent most commonly used words
Examples
In a university’s student database common words like student, course, grade, &
department could each be represented with single character.
48
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Device I/O Management
Objectives of device I/O management
The objectives of the I/O Management module are as follows
Generality and Device Independence
I/O devices are typically quite complex mechanically and electronically. Much of
this complexity is related to the electronic engineering and is of no interest to the
user or the programmer. The average user is not aware of the complexities of
positioning the heads on a disk drive, reading the signal from the disk surface,
waiting for the required sector to rotate into position etc.
49
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Users and programmers may be unaware of this complexity. The I/O management
module must try to treat all external devices uniformly. This is achieved by virtual
device. A virtual device is a special kind of file that is associated with a particular
external device. Users create a virtual device of a given type, and operating system
associates a physical device with it when the device is required for the first time. All
virtual devices in a system are stored in a liked list.
Efficiency
Perhaps the most significant characteristic of the I/O system is. the speed disparity
between it and the processor. I/O devices involve mechanical operations. They
cannot compete with the microsecond or nanosecond speed of the processor and
memory. The I/O management module must try to minimize the disparity by the use
of techniques like buffering and spooling.
Uniform naming
i. Name of a file or device is a string or an integer
ii. Doesn’t depend on the machine (underlying hardware)
Error handling
i. Done as close to the hardware as possible
ii. Isolate higher-level software
Synchronous vs. asynchronous transfers
50
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
i. Blocked transfers vs. interrupt-driven
Buffering
i. Data coming off a device cannot be stored in final destination
ii. Sharable vs. dedicated devices
Device independence
Device independence is the process of making a software application be able to
function on a wide variety of devices regardless of the local hardware on which the
software is used. The process should not depend on one particular device.
The principle of device independence works very well with respect to random
access information storage devices. Essentially no level of software, from the OS
upward cares what kind of storage device it's reading from/ writing to.
Device independence functions
i. Perform I/O functions common to all devices
ii. Provide a uniform interface to the user-level software
51
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Efficiency
The speed disparity between it and the processor. I/O devices involve mechanical
operations. They cannot compete with the microsecond or nanosecond speed of the
processor and memory. The I/O management module must try to minimize the
disparity by the use of techniques like buffering and spooling.
Uniform treatment of devices
So users of Peripherals can use a standard way of interacting with different
devices.
OS needs to smooth out all the differences between devices.
This is achieved by the Virtual Device. Users interact with Virtual Devices
called streams. User creates a stream of a given type, and OS associates it
with a physical device the first time the device is required.
52
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Info about stream, and physical device, needs to be held in Process
Descriptor - PD points to a stream descriptor list.
Stream is opened when OS associates stream with Phy. Device. Stream is
closed either explicitly by process or when process terminates
Advantages
User can interact with devices using standard set of instructions.
User does not need to know which specific Phy. Device will be used by a
process
Easy to change device from, say, Tape to Disk, without having to rewrite large
chunks of code.
Principles of device I/O hardware
I/O Devices
An input/output (I/O) device is a hardware device that has the ability to accept
inputted, outputted or other processed data. It also can acquire respective media
data as input sent to a computer or send computer data to storage media as storage
53
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
output. Input devices provide input to a computer, while output devices provide a
way for a computer to output data for communication with users or other computers.
An I/O device is a device with both functionalities.
Input Devices
Graphics Tablets
Cameras
Video Capture Hardware
Trackballs
Barcode reader
Digital camera
Gamepad
Joystick
Keyboard
Microphone
MIDI keyboard
Mouse (pointing device)
Scanner
Webcam
Touchpads
Pen Input
Microphone
Electronic Whiteboard
54
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Output devices
Monitor
Printers (all types)
Plotters
Projector
LCD Projection Panels
Computer Output Microfilm (COM)
Speaker(s)
Both Input–Output Devices
Modems
Network cards
Touch Screen
Headsets
Facsimile (FAX)
Audio Cards / Sound Card
Block Devices
Block devices usually behave a lot like ordinary files: they are an array of bytes, and
the value that is read at a given location is the value that was last written there. Data
from block device can be cached in memory and read back from cache; writes can
be buffered. Block devices are normally searchable. The name block device comes
55
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
from the fact that the corresponding hardware typically reads and writes a whole
block at a time.
Unit of data transfer: a block of bytes Example: disk drives
Operations: read, write, and seek
Usually accessed via a file system interface raw I/O: OS, DBMS may directly access
device as a linear array of blocks.
