Introduction to Operating System (UNIT-1 )

 What is an Operating System?

 Simple Batch System
 Multi programmed Batched System

 Time Sharing System

 Parallel Systems

 Distributed Systems

 Real Time Systems

Computer System

 A computer system can be divided roughly into four components:

the hardware, the operating system, the application programs,
and the users

What is an Operating System?

 An operating system is a program that acts as an intermediary
between a user of a computer and the computer hardware
 A resource allocator

 A control program which controls the execution of user programs

Goals

1. Convenience for the user

2. Efficient operation of the computer system

Simple Batch System

Jobs with similar needs were batched together and were run through
the computer as a group.

Are appropriate for executing large jobs that need little interaction.
Spooling (Simultaneous peripheral operation on-line)

Use of Spooling

Time Sharing System

Here multiple jobs are executed by CPU switching between them, but
the switches occur so frequently that the users may interact with each
program while it is running.

 A time-shared operating system uses CPU scheduling and

multiprogramming to provide each user with a small portion of a
time-shared computer
 A time-shared operating system allows the many users to share
the computer simultaneously
 Each user has at least one separate program in memory.
 A program that is loaded into memory and is executing is
commonly referred to as a process.
 The user gives instructions to the operating system or to a
program directly, and receives an immediate response.
 When the operating system finishes the execution of one
command, it seeks the next "control statement" from the user's
keyboard.

 If users are to be able to access both data and code conveniently,

an on-line file system must be available

Parallel Systems

 Multiprocessor systems have more than one processor in close

communication, sharing the computer bus, the clock, and
sometimes memory and peripheral devices.

 Are referred to as tightly coupled systems.

Advantages

1. Increased throughput

 The speed-up ratio with n processors is not n, however, but rather

 is less than n

 Multiprocessors can also save money compared to multiple single

systems because the processors can share peripherals, cabinets,
and power supplies.
2. Increased reliability.

 Failure of one processor will not halt the system, but rather will
only slow it down
 Ability to continue providing service proportional to the level of
surviving hardware is called graceful degradation.

 Systems that are designed for graceful degradation are also called
fault-tolerant.
Failure detection and correction

The Tandem system uses both hardware and software duplication to

ensure continued operation despite faults.

 The system consists of two identical processors, each with its own
local memory. Connected with a help of a bus.
 One, processor is the primary, and the other is the backup
 At fixed checkpoints in the execution of the system, the state
information of each job (including a copy of the memory image) is
copied from the primary machine to the backup.

 If a failure is detected, the backup copy is activated, and is

restarted from the most recent checkpoint.
Symmetric multiprocessing model: Each processor runs an identical
copy of the operating system, and these copies communicate with
one another as needed.

Asymmetric multiprocessing: Each processor is assigned a specific

task. A master processor controls the system; the other
processors either look to the master for instruction or have
predefined tasks.

Distributed Systems

 The processors instead of sharing memory or a clock, each

processor has its own local memory.
 The processors communicate with one another through various
communication lines,

 The processors in a distributed system may vary in size and

function
Major reasons for building distributed systems

1. Resource sharing: If a number of different sites (with different

 capabilities) are connected to one another, then a user at one site
may be able to use the resources available at another
2. Computation speedup: If a particular computation can be
partitioned into a number of subcomputations that can run
concurrently,
3. Reliability: If one site fails in a distributed system, the remaining
sites can potentially continue operating.

4. Communication: There are many instances in which programs

need to exchange data with one another on one system.
Real Time Systems

 A real-time system is used when there are rigid time requirements

on the operation of a processor or the flow of data, and thus is
often used as a control device in a dedicated application
 A real-time operating system has well-defined, fixed time
constraints.

 Processing must be done within the defined constraints, or the

system will fail.
Examples: Systems that control scientific experiments, medical imaging
systems, industrial control systems

Two types of real-time systems.

1. A hard real-time system guarantees that critical tasks complete on

time. This goal requires that all delays in the system are bounded,
from the retrieval of stored data to the time that it takes the
operating system to finish any request made of it.

2. A soft real-time system, where a critical real-time task gets

priority over other tasks, and retains that priority until it
completes.

Processes (Unit -2)

 Process Concept
 Process Scheduling
 Context Switch
 Operation on Process
 Co-operating Processes

 Interprocess Communication
Process Concept

 A process is a program in execution.

  A program passive entity, such as the contents of a file stored on
disk, whereas a process is an active entity
Process State

Process Control Block

Each process is represented in the operating system by a process control

block (PCB) also called a task control block.

Pointer Process State

Process Number

Program Counter

Registers

Memory Limits

List of Open Files

 Process state
 Program counter
 CPU registers
 CPU scheduling information
 Memory-management information
 Accounting information

 I/O status information

Process Scheduling

Scheduling Queues
  Ready queue: The processes that are residing in main memory and
are ready and waiting to execute

 Device queue: The list of processes waiting for a particular I/O

device.

Process Scheduling

Schedulers

1. The long-term scheduler

 Executes much less frequently

 Controls the degree of multiprogramming

 May need to be invoked only when a process leaves the system

2. The short-term scheduler

 Must select a new process for the CPU quite frequently.

 Must be very fast

The medium-term scheduler

It provides intermediate level of scheduling.

Swapping

The process is swapped out and swapped in later by the medium-term

scheduler

 An I/O-bound process is one that spends more of its time doing

I/O than it spends on doing computations.

 A CPU-bound process, is one that generates I/O requests

infrequently, using more of its time doing computation
Context Switch

Switching the CPU to another process requires saving the state of the
old process loading the saved state for the new process
Operation on Processes

The processes in the system can create and delete subprocesses

Process Termination

A parent may terminate the execution of one of its children for of

reasons such as

 The child has exceeded its usage of some of the resources it has
been allocated.
 The task assigned to the child is no longer required.

