# Operating System (CH 5 and 6)
# Operating System (CH 5 and 6)
By
Fikadu M.
[email protected]
Chapter
Five
I/O Management
🠶 Introduction to I/O
Management
🠶 Principles of I/O Hardware
🠶 Principles of I/O Software
🠶 Application I/O Interface
🠶 Performance
🠶 Viewpoints.
🠶 Users
🠶 Programmers
🠶 Technicians
Store information in fixed sized blocks, each one with its own address.
🠶 Device drivers are part of the operating system, but not necessarily part of the OS
kernel. The operating system provides a simplified view of the device to user
applications (e.g., character devices vs. block devices in UNIX).
🠶 The best way to hide them is to have the driver starting an I/O operation block until
the I/O has completed and the interrupt occurs. The driver can block itself by doing a
down on a semaphore, a wait on a condition variable, a receive on a message, or
something similar, for example:
🠶 When the interrupt happens, the interrupt procedure does whatever it has to in order
to handle the interrupt.
🠶 Is the only part in the OS that knows the controllers, their register structure,
sectors, tracks, cylinders, heads, interleaving, motors, ...
By
Fikadu M.
[email protected]
Chapter
Six
Security and Protection
🠶 The Security
Problem
🠶 Authentication
🠶 Program Threats
🠶 System Threats
🠶 Securing Systems
🠶 Intrusion Detection
🠶 Encryption
🠶 Windows NT
🠶 And hard disks these days are full of important photos, videos, and movies.
🠶 As more and more of this information is stored in computer systems, the need to protect it
is becoming increasingly important.
🠶 Guarding this information against unauthorized usage is therefore a major concern of all
operating systems.
🠶 To avoid confusion, we will use the term security to refer to the overall problem, and
the term protection mechanisms to refer to the specific operating system mechanisms
used to safeguard information in the computer. The boundary between them is not
well defined, however.
🠶 As an absolute minimum, the owner should be able to specify who can see what, and the
system should enforce these specifications, which ideally should be per file.
🠶 The third goal, system availability, means that nobody can disturb the system to
make it unusable.
🠶 Such denial of service attacks is increasingly common.
🠶 For example, if a computer is an Internet server, sending a flood of requests to it may
cripple it by eating up all of its CPU time just examining and discarding incoming requests.
If it takes, say, 100 use to process an incoming request to read a Web page, then anyone
who manages to send 10,000 requests/sec can wipe it out. Reasonable models and
technology for dealing with attacks on confidentiality and integrity are available; foiling
these denial-of-services attacks is much harder.
🠶 Source of threats
🠶 Threats can come from a range of sources
🠶 human error
🠶 discontented employees
🠶 dishonest employees
🠶 outsider access
🠶 Active intruders are more malicious; they want to make unauthorized changes to data.
🠶 When designing a system to be secure against intruders, it is important to keep in mind the
kind of intruder one is trying to protect against.
🠶 Most of these can be dealt with by maintaining adequate backups, preferably far away
from the original data. While protecting data against accidental loss may seem
mundane compared to protecting against clever intruders, in practice, probably more
damage is caused by the former than the latter.
🠶 Exploits mechanisms for allowing programs written by users to be executed by other users.
🠶 Trap Door
🠶 Specific user identifier or password that circumvents normal security procedures.
🠶 Safe computing.
🠶 Denial of Service
🠶 Overload the targeted computer preventing it from doing any sueful work.
🠶 Audit log – records the time, user, and type of all accesses to an object;
useful for recovery from a violation and developing better security
measures.
🠶 Scan the system periodically for security holes; done when the computer is
relatively unused.
🠶 The firewall limits network access between these two security domains.
🠶 Detection methods:
🠶 Auditing and logging.
🠶 Tripwire (UNIX software that checks if certain files and directories have been altered – I.e.
password files)
private key – key known only to individual user used to decrypt data.
🠶 Used between web servers and browsers for secure communication (credit
card numbers)
🠶 Security is based on user accounts where each user has a security ID.
🠶 Uses a subject model to ensure access security. A subject tracks and manages
permissions for each program that a user runs.
🠶 Each object has a unique name and can be accessed through a well-defined
set of operations.
🠶 Protection problem - ensure that each object is accessed correctly and only
by those processes that are allowed to do so.
🠶 Language-Based Protection