Character devices
Character devices behave like pipes, serial ports, etc. Writing or reading to them is
an immediate action. What the driver does with the data is its own business. Writing
a byte to a character device might cause it to be displayed on screen, output on a
serial port, converted into a sound. Reading a byte from a device might cause the
serial port to wait for input, might return a random byte. The name “character
device” comes from the fact that each character is handled individually.
56
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Device controllers
A device controller is a part of a computer system that makes sense of the signals
going to, and coming from the CPU.
A device controller is a part of a computer system that makes sense of the signals
going to, and coming from the CPU processor. There are many device controllers in
a computer system. Any device connected to the computer is connected by a plug
and socket, and the socket is connected to a device controller. Device controllers
use binary and digital codes.
There are many device controllers in a computer system. Any device connected to
the computer is connected by a plug and socket, and the socket is connected to a
device controller. A computer system contains a many types of I/O devices and their
respective controllers.
Network card
Graphics adapter
Disk controller
DVD-ROM controller
Serial port
USB
Sound card
Functions of Device Controller
57
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
58
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Types of device controllers
Device drivers
A device driver is a program that controls a particular type of device that is attached
to your computer. There are device drivers for printers, displays, CD-ROM readers,
diskette drives, and so on. When you buy an operating system, many device drivers
are built into the product. However, if you later buy a new type of device that the
operating system didn't anticipate, you'll have to install the new device driver. A
59
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
device driver essentially converts the more general input/output instructions of the
operating system to messages that the device type can understand.
A device driver is a program routine that links a peripheral device to an operating
system of a computer. It is essentially a software program that allows a user to
employ a device, such as a printer, monitor, or mouse. It is written by programmers
who comprehend the detailed knowledge of the device’s command language and
characteristics and contains the specific machine language necessary to perform the
functions requested by the application. When a new hardware device is added to the
computer, such as a CD-ROM drive, a printer, or a sound card, its driver must be
installed in order to run it. The operating system calls the driver, and the driver
drives the device.
A device driver is a kernel module responsible for managing low-level I/O
operations for a particular hardware device. Device drivers can also be software-
only, emulating a device that exists only in software, such as a RAM disk or a
pseudo-terminal.
A device driver contains all the device-specific code necessary to communicate with
a device and provides a standard set of interfaces to the rest of the system. This
interface protects the kernel from device specifics just as the system call interface
protects application programs from platform specifics. Application programs and
the rest of the kernel need little (if any) device-specific code to address the device.
In this way, device drivers make the system more portable and easier to maintain.
60
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Types of Device Drivers
There are several kinds of device drivers, each handling a different kind of I/O.
Block device drivers manage devices with physically addressable storage media,
such as disks. All other devices are considered character devices. Two types of
character device drivers are standard character device drivers and STREAMS
device drivers.
Block Device Drivers
Devices that support a file system are known as block devices. Drivers written for
these devices are known as block device drivers. Block device drivers can also
provide a character driver interface that allows utility programs to bypass the file
system and access the device directly. This device access is commonly referred to
as the raw interface to a block device.
Character Device Drivers
Character device drivers normally perform I/O in a byte stream. They can also
provide additional interfaces not present in block drivers, such as I/O control (ioctl)
commands, memory mapping, and device polling.
Byte-Stream I/O
The main task of any device driver is to perform I/O, and many character device
drivers do what is called byte-stream or character I/O. The driver transfers data to
and from the device without using a specific device address. This is in contrast to
61
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
block device drivers, where part of the file system request identifies a specific
location on the device.
Memory Mapped Devices
For certain devices, such as frame buffers, it is more efficient for application
programs to have direct access to device memory. Applications can map device
memory into their address.
STREAMS Drivers
STREAMS are a separate programming model for writing a character driver. Devices
that receive data asynchronously (such as terminal and network devices) are suited
to a STREAMS implementation. STREAMS device drivers must provide the loading
and auto configuration support.
Functions of device drivers
The driver is the link between the operating system and the peripheral
device.
A device driver sets the direct memory access control registers to use
appropriate source and destination addresses, and transfer length.
Direct Memory Access (DMA)
Direct memory access (DMA) is a method that allows an input/output (I/O) device to
send or receive data directly to or from the main memory, bypassing the CPU to
62
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
speed up memory operations. The process is managed by a chip known as a DMA
controller (DMAC).