 The parent is exiting, and the operating system does not allow a
child to continue if its parent terminates
Co-operating Processes

 A process is co-operating if it can affect or be affected by the

other processes executing in the system.
  A process is independent if it cannot affect or be affected by the
other processes executing in the system.
Reasons for providing process co-operation

 Computation speedup
 Information sharing
 Modularity

 Convenience
Interprocess Communication

 (IPC) is a set of programming interfaces that allow a programmer

to create and manage individual program processes that can run
concurrently in an operating system

 Allows a program to handle many user requests at the same time.

IPC methods include:

 Pipes and named pipes

 Message queueing
 Semaphores
 Shared memory

 Sockets
Methods for logically implementing a link and the
send/receive operations:

 Direct or indirect communication

 Symmetric or asymmetric communication
 Automatic or explicit buffering
 Send by copy or send by reference

 Fixed-sized or variable-sized messages

Direct Communication

Send (P, message). Send a message to process P.

Receive (Q, message). Receive a message from process Q.

Link properties:

 The processes need to know only each other's identity to

communicate.
 A link is associated with exactly two processes.
 Between each pair of processes, there exists exactly one link.

 The link may be unidirectional, but is usually bi-directional

Symmetric addressing

Both the sender and the receiver processes have to name each other to
communicate.

Asymmetric addressing instructions

 send (p, message). Send a message to process P

 receive (id, message). Receive a message from any process; the

variable id

The parent continues to execute concurrently with its children

The parent waits until some or all of its children have terminated
Processes (Unit -2)

 Indirect Communication
 Buffering
 Mutual Exclusion
 Critical Sections
 Mutual Exclusion Primitives

 Semaphores
Indirect Communication

With indirect communication, the messages are sent to and received

from mailboxes

The send and receive primitives are defined as follows

 send (A, message). Send a message to mailbox A.

 receive (A, message). Receive a message from mailbox A.

In this scheme, a communication link has the following properties:
 A link is established between a pair of processes only if they have
a shared mailbox.
 A link may be associated with more than two processes.

 Between each pair of communicating processes, there may be a

number of different links, each link corresponding to one mailbox.

 A link may be either unidirectional or bi-directional.

Buffering

There are three ways that queue of messages can be implemented:

 Zero capacity: The queue has maximum length 0; thus, the link
cannot have any messages waiting in it.

 Bounded capacity: The queue has finite length n; thus, at most n

messages can reside in it.

 Unbounded capacity: The queue has potentially infinite length;

thus, any number of messages can wait in it. The sender is never
delayed.

Mutual Exclusion

Each process accessing the shared data excludes all others from doing
so simultaneously.

Critical Sections

When a process is accessing shared modifiable data, the process is said

to be in a critical section

 It must be ensured that when one process is in a critical section,

all other processes are excluded from their own critical sections.

 While a process is in its critical section, other processes may

certainly continue executing outside their critical sections.

Mutual Exclusion Primitives

Dekker's Algorithm elegantly handles two process mutual exclusion

without the need for any special hardware instructions.

A Hardware Solution to Mutual Exclusion: The Testandset Instruction

This instruction, often called testandset, once initiated will complete all
of these functions without interruption. The indivisible testandset
instruction

Testandset (a, b)

Reads the value of boolean b, copies it into a, and then sets b to true -
all within the span of a single uninterruptable insturction.

The boolean variable, active, is true if either process is in its critical

section, and false otherwise.
Semaphores

A semaphore is a protected variable whose value can be accessed and

altered only by the operations P and V

 An initialization operation semaphoreinitialize.

 Binary semaphores assume only the value 0 or the value 1.

 Counting semaphores assume only nonnegative integer values

The P operation on semaphore S, written P(S), operates as

follows:
If S > 0
then S : = S - 1
else (wait on S)

CPU Scheduling (Unit-3)

 CPU - I/O Burst Cycle

 Preemptive Scheduling
 Dispatcher
 Scheduling Criteria
 Scheduling algorithms
 Multilevel Queue Scheduling

 Multilevel Feedback Queue Scheduling

Observed property of processes: CPU - I/O Burst Cycle

Load store

Add store
CPU burst
Read from file

Wait for I/O

I/O burst

Store increment

Index
CPU burst
Write to file

Wait for I/O

I/O burst
Sequence of CPU & I/O bursts.
Preemptive Scheduling

CPU Schedulers

 The Long Term Scheduler

 The Short Term Scheduler

Dispatcher

 The dispatcher is the module that gives control of the CPU to the
process selected by the short-term scheduler
Function involves

 Switching context
 Switching to user mode

 Jumping to the proper location in the user program to restart that

program
Scheduling
Scheduling Criteria
Algorithms

 First Come First

 CPU utilization Served Scheduling
 Throughput  Shorter Job First
 Turnaround time Scheduling
 Waiting time  Priority Scheduling

 Response time  Round Robin

Scheduling
First-Come, First-Serve Scheduling

The process that requests the CPU first is allocated the CPU first.
Example: Given -Set of processes that arrive at time 0, with the length
of the CPU-burst time given in milliseconds

The average waiting time is (0 + 24 + 27)/3 = 17 milliseconds.

Say the order is changed to P2, P3, P1

The average waiting time is (0 + 24 + 27)/3 = 17 milliseconds.

Say the order is changed to P2, P3, P1

Shorter Job First Scheduling

 CPU time is assigned to the process that has the smallest CPU
burst.

 FCFS scheduling is used to break the tie when two processes have
the same length next CPU burst.
Average waiting time is (3 + 16 + 9 + 0)/4 = 7 milliseconds
Preemptive SJF schedule

Process Arrival Time Burst

P1 0 8
P2 1 4
P3 2 9
P4 3 5
Priority Scheduling

The CPU is allocated to the process with the highest priority Priority
scheduling can be either preemptive or nonpreemptive

Drawback:

Indefinite blocking [starvation]

Solution

Aging

A technique of gradually increasing the priority of processes that wait in

the system for a long time.