DMA channels are used to communicate data between the peripheral device and the
system memory. All four system resources rely on certain lines on a bus. Some lines
on the bus are used for IRQs, some for addresses (the I/O addresses and the
memory address) and some for DMA channels.
A DMA channel enables a device to transfer data without exposing the CPU to a work
overload. Without the DMA channels, the CPU copies every piece of data using a
peripheral bus from the I/O device. Using a peripheral bus occupies the CPU during
the read/write process and does not allow other work to be performed until the
operation is completed.
With DMA, the CPU can process other tasks while data transfer is being performed.
The transfer of data is first initiated by the CPU. During the transfer of data between
the DMA channel and I/O device, the CPU performs other tasks. When the data
transfer is complete, the CPU receives an interrupt request from the DMA controller.
63
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Advantages of DMA
• DMA allows a peripheral device to read from/write to memory without going
through the CPU
• DMA allows for faster processing since the processor can be working on
something else while the peripheral can be populating memory.
Disadvantages of DMA
• DMA transfer requires a DMA controller to carry out the operation, hence cost
of the system increases.
• Cache Coherence problems.
64
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Principles of I/O software
Goals of I/O software
Device independence
The principle of device independence works very well with respect to random
access information storage devices. Essentially no level of software, from the OS
upward cares what kind of storage device it's reading from/ writing to.
Uniform naming
Recall that we discussed the value of the name space implemented by file systems.
There is no dependence between the name of the file and the device on which it is
stored.
Device independence
i. Programs can access any I/O device
ii. without specifying device in advance (floppy, hard drive, or CD-ROM)
Uniform naming
i. name of a file or device a string or an integer
ii. not depending on which machine
Error handling
i. Handle as close to the hardware as possible.
Interrupt Handler
An interrupt handler is used to handle high-priority conditions that require the
interruption of the current code the processor is executing. Interrupt handlers have
65
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
a multitude of functions, which vary based on the reason the interrupt was generated
and the speed at which the interrupt handler completes its task. An interrupt
handler is a low-level counterpart of event handlers. These handlers are initiated by
either hardware interrupts or interrupt instructions in software, and are used for
servicing hardware devices and transitions between protected modes of operation
such as system calls.
Types of Interrupts
External Interrupt
The external interrupt occurs when any input and output device request for any
operation and the CPU will execute that instructions first for example when a
program is executed and when we move the mouse on the screen then the CPU will
handle this external interrupt first and after that he will resume with his operation.
Internal interrupt
The internal interrupts are those which are occurred due to some problem in the
execution for example when a user performing any operation which contains any
error and which contains any type of error. So that internal interrupts are those
which are occurred by the some operations or by some instructions and the
operations those are not possible but a user is trying for that operation.
Software interrupt
66
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Software interrupts are those which are made some call to the system for example
while we are processing some instructions and when we want to execute one more
application programs.
Device-independent I/O software
Functions
i. uniform interfacing for device drivers
ii. Buffering
iii. error reporting
iv. providing a device-independent block size
Uniform interfacing
Make all I/O devices look more or less the same, so that the O/S doesn’t need to be
hacked every time a new device comes along.
Buffering
Memory area that stores data in kernel space while transferred between device and
application. Buffering allows the I/O devices to cope with a speed mismatch
67
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
between producers and consumers. Allows adaption between services with different
data-transfer sizes.
User-level I/O system calls
68
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
69
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Disk hardware
Physical geometry of a disk with two zones
A possible virtual geometry for this disk
70
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Raid levels 0 through 2
Backup and parity drives are shaded
Disk Scheduling
Servicing the disk I/O requests. Disk scheduling is the problem of deciding which
particular request for data by your computer from your hard drive should be
serviced first. In other words, when several programs are trying to pull data from
your hard drive at once, which one gets the data first? It is a fundamental problem in
operating system scheduling in terms of minimizing the wait for the user when he or
she simply wants to do some things that require information from the hard drive.
71
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
I/O request issues a system call to the OS. If desired disk drive or controller is
available, request is served immediately. If busy, new request for service will be
placed in the queue of pending requests. When one request is completed, the OS
has to choose which pending request to service next.
Type of Disk Scheduling
FCFC or First Come First Serve
In this jobs or processes are executed in the manner in which they are entered into
the computer. In this operating system creates a queue which contains the sequence
order in which they are to be executed and the sequence in which the CPU will
execute the process. In this all the jobs are performed according to their sequence
order as they have entered. In this the job which had requested first will firstly
performed by the CPU and the jobs those are entered later will be executed in to
their entering order.
72
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
SSTF or Shortest Seek Time First
In this technique the operating system will search for the shortest time means this
will search which job will takes a less time of CPU for running. After examining all
the jobs, all the jobs are arranged in the sequence wise or they are organized into
the priority order. The priority of the process will be the total time which a process
will use for execution. The shortest seek time will include all the time means time to
enter and time to completion of the process. Means the total time which a process
will take for execution.
C-Scan Scheduling
In the c-scan all the processes are arranged by using some circular list. Circular list
is that in which there is no start and end point of the list means the end of the list is
the starting point of the list. In the c-scan scheduling the cpu will search for the
process from start to end and if an end has found then this again start from the
starting process. Because many times when a CPU is executing the processes then
73
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
may a user wants to enter some data means a user wants to enter some data so that at
that situation the CPU will again execute that process after the input operation. So
that c-scan scheduling is used for processing same processes again and again.
Look Scheduling
In the Look Scheduling the CPU Scans the List from Starting to End of the Disk in
which the various processes are running and in the Look Scheduling the CPU will
Scan the Entire Disk from one End to the Second end.
Round Robin
In the Round Robin Scheduling the Time of CPU is divided into the Equal Numbers
which is also called as Quantum Time. Each Process which is Request for Execution
will Consumes the Equal Number of Times of the CPU and after the Quantum Time of
First Process, the CPU will automatically goes to the Next Process. But the Main
Problem is that after the Completion of the Process the Time Will also be Consumed
by the Process. Means if a Process either or not have Some Operations To perform
74
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
the Time of CPU will also be Consume by the CPU , So this is the Wastage of the Time
of the CPU.
Priority Scheduling
In this Each Process have Some Priorities Assign to them, Means each and Every
Process will be examined by using the Total Time Which will be consumed by the
Process. The Total Time of the Process, and Number of times a Process needs Some
Input and Output and Number of Resources will be Examines to set the Priorities of
the Processes. So that all the Processes are arranged into the Form of these Criteria’s
and after that they will be processed by the CPU.
Multilevel Queue
The multilevel queue is used when there are multiple queues for the various
different processes as we know that there are many different types of works those
are to be performed on the computers at a time. So that for organizing the various or
different types of queues the CPU maintains the queues by using this technique. In
this all the queues are collected and organized in the form of some functions which
they are requesting to perform. So that the various types of queues are maintained
this contains all the processes which have same type.
SCAN
Go from the outside to the inside servicing requests and then back from the outside
to the inside servicing requests.
75
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
i. Repeats this over and over
ii. Reduces variance compared to SSTF
The drive head sweeps across the entire surface of the disk, visiting the
outermost cylinders before changing direction and sweeping back to the
innermost cylinders. It selects the next waiting requests whose location it will
reach on its path backwards and forwards across the disk. Thus, the movement
time should be less than FCFS but the policy is clearly fairer than SSTF.
C-LOOK
i. Moves inwards servicing requests until there are no more requests in that
direction, then it jumps to the outermost outstanding requests.
ii. Repeats this over and over.
iii. Variant: service requests from inside to outside, then skip back to the
innermost request.
Based on C-SCAN, C-LOOK involves the drive head sweeping across the disk
satisfying requests in one direction only. As in LOOK the drive makes use of the
location of waiting requests in order to determine how far to continue a sweep, and
where to commence the next sweep. Thus it may curtail a sweep towards the outer
edge when there are locations requested in cylinders beyond the current position,
and commence its next sweep at a cylinder which is not the innermost one, if that is
the most central one for which a sector is currently requested.
76
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Disk performance Parameters
Disk bandwidth
Is the total number of bytes transferred, divided by the total time between the first
request for service and the completion of the last transfer.
Seek time
Is the time for the disk are to move the heads to the cylinder containing the desired
sector.
Rotational latency
This is the additional time waiting for the disk to rotate the desired sector to the disk
head.
77
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
SCAN Scheduling
The disk arm starts at one end of the disk, and moves toward the other end,
servicing requests until it gets to the other end of the disk, where the head
movement is reversed and servicing continues. Sometimes called the elevator
algorithm.