Round Robin Scheduling

  The round-robin (RR) scheduling algorithm is designed especially
for time- sharing systems.

 A small unit of time, called a time quantum, or time slice, is

defined.
Example
Process Burst Time
P1 24
P2 3
P3 3

Deadlock (Unit -4)

 System Model
 Necessary Conditions for dead lock
 Resource-Allocation Graph
 Methods for Handling Deadlocks

Deadlock Prevention

Deadlock situation

s
Necessary Conditions for a deadlock to occur

1. Mutual exclusion

2. Hold and wait

3. No preemption

4. Circular wait

Necessary conditions -picture

Resource-Allocation Graph

Deadlocks in terms of a directed graph called a system resource-

allocation graph

 Consist of a set of vertices V and a set of edges E.

  V is divided into
o P = {P1, P2... Pn} and

o R = {R1, R2... Rm.}

Request edge Pi Rj

Assignment edge Rj Pi
Resource allocation picture

 = {P1, P2, P3}

 R= {R1, R2, R3, R4}

 E = {P1 R2, P2 R3, R1 P2, R2 P2, R2 P1, R3
P3}

Methods for Handling Deadlocks

 Deadlock-prevention
 Deadlock-avoidance

 Deadlock-detection
Deadlock-prevention

 Mutual exclusion
 Hold and wait
 No preemption

 Circular wait
Deadlock-prevention

 Mutual Exclusion
o Make the resources Sharable

 Hold and Wait

Ensure that whenever process requests a resource, it does not hold
any other resources
Protocols used
a. Each process requests resourced and be allocated with all
requested resources before it begins execution.
 b. A process requests resources only when the process has ne.
Disadvantages
 Resource utilization may be low

 Starvation

No Preemption

Protocol used

 If a process that is holding some resources requests

another resource that cannot be immediately
allocated to it, then all resources currently being held
are preempted
 These resources are implicitly released.
 The preempted resources are added to the list of
resources for which the process is waiting.

 The process will be restarted only when it can regain

its old resources, as well as the new ones that it is
requesting.
Circular Wait

Let R = {R1, R2, ... Rm} be the set of resource types.

A one-to-one function F: R N, where N is the set of natural
numbers

To prevent deadlocks consider

 Each process can request resources only in an increasing order of

enumeration.
 A process can initially request any number of instances of a
resource type, says Ri. After that, the process can request
instances of resource type Rj if and only if F (Rj) > F (Ri).
 If several instances of the same resource type are needed, a
single request for all of them must be issued.

 Whenever a process requests an instance of resource type Rj, it

has released any resources Ri such that F(Ri) > F(Rj).
Example
F(tape drive) = 1,
F(disk drive) = 5,

F(Printer) = 12

Deadlock (Unit -4)

 Deadlock Avoidance
 Changing state from safe to unsafe
 Banker's Algorithm
 Safety Algorithm
 Resource-Request Algorithm

 Deadlock Detection
Deadlock Avoidance

 With the knowledge of the complete sequence of requests and

releases for each process, decide for each request, whether or not
the process should wait.

 Each process must declare the maximum number of resources of

each type that it may need.
Safe State

 State is safe if the system can allocate resources to each process

in some order and still avoid a deadlock.

 A system is in a safe state only if there exists a safe sequence

 <P1, P2, ..., Pn> is a safe sequence for the current allocation state
if, for each Pi, the resources that Pi can still request can be
satisfied by the currently available resources plus the resources
held by all the Pj, with j < i.
 If no safe sequence exists, then the System State is said to be
unsafe.

 A safe state is not a deadlock state.

 A deadlock state is an unsafe state

 Not all-unsafe states are deadlocks

Example

Consider a system with 12 magnetic tape drives and 3 processes: P 0, P1,

and P2. Process

P0 requires 10 tape drives

Process P1 may need as many as 4,

Process P2 may need up to 9 tape drives.

At time to Maximum Needs Current Needs

P0 10 5
P1 4 2
P2 9 2

At time to, the system is in a safe state. The sequence <P 1, P0, P2>
satisfies the safety condition.

Changing state from safe to unsafe

Say, at time t0, process P2 requests and is allocated 1 more tape drive

State - The system is not in safe state

Reason

1. Consider Sequence <P1, P0, P2>, only process P1 can be allocated all its tape
drives.

2. When it returns them, the system will have only 4 available TAPE
drives
Banker's Algorithm

Data Structures

Available: If Available [ j ] = k, there are k instances of resource type Rj available.

Max: If Max[i, j] =k, then Pi may request at most k instances of resource type Rj.

Allocation: If Allocation[i,j] = k, then process Pi is currently allocated k instances

of resource type Rj.

Need: If Need [i, j] = k, then Pi may need k more instances of resource type Rj to
complete its task.

Safety Algorithm

1. Let Work and Finish be vectors of length m and n, respectively.

Initialize Work: = Available and Finish[i] := false for i = 1, 2, ..., n.
 2. Find an i such that both
a. Finish[i] =false

b. Need <= Work

If no such i exists, go to step 4.

3. Work := Work + Allocation ; Finish[i] := true go to step2

4. If Finish[i] = true for all i, then the system is in a safe state.

Resource-Request Algorithm

When a request for resources is made by process Pi, the following

actions are taken:

1. If Request i < Need i, go to step 2. Otherwise, raise an error

condition, since the process has exceeded its maximum claim.
2. If Request i Available, go to step 3. Otherwise, Pi must wait, since
the resources are not available.

3. Have the system pretend to have allocated the requested

resources to process Pj by modifying the state as follows:
Available := Available - Request i;
Allocation i := Allocation + Request i;

Need i := Need i - Request i;

Deadlock Detection

If deadlock-prevention or a deadlock- avoidance algorithm is not used:

 An algorithm that examines the state of the system to determine

where deadlock has occurred.

 An algorithm to recover from the deadlock.

Deadlock detection algorithm for Single Instance of each Resource
Type
Wait-for graph
 In the resource-allocation graph the nodes of type resources are
removed and appropriate edges are collapsed edges.


Several Instances of a Resource Type

 Available: A vector of length m indicates the number of available

resource of each type.
 Allocation: An n x m matrix defines the number of resources of
each currently allocated to each process

 Request: If Request [i, j] = k, then process Pi is requesting k more

instances of resource type Rj.
Detection algorithm
1. Let Work and Finish be vectors of length m and n, respectively.
Initialize Work := Available.
For i = 1, 2, ..., n,
if Allocation i = 0, then Finish[i] := false; otherwise, Finish[i] :=
true.
2. Find an index i such that both
a.Finish[i]=false.
b.Request;Work.
If no such i exists, go to step 4.
3. Work:=Work+Allocation;
Finish[i]:=true
go to step 2.

4. If Finish[i] = false, for some i, i < n, then the system is in a

deadlock state.
Moreover, if Finish[i] = false, then process Pi is deadlocked.
Detection-Algorithm Usage
Use of detection algorithm depends on two factors:
1. How often is a deadlock likely to occur?

2. How many processes will be affected by deadlock when it

happens?
 If deadlocks occur frequently, then the detection algorithm should
be invoked frequently.
 Deadlocks can come into being only when some process makes a
request that cannot be granted immediately.

 In the extreme, we could invoke the deadlock-detection algorithm

every time a request for allocation cannot be granted immediately.

Recovery from Deadlock

Ways to inform the operator that a deadlock has occurred:

 Let the operator deal with the deadlock manually
 Let the system recover from the deadlock automatically
o Simply to abort one or more processes to break the circular
wait

o Free some resources from one or more of the deadlocked

processes
Process Termination
Two methods to eliminate deadlocks by aborting a process
 Abort all deadlocked processes

 Abort one process at a time until the deadlock cycle is eliminated

Resource Preemption

Issues need to be addressed If preemption is required to deal with

 deadlocks
1. Selecting a victim: Which resources and which processes are to be
preempted?
2. Rollback: If we preempt a resource from a process, what should
be done with that process?

3. Starvation: How do we ensure that starvation will not occur?

Memory Management Unit -5

 Background
 Overlays
 Logical versus Physical Address Space
 Swapping
 Continuous Allocation
 External and Internal Fragmentation
 Paging

 Segmentation

The binding of instructions done at

 Compile time
 Load time

 Execution time
Dynamic Loading

 With dynamic loading, a routine is not loaded until it is called.

 The advantage of dynamic loading is that an unused routine is

never loaded
Steps
1. The main program is loaded memory and is executed.
2. When a routine needs to call another routine, calling routine first
checks to see whether the other routine has been loaded.
3. If it has not been, the relocatable linking loader is called to load
the routine into memory and to update the program's address
tables to reflect change.

4. The control is passed to the newly loaded routine.

Dynamic Linking
  Until execution time linking is postponed
 Used with system libraries, such as language subroutine libraries.
 A stub is used which is a small piece of Code.
o It indicates how to locate the appropriate memory-resident
library routine

o It indicates how to load the library if the routine is not

already present.
Overlays

The deal of overlays is to keep in memory only those instructions and

data that are needed at any given time.

Example

A two-pass assembler

Pass 1 Pass 2
Symbol Machine Common Routines
Table Language Code

Pass 1 70K
Pass 2 80K
Symbol Table 20K
Common Routines 30K
Overlay A
Pass 1 Overlay B

Symbol Pass 2
Table Machine Language Code
Common Common Routines
Routines

Diagram
Logical versus Physical Address Space

 An address generated by the CPU is commonly referred to as a

logical address.
 An address seen by the memory unit is commonly referred to as a
physical address.
 The set of all logical addresses generated by a program is referred
to as a logical address space.
 The set of all physical addresses corresponding to these logical
addresses is referred to as a physical address space.

 The memory-management unit (MMU) performs the mapping from

virtual to physical addresses.
Swapping

 A process can be swapped temporarily out of memory to a backing

store, and then brought back into memory for continued
execution.
 Variant of swapping is sometimes called roll out, roll in.

Continuous Allocation

Divisions of memory

Strategies used to select free holes

1. First-fit:
 Allocate the first hole that is big enough.
 Searching can start

 At the beginning of the set of holes where the previous first-fit

search ended.
2. Best fit:
 Allocate the smallest hole that is big enough
 Search the entire list, unless the list is kept ordered by size

 This strategy produces the smallest leftover hole

3. Worst-fit:
 Allocate the largest hole.
 Search the entire list unless it is sorted by size

 This strategy produces the largest leftover

External and Internal Fragmentation

External fragment: External fragmentation exists when enough

memory space exists to satisfy a request, but it is not contiguous;
it is fragmented into a large number of small holes.
Internal Fragmentation

Memory that is internal to a partition, but is not being used.

Solution to external fragmentation

Compaction

Shuffle the memory contents to place all free memory together in one
large block
100K, 300K and 260K are merged to get 660K large free block.
Paging

Allowing a process to be allocated physical memory wherever the free

space is available

 Physical memory is broken into fixed-sized blocks called frames.

 Logical memory is also broken into blocks of the same size called
pages.

 Every address generated by the CPU is divided into two parts: a

page number (p) and a page offset (d).

 The page number is used as an index into a page table.

The paging model of memory
Segmentation

 Memory can be viewed as a collection of variable-sized segments,

with no necessary ordering among segments.

 Segmentation is a memory-management scheme that supports

user view of memory as various segments.

Segmentation

 A logical address space is a collection of segments.

  Each segment has a name and a length.
 The addresses specify both the segment name and the offset
within the segment.
 Segments are numbered and are referred to by a segment
number.
 A logical address consists of a two tuple.