Error handling
There are several aspects to error handling including: detection, correction (if
possible) and reporting.
i. Detection should be done as close to where the error occurred as possible
before more damage is done (fault containment). This is not trivial.
ii. Correction is sometimes easy, for example ECC (error correcting code)
memory does this automatically (but the OS wants to know about the error so
that it can schedule replacement of the faulty chips before unrecoverable
double errors occur).
a. Other easy cases include successful retries for failed Ethernet
transmissions. In this example, while logging is appropriate, it is quite
reasonable for no action to be taken.
iii. Error reporting tends to be awful. The trouble is that the error occurs at a low
level but by the time it is reported the context is lost. Unix/Linux in particular
is horrible in this area.
78
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Primary handling is by the drivers. It can often react and repair the error before the
software layer above notices. Only when, after several tries, repairing fails, the
higher layers are informed. Error handling at higher levels depends on the
environment in which the software is functioning.
Error handling examples
Programming errors (non-existing sector)
User program needs debugging
Volatile checksum error (dust particle)
Controller tries again
Permanent checksum error (bad block)
Block will be marked “bad” and replaced by a spare block (this my interfere
with the optimisation algorithm)
Seek error (arm moves to the wrong sector)
Mechanical problem, perform RECALIBRATE or ask for maintenance
Controller error
Controller is a parallel system, can get confused, driver may perform a reset
79
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Track at a time caching
Caching is a very general technique for improving computer system performance.
Based on the principle of locality of reference, it is used in a computer's primary
storage hierarchy, its operating system, networks, and databases. Caching improves
access time and reduces data traffic to data sources that have limited throughput. For
most of this web page only reads are considered. A section at the end deals with
issues that arise when writes are considered.
RAM Disks
Refers to RAM that has been configured to simulate a disk drive. You can access files
on a RAM disk as you would access files on a real disk. RAM disks, however, are
approximately a thousand times faster than hard disk drives. They are particularly
useful, therefore, for applications that require frequent disk accesses. Because they
are made of normal RAM, RAM disks lose their contents once the computer is turned
off. To use a RAM disk, therefore, you need to copy files from a real hard disk at the
beginning of the session and then copy the files back to the hard disk before you
turn the computer off. Note that if there is a power failure, you will lose whatever
data is on the RAM disk. A RAM disk is also called a virtual disk or a RAM drive.
Computer clocking system
Clock hardware
50 Hz clocks (1 interrupt (clock tic) per voltage cycle)
• Simple, cheap, not very accurate, not very functional
High precision clocks (5-100 MHz, or higher),
80
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
• Contain a quarts oscillator
• Steers a counter counting down
• Generates an interrupt when counter reaches 0
• Counter is eventually reloaded from a programmable register
• One chip normally implements multiple clocks
• One shot mode: clock counts down from register value once and
waits for software to start it again
• Block wave mode: counter is automatically reloaded (generates
clock tics)
• Ranges: e.g. 1000 MHz clock with a 16 bits register can fix time
intervals between 1 nanosecond and 65,535 microseconds.
Clock software
Software is responsible for the semantics behind the clock tics:
Shows time of the day.
Calculate the exact time between two tics and adjust the clock on each
interrupt.
Administration of process time slices
Administration of CPU usage
• Counter starts when process starts
• Counter is part of the “Process environment”
• Is stopped while handling an interrupt
81
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
• Field in the process table can be used directly (through pointer
to running process)
• Interrupts cause problems
Watchdog timers
– Watchdog timers start user specified routine after the time has elapsed
within the code of the caller
Profiling
– For program performance analysis
– Information where the CPU time is spent on
Exploration of computer terminals
Terminal hardware
Serial RS232 terminals
– Industrial applications
• Memory-mapped interfaces
– character oriented
– Bitmapped
• Network computers
• Serial interfaces: 25 pins connector (RS232 or V24), needed are 3 pins
82
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
• From 50 up to 19200 bits/sec
• Interface: UART (Universal Asynchronous Receiver Transmitter) on RS232
interface cards
• Driver writes characters to interface card which transforms them into a bit
sequence
• Slow, interrupt will wake up the driver
• Interface cards may have a CPU on board, and be able to serve more
terminals
• Intelligent terminals may be able to perform complicated operations on the
screen (e.g. X-terminals) while still connected through a prehistoric device as
the RS UART
Memory mapped terminals
– Integrated into the computer
– Communicate through a special memory, the video RAM, embedded into
the address space of the CPU
83
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
• Monitor talks pixels, video controller modulates the electron ray or steers the
lc’s
• Speed is obtained through the memory and the electronics
• The ram can be in characters or in bits
– Characters will typically be read 14 times, for each line on the screen in
which part of the character is displayed
– Bits will be stored per pixel
• Input through the keyboard
– Normally passes only a code for the key touched
Input software
• Keyboard driver caches keyboard input
– Raw mode:
• Driver passes characters unchanged to software
• Buffering is limited to speed differences
• Application receives characters immediately
– Cooked mode
• Driver buffers one line until it is finished
• Driver handles corrections made by the user while typing a line
84
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
– Often applications have the choice
• Nowadays, window driven applications use raw mode at the lowest level and
perform buffering at the window level
• Keyboard driver catches characters after
– Interrupts: handles character during interrupt
– Messages: message may contain the character or refer to a small
buffer (problem with real time level of the driver, safer if the
messaging is not fail proof)
• Keyboard driver transforms the key number into a character according to a
table
• Keyboard buffering: buffer pool (buffers of equal size, e.g. 16 characters) or a
separate buffer for each terminal (typically 200 characters)
• Echoing is (was) done by the OS, or the shell. May be confusing for the user.