<segment-number(s), offset(d)>

Virtual Memory Unit -6

 Demand paging
 Page Replacement Algorithm
 Global Versus Local Allocation

 Thrashing
Virtual memory
 Virtual memory is a technique that allows the execution of
processes that may not be completely in memory.

 Virtual memory is the separation of user logical memory from

physical memory
Advantages
1. Programs can be larger than physical memory
2. It abstracts main memory into an extremely large, uniform array
of storage, separating logical memory as viewed by the user from
physical memory

3. Frees grammars from concern over memory storage limitations

Disadvantage
1. May decrease performance it is used carelessly.
Demand Paging

 A demand paging system is similar to a paging system with

swapping.
 A page is swapped into memory when that page will be needed

 A lazy swapper (pager) is used which never swaps a page into

memory unless that page will be needed
 Valid - Invalid Bit: Is a hardware support to distinguish between
those pages that are in memory and those pages that are on the
disk.
 If bit is set to "valid", it indicates that the associated page is both
legal and in memory.

 If the bit is set to "invalid," that is 1, it indicates that the page

either is not valid or is valid but is currently on the disk.
Usage of Valid - Invalid Bit
 Figure

A page trap occurs if the process tries to use a page that was not
brought, into memory

Page Replacement Algorithms

 FIFO Algorithm
 Optimal Algorithm

 LRU Algorithm
FIFO Algorithm

There are 15 faults together.

Optimal Algorithm

 An optimal page-replacement algorithm has the lowest page-fault rate of all

algorithms.
 An optimal algorithm will never suffer from Belady's anomaly.

 It says
"Replace the page that will not be used for the longest period of time"

LRU Algorithm

The least constantly used (LRU) algorithm is the optimal page-replacement

algorithm looking backward in time.
It says

"Replace the page that has not used for the longest period of time"

Global Versus Local Allocation

1. Global replacement
 Allows a process to select a replacement frame from the set of all frames, even if
that frame is currently allocated to some other process

 One process can take a frame from another

2. Local replacement
 Each process can select frames only from its own set of allocated frames

 The number of frames allocated to a process does not change

Example
An allocation scheme allows high-priority processes to select frames from low-priority processes for
replacement.
Thrashing

 High paging activity is called thrashing.

 A process is thrashing if it is spending more time, paging than executing.

Cause of Thrashing

 If the operating system sees that the CPU utilization is too low, introducing a new
process to the system increases the degree of multiprogramming.
 A global page-replacement algorithm is used, replacing pages with no regard to th
process to which they belong
 If process needs more frames, it starts faulting and taking pages away from other
processes
 All process faulting queue up for the paging device, the ready queue empties with
reduction in CPU utilization.
 Decreasing CPU utilization leads to increase in the degree of multiprogramming

 News process tend to increase the paging further decrease in CPU utilization
The effects of thrashing can be limited by using a local (or priority) replacement algorith

Unit-08-File System Interface and Implementation

Structure

8.1 Introduction

Objectives

8.2 Concept of a File

Attributes of a File

Operations on Files

Types of Files

Structure of File

8.3 File Access Methods

Sequential Access

Direct Access

Indexed Sequential Access

8.4 Directory Structure

Single Level Directory

Two Level Directory

Tree Structured Directories

8.5 Allocation Methods

Contiguous Allocation

Linked Allocation

Indexed Allocation

Performance Comparison

8.6 Free Space Management

Bit Vector

Linked List

Grouping

Counting

8.7 Directory Implementation

Linear List
Hash Table

8.8 Summary

8.9 Terminal Questions

8.10 Answers

8.1 Introduction

The operating system is a resource manager. Secondary resources like the disk are also to
be managed. Information is stored in secondary storage because it costs less, is non-
volatile and provides large storage space. Processes access data / information present on
secondary storage while in execution. Thus, the operating system has to properly
organize data / information in secondary storage for efficient access.

The file system is the most visible part of an operating system. It is a way for on-line
storage and access of both data and code of the operating system and the users. It resides
on the secondary storage because of the two main characteristics of secondary storage,
namely, large storage capacity and non-volatile nature.
Objectives:

At the end of this unit, you will be able to understand:

The concepts of Files, Different File access methods. Different directory structures, disk
space allocation methods, how to manage free space on the disk and implementation of
directory.

8.2 Concept of a File

Users use different storage media such as magnetic disks, tapes, optical disks and so on.
All these different storage media have their own way of storing information. The
operating system provides a uniform logical view of information stored in these different
media. The operating system abstracts from the physical properties of its storage devices
to define a logical storage unit called a file. These files are then mapped on to physical
devices by the operating system during use. The storage devices are usually non-volatile,
meaning the contents stored in these devices persist through power failures and system
reboots.

The concept of a file is extremely general. A file is a collection of related information

recorded on the secondary storage. For example, a file containing student information, a
file containing employee information, files containing C source code and so on. A file is
thus the smallest allotment of logical secondary storage, that is any information to be
stored on the secondary storage need to be written on to a file and the file is to be stored.
Information in files could be program code or data in numeric, alphanumeric, alphabetic
or binary form either formatted or in free form. A file is therefore a collection of records
if it is a data file or a collection of bits / bytes / lines if it is code. Program code stored in
files could be source code, object code or executable code whereas data stored in files
may consist of plain text, records pertaining to an application, images, sound and so on.
Depending on the contents of a file, each file has a pre-defined structure. For example, a
file containing text is a collection of characters organized as lines, paragraphs and pages
whereas a file containing source code is an organized collection of segments which in
turn are organized into declaration and executable statements.

8.2.1 Attributes of a File

A file has a name. The file name is a string of characters. For example, test.c, pay.cob,
master.dat, os.doc. In addition to a name, a file has certain other attributes. Important
attributes among them are:

· e: information on the type of file.

· LocTypation: information is a pointer to a device and the location of the file on that
device.

· Size: The current size of the file in bytes.

· Protection: Control information for user access.

· Time, date and user id: Information regarding when the file was created last modified
and last used. This information is useful for protection, security and usage monitoring.

All these attributes of files are stored in a centralized place called the directory. The
directory is big if the numbers of files are many and also requires permanent storage. It is
therefore stored on secondary storage.

8.2.2 Operations on Files

A file is an abstract data type. Six basic operations are possible on files. They are:

1. Creating a file: two steps in file creation include space allocation for the file and an
entry to be made in the directory to record the name and location of the file.

2. Writing a file: parameters required to write into a file are the name of the file and the
contents to be written into it. Given the name of the file the operating system makes a
search in the directory to find the location of the file. An updated write pointer enables to
write the contents at a proper location in the file.

3. Reading a file: to read information stored in a file the name of the file specified as a
parameter is searched by the operating system in the directory to locate the file. An
updated read pointer helps read information from a particular location in the file.

4. Repositioning within a file: a file is searched in the directory and a given new value
replaces the current file position. No I/O takes place. It is also known as file seek.

5. Deleting a file: The directory is searched for the particular file, If it is found, file space
and other resources associated with that file are released and the corresponding directory
entry is erased.

6. Truncating a file: file attributes remain the same, but the file has a reduced size
because the user deletes information in the file. The end of file pointer is reset.

Other common operations are combinations of these basic operations. They include
append, rename and copy. A file on the system is very similar to a manual file. An
operation on a file is possible only if the file is open. After performing the operation, the
file is closed. All the above basic operations together with the open and close are
provided by the operating system as system calls.

8.2.3 Types of Files

The operating system recognizes and supports different file types. The most common way
of implementing file types is to include the type of the file as part of the file name. The
attribute ‘name’ of the file consists of two parts: a name and an extension separated by a
period. The extension is the part of a file name that identifies the type of the file. For
example, in MS-DOS a file name can be up to eight characters long followed by a period
and then a three-character extension. Executable files have a .com / .exe / .bat extension,
C source code files have a .c extension, COBOL source code files have a .cob extension
and so on.

If an operating system can recognize the type of a file then it can operate on the file quite
well. For example, an attempt to print an executable file should be aborted since it will
produce only garbage. Another use of file types is the capability of the operating system
to automatically recompile the latest version of source code to execute the latest modified
program. This is observed in the Turbo / Borland integrated program development
environment.

8.2.4 Structure of File

File types are an indication of the internal structure of a file. Some files even need to have
a structure that need to be understood by the operating system. For example, the structure
of executable files need to be known to the operating system so that it can be loaded in
memory and control transferred to the first instruction for execution to begin. Some
operating systems also support multiple file structures.

Operating system support for multiple file structures makes the operating system more
complex. Hence some operating systems support only a minimal number of files
structures. A very good example of this type of operating system is the UNIX operating
system. UNIX treats each file as a sequence of bytes. It is up to the application program
to interpret a file. Here maximum flexibility is present but support from operating system
point of view is minimal. Irrespective of any file structure support, every operating
system must support at least an executable file structure to load and execute programs.

Disk I/O is always in terms of blocks. A block is a physical unit of storage. Usually all
blocks are of same size. For example, each block = 512 bytes. Logical records have their
own structure that is very rarely an exact multiple of the physical block size. Therefore a
number of logical records are packed into one physical block. This helps the operating
system to easily locate an offset within a file. For example, as discussed above, UNIX
treats files as a sequence of bytes. If each physical block is say 512 bytes, then the
operating system packs and unpacks 512 bytes of logical records into physical blocks.

File access is always in terms of blocks. The logical size, physical size and packing
technique determine the number of logical records that can be packed into one physical
block. The mapping is usually done by the operating system. But since the total file size
is not always an exact multiple of the block size, the last physical block containing
logical records is not full. Some part of this last block is always wasted. On an average
half a block is wasted. This is termed internal fragmentation. Larger the physical block
size, greater is the internal fragmentation. All file systems do suffer from internal
fragmentation. This is the penalty paid for easy file access by the operating system in
terms of blocks instead of bits or bytes.
8.3 File Access Methods

Information is stored in files. Files reside on secondary storage. When this information is
to be used, it has to be accessed and brought into primary main memory. Information in
files could be accessed in many ways. It is usually dependent on an application. Access
methods could be :-

· Sequential access

· Direct access

· Indexed sequential access

8.3.1 Sequential Access

In a simple access method, information in a file is accessed sequentially one record after
another. To process the ith record all the i-1 records previous to I must be accessed.
Sequential access is based on the tape model that is inherently a sequential access device.
Sequential access is best suited where most of the records in a file are to be processed.
For example, transaction files.

8.3.2 Direct Access

Sometimes it is not necessary to process every record in a file. It may not be necessary to
process records in the order in which they are present. Information present in a record of
a file is to be accessed only if some key value in that record is known. In all such cases,
direct access is used. Direct access is based on the disk that is a direct access device and
allows random access of any file block. Since a file is a collection of physical blocks, any
block and hence the records in that block are accessed. For example, master files.
Databases are often of this type since they allow query processing that involves
immediate access to large amounts of information. All reservation systems fall into this
category. Not all operating systems support direct access files. Usually files are to be
defined as sequential or direct at the time of creation and accessed accordingly later.
Sequential access of a direct access file is possible but direct access of a sequential file is
not.

8.3.3 Indexed Sequential Access

This access method is a slight modification of the direct access method. It is in fact a
combination of both the sequential access as well as direct access. The main concept is to
access a file direct first and then sequentially from that point onwards. This access
method involves maintaining an index. The index is a pointer to a block. To access a
record in a file, a direct access of the index is made. The information obtained from this
access is used to access the file. For example, the direct access to a file will give the
block address and within the block the record is accessed sequentially. Sometimes
indexes may be big. So a hierarchy of indexes are built in which one direct access of an
index leads to info to access another index directly and so on till the actual file is
accessed sequentially for the particular record. The main advantage in this type of access
is that both direct and sequential access of files is possible.