• Handling of tabs, backspaces,… were typical problems with terminals
• One problem survived: end of line
– Logically (from the typist’s viewpoint) one needs a CR to bring the
cursor back to the beginning of the line and a LF to go to the next one
– These two characters are hidden behind the ENTER key
– The OS can decide how to represent end of line
85
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
• UNIX: Line feed only
• DOS: Carriage return and line feed
– LF is ASCII 10, CR is ASCII 13, ^M
• -> problems with file transfer
• Other problems with terminals:
– Timing of CR and LF
– Padding
– Definition of the erase character
– Kill character: @ (\@ and \\ conventions)
– Stop output (^S) and start output (^Q)
– DEL, ^C, stop process (sent SIGINT)
– ^\ force core dump (SIGQUIT)
– ^D, ^Z end of file
• Implementation was (is) not straightforward
UNIX telinfo database contains descriptions of thousands of terminals (famous
example vt100)
86
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Output software
• Serial (RS-232) and memory mapped approaches differ
• Serial terminals have an output buffer to which characters are sent until it is
full or until a line ends. Once full, the real output is initiated and the driver
sleeps until interrupted.
• Memory mapped terminals can be accessed through normal memory
addressing procedures. Some characters receive a special treatment. The
driver is doing more screen manipulation.
• Special functions such as scrolling and animation may be done through
special registers (e.g. register with the position of the top line)
UNIX/LINUX
87
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Buffer Cache
Virtual Devices
Alternatively referred to as a virtual peripheral, a virtual device mimics a physical
hardware device by tricking the computer into thinking something exists when it
really doesn't. Virtual device is a simulation of an actual device. This improves
efficiency by printing to a file and the actual print off can take place when system is
quiet.
Most common example is print spooler; fax software can act as a virtual printer.
When print is selected, the document is sent to a fax/modem, which then sends
information to another fax/modem or fax machine instead of a printer.
88
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Objectives of virtual devices
History of virtual devices
Spooling
Spooling is a process in which data is temporarily held to be used and executed by a
device, program or the system. Data is sent to and stored in memory or other
volatile storage until the program or computer requests it for execution.
Spooling refers to as a process that putting jobs in a buffer or say spool, or
temporary storage area, a special area in memory or on a disk where a device can
access them when it is ready. Spooling is useful because devices access data at
different rates.
The buffer provides a waiting station where data can rest while the slower device
catches up. However, unlike a spool of thread, the first jobs sent to the spool are the
first ones to be processed (FIFO, not LIFO).
The most common spooling application is print spooling. When you choose to print a
document, the computer sends the document information to the printer very quickly,
but the printer can't accept it at the same rate. The printer can only handle a chunk of
information at a time, and it pauses to process and print that chunk before it's ready
for more. Meanwhile, you have to wait until the printer has accepted the whole
document, piece by piece, before you can use your computer again because the
computer has to hang around and feed the information through.
89
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Spooling Technique
• A high speed device like a disk is interposed between a running program and
a low speed device involved with the program input/output
• Communication between a high speed device and low speed device is
isolated
• High speed device transfers the data to the spool
• Low speed device gets the data from the spool
90
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Advantages
• Performance of the system is increased
• CPU and I/O devices work more efficiently
• Leads naturally to multiprogramming
• Also used for processing data at remote sites
Buffering
Small amount of memory used for temporary storage of data, usually to compensate
for differences in processing or transmitting speeds of two connected devices, such
as a computer and a printer. It serves as a reservoir in which the higher speed
device (computer) dumps the data which is then 'trickled' to the slower one (printer).