8.4 Directory Structure

Files systems are very large. Files have to be organized. Usually a two level organization
is done:

· The file system is divided into partitions. In Default there is at least one partition.
Partitions are nothing but virtual disks with each partition considered as a separate
storage device.

· Each partition has information about the files in it. This information is nothing but a
table of contents. It is known as a directory.

The directory maintains information about the name, location, size and type of all files in
the partition. A directory has a logical structure. This is dependent on many factors
including operations that are to be performed on the directory like search for file/s, create
a file, delete a file, list a directory, rename a file and traverse a file system. For example,
the dir, del, ren commands in MS-DOS.

8.4.1 Single-Level Directory

This is a simple directory structure that is very easy to support. All files reside in one and
the same directory (Figure 8.1).

Figure 8.1: Single-level directory structure

A single-level directory has limitations as the number of files and users increase. Since
there is only one directory to list all the files, no two files can have the same name, that
is, file names must be unique in order to identify one file from another. Even with one
user, it is difficult to maintain files with unique names when the number of files becomes
large.

8.4.2 Two-Level Directory

The main limitation of single-level directory is to have unique file names by different
users. One solution to the problem could be to create separate directories for each user.

A two-level directory structure has one directory exclusively for each user. The directory
structure of each user is similar in structure and maintains file information about files
present in that directory only. The operating system has one master directory for a
partition. This directory has entries for each of the user directories (Figure 8.2).

Files with same names exist across user directories but not in the same user directory. File
maintenance is easy. Users are isolated from one another. But when users work in a group
and each wants to access files in another users directory, it may not be possible.

Access to a file is through user name and file name. This is known as a path. Thus a path
uniquely defines a file. For example, in MS-DOS if ‘C’ is the partition then
C:USER1TEST, C:USER2TEST, C:USER3C are all files in user directories. Files could
be created, deleted, searched and renamed in the user directories only.

Figure 8.2: Two-level directory structure

8.4.3 Tree-Structured Directories

A two-level directory is a tree of height two with the master file directory at the root
having user directories as descendants that in turn have the files themselves as
descendants(Figure 8.3). This generalization allows users to organize files within user
directories into sub directories. Every file has a unique path. Here the path is from the
root through all the sub directories to the specific file.

Usually the user has a current directory. User created sub directories could be traversed.
Files are usually accessed by giving their path names. Path names could be either
absolute or relative. Absolute path names begin with the root and give the complete path
down to the file. Relative path names begin with the current directory. Allowing users to
define sub directories allows for organizing user files based on topics. A directory is
treated as yet another file in the directory, higher up in the hierarchy. To delete a directory
it must be empty. Two options exist: delete all files and then delete the directory or delete
all entries in the directory when the directory is deleted. Deletion may be a recursive
process since directory to be deleted may contain sub directories.

Figure 8.3: Tree-structured directory structure

8.5 Allocation Methods

Allocation of disk space to files is a problem that looks at how effectively disk space is
utilized and quickly files can be accessed. The three major methods of disk space
allocation are:

· Contiguous allocation

· Linked allocation

· Indexed allocation

8.5.1 Contiguous Allocation

Contiguous allocation requires a file to occupy contiguous blocks on the disk. Because of
this constraint disk access time is reduced, as disk head movement is usually restricted to
only one track. Number of seeks for accessing contiguously allocated files is minimal and
so also seek times.

A file that is ‘n’ blocks long starting at a location ‘b’ on the disk occupies blocks b, b+1,
b+2, ….., b+(n-1). The directory entry for each contiguously allocated file gives the
address of the starting block and the length of the file in blocks as illustrated below
(Figure 8.4).

Figure 8.4: Contiguous allocation

Accessing a contiguously allocated file is easy. Both sequential and random access of a
file is possible. If a sequential access of a file is made then the next block after the current
is accessed, whereas if a direct access is made then a direct block address to the ith block
is calculated as b+i where b is the starting block address.

A major disadvantage with contiguous allocation is to find contiguous space enough for
the file. From a set of free blocks, a first-fit or best-fit strategy is adopted to find ‘n’
contiguous holes for a file of size ‘n’. But these algorithms suffer from external
fragmentation. As disk space is allocated and released, a single large hole of disk space is
fragmented into smaller holes. Sometimes the total size of all the holes put together is
larger than the size of the file size that is to be allocated space. But the file cannot be
allocated space because there is no contiguous hole of size equal to that of the file. This is
when external fragmentation has occurred. Compaction of disk space is a solution to
external fragmentation. But it has a very large overhead.

Another problem with contiguous allocation is to determine the space needed for a file.
The file is a dynamic entity that grows and shrinks. If allocated space is just enough (a
best-fit allocation strategy is adopted) and if the file grows, there may not be space on
either side of the file to expand. The solution to this problem is to again reallocate the file
into a bigger space and release the existing space. Another solution that could be possible
if the file size is known in advance is to make an allocation for the known file size. But in
this case there is always a possibility of a large amount of internal fragmentation because
initially the file may not occupy the entire space and also grow very slowly.

8.5.2 Linked Allocation

Linked allocation overcomes all problems of contiguous allocation. A file is allocated

blocks of physical storage in any order. A file is thus a list of blocks that are linked
together. The directory contains the address of the starting block and the ending block of
the file. The first block contains a pointer to the second, the second a pointer to the third
and so on till the last block (Figure 8.5)

Initially a block is allocated to a file, with the directory having this block as the start and
end. As the file grows, additional blocks are allocated with the current block containing a
pointer to the next and the end block being updated in the directory.

This allocation method does not suffer from external fragmentation because any free
block can satisfy a request. Hence there is no need for compaction. moreover a file can
grow and shrink without problems of allocation.