Buffering is also required where a constant high bit rate has to be maintained, such
as in compress-decompression process used in transmission or playing of
audio/video files.
A buffer is an area of main memory for holding data during input and output data
transfers. A temporary storage area, usually in RAM. The purpose of most buffers is
to act as a holding area, enabling the CPU to manipulate data before transferring it to
a device. Because the processes of reading and writing data to a disk are relatively
slow, many programs keep track of data changes in a buffer and then copy the
buffer to a disk. For example, word processors employ a buffer to keep track of
changes to files. Then when you save the file, the word processor updates the disk
91
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
file with the contents of the buffer. This is much more efficient than accessing the file
on the disk each time you make a change to the file.
• Overlaps the I/O of job with that of its own computation
• After the data have been read and the CPU is about to start the operation, the
input device is instructed to begin the next input operation
• Both the CPU and I/O device are busy
• By the time CPU is ready for next operation, the input device would have
finished reading it
• CPU creates data and puts into a buffer until an output device can accept it
Output Buffering
• Processor stores the data in a buffer
• Output device takes the data from the buffer
Input Buffering
92
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
• Data transferred by an input channel is stored in the buffer
• After the data transfer, the processor access the data from the buffer
Advantages
• To cope with a speed mismatch between the producer and consumers of a
data streams
• To adopt between devices that have different data-transfer sizes
• To support copy semantics for application I/O
Caching
Portion of a computer's random access memory (RAM) reserved for temporary
storage of data for processing or the data frequently requested from the computer's
hard disk. Since data stored in RAM can be accessed much faster than the data
stored on a hard disk, a cache speeds up computing.
93
Downloaded by Okorie Promise ([email protected])
lOMoARcPSD|12193041
Process management
Describe process model
Process levels
Process states/models
94
Downloaded by Okorie Promise ([email protected])
You might also like
- How To Configure of Quality Management in Embedded EWM100% (1)How To Configure of Quality Management in Embedded EWM37 pages
- IOT and GSM Baseddistribution Transformer Fault Monitoring and Alert SystemNo ratings yetIOT and GSM Baseddistribution Transformer Fault Monitoring and Alert System60 pages
- (Operating System) Week 10 - File ManagementNo ratings yet(Operating System) Week 10 - File Management7 pages
- File-Systems FAT-NTFS and NTFS PermissionsNo ratings yetFile-Systems FAT-NTFS and NTFS Permissions42 pages
- MTN Nigeria and Nigerian Economic Development A MuNo ratings yetMTN Nigeria and Nigerian Economic Development A Mu21 pages
- En-Quiz 1 - Becoming A Reactive Web Developer - QuizizzNo ratings yetEn-Quiz 1 - Becoming A Reactive Web Developer - Quizizz5 pages
- 06-Chap04-FileSystems-4slots (86 Slides)No ratings yet06-Chap04-FileSystems-4slots (86 Slides)86 pages
- Connecting With Computer Science Chapter 10 ReviewNo ratings yetConnecting With Computer Science Chapter 10 Review6 pages
- Operating Systems Coursework 2025...... Group 5No ratings yetOperating Systems Coursework 2025...... Group 59 pages
- 22CS304 - Operating Systems (Lab Integrated)No ratings yet22CS304 - Operating Systems (Lab Integrated)3 pages
- MASTER SOE NLC 2023 For Conference Preview GuideNo ratings yetMASTER SOE NLC 2023 For Conference Preview Guide9 pages
- Soft Computing and Neural Network Unit 1No ratings yetSoft Computing and Neural Network Unit 14 pages
- Intelligent Automation With Micro Focus Unified Functional Testing FlyerNo ratings yetIntelligent Automation With Micro Focus Unified Functional Testing Flyer2 pages
- Captura de Pantalla 2024-09-04 A La(s) 11.04.45 P.M.No ratings yetCaptura de Pantalla 2024-09-04 A La(s) 11.04.45 P.M.3 pages
- Discover Afterwork Events & Activities in Paris, France EventbriteNo ratings yetDiscover Afterwork Events & Activities in Paris, France Eventbrite1 page