Figure 8.5: Linked allocation

Linked allocation has some disadvantages. Random access of files is not possible. To
access the ith block access begins at the beginning of the file and follows the pointers in
all the blocks till the ith block is accessed. Therefore access is always sequential. Also
some space in all the allocated blocks is used for storing pointers. This is clearly an
overhead as a fixed percentage from every block is wasted. This problem is overcome by
allocating blocks in clusters that are nothing but groups of blocks. But this tends to
increase internal fragmentation. Another problem in this allocation scheme is that of
scattered pointers. If for any reason a pointer is lost, then the file after that block is
inaccessible. A doubly linked block structure may solve the problem at the cost of
additional pointers to be maintained.

MS-DOS uses a variation of the linked allocation called a file allocation table (FAT). The
FAT resides on the disk and contains entry for each disk block and is indexed by block
number. The directory contains the starting block address of the file. This block in the
FAT has a pointer to the next block and so on till the last block (Figure 8.6). Random
access of files is possible because the FAT can be scanned for a direct block address.

Figure 8.6: File allocation table

8.5.3 Indexed Allocation

Problems of external fragmentation and size declaration present in contiguous allocation

are overcome in linked allocation. But in the absence of FAT, linked allocation does not
support random access of files since pointers hidden in blocks need to be accessed
sequentially. Indexed allocation solves this problem by bringing all pointers together into
an index block. This also solves the problem of scattered pointers in linked allocation.

Each file has an index block. The address of this index block finds an entry in the
directory and contains only block addresses in the order in which they are allocated to the
file. The ith address in the index block is the ith block of the file (Figure 8.7). Here both
sequential and direct access of a file are possible. Also it does not suffer from external
fragmentation.
Figure 8.7: Indexed Allocation

Indexed allocation does suffer from wasted block space. Pointer overhead is more in
indexed allocation than in linked allocation. Every file needs an index block. Then what
should be the size of the index block? If it is too big, space is wasted. If it is too small,
large files cannot be stored. More than one index blocks are linked so that large files can
be stored. Multilevel index blocks are also used. A combined scheme having direct index
blocks as well as linked index blocks has been implemented in the UNIX operating
system.

8.5.4 Performance Comparison

All the three allocation methods differ in storage efficiency and block access time.
Contiguous allocation requires only one disk access to get a block, whether it be the next
block (sequential) or the ith block (direct). In the case of linked allocation, the address of
the next block is available in the current block being accessed and so is very much suited
for sequential access. Hence direct access files could use contiguous allocation and
sequential access files could use linked allocation. But if this is fixed then the type of
access on a file needs to be declared at the time of file creation. Thus a sequential access
file will be linked and cannot support direct access. On the other hand a direct access file
will have contiguous allocation and can also support sequential access, the constraint in
this case is making known the file length at the time of file creation. The operating
system will then have to support algorithms and data structures for both allocation
methods. Conversion of one file type to another needs a copy operation to the desired file
type.

Some systems support both contiguous and linked allocation. Initially all files have
contiguous allocation. As they grow a switch to indexed allocation takes place. If on an
average files are small, than contiguous file allocation is advantageous and provides good
performance.

8.6 Free Space Management

The disk is a scarce resource. Also disk space can be reused. Free space present on the
disk is maintained by the operating system. Physical blocks that are free are listed in a
free-space list. When a file is created or a file grows, requests for blocks of disk space are
checked in the free-space list and then allocated. The list is updated accordingly.
Similarly, freed blocks are added to the free-space list. The free-space list could be
implemented in many ways as follows:

8.6.1 Bit Vector

A bit map or a bit vector is a very common way of implementing a free-space list. This
vector ‘n’ number of bits where ‘n’ is the total number of available disk blocks. A free
block has its corresponding bit set (1) in the bit vector whereas an allocated block has its
bit reset (0).

Illustration: If blocks 2, 4, 5, 9, 10, 12, 15, 18, 20, 22, 23, 24, 25, 29 are free and the rest
are allocated, then a free-space list implemented as a bit vector would look as shown
below:

00101100011010010010101111000100000………

The advantage of this approach is that it is very simple to implement and efficient to
access. If only one free block is needed then a search for the first ‘1’ in the vector is
necessary. If a contiguous allocation for ‘b’ blocks is required, then a contiguous run of
‘b’ number of 1’s is searched. And if the first-fit scheme is used then the first such run is
chosen and the best of such runs is chosen if best-fit scheme is used.

Bit vectors are inefficient if they are not in memory. Also the size of the vector has to be
updated if the size of the disk changes.

8.6.2 Linked List

All free blocks are linked together. The free-space list head contains the address of the
first free block. This block in turn contains the address of the next free block and so on.
But this scheme works well for linked allocation. If contiguous allocation is used then to
search for ‘b’ contiguous free blocks calls for traversal of the free-space list which is not
efficient. The FAT in MS-DOS builds in free block accounting into the allocation data
structure itself where free blocks have an entry say –1 in the FAT.

8.6.3 Grouping

Another approach is to store ‘n’ free block addresses in the first free block. Here (n-1)
blocks are actually free. The last nth address is the address of a block that contains the
next set of free block addresses. This method has the advantage that a large number of
free block addresses are available at a single place unlike in the previous linked approach
where free block addresses are scattered.
8.6.4 Counting

If contiguous allocation is used and a file has freed its disk space then a contiguous set of
‘n’ blocks is free. Instead of storing the addresses of all these ‘n’ blocks in the free-space
list, only the starting free block address and a count of the number of blocks free from
that address can be stored. This is exactly what is done in this scheme where each entry in
the free-space list is a disk address followed by a count.

8.7 Directory Implementation

The two main methods of implementing a directory are:

· Linear list

· Hash table

8.7.1 Linear List

A linear list of file names with pointers to the data blocks is one way to implement a
directory. A linear search is necessary to find a particular file. The method is simple but
the search is time consuming. To create a file, a linear search is made to look for the
existence of a file with the same file name and if no such file is found the new file created
is added to the directory at the end. To delete a file, a linear search for the file name is
made and if found allocated space is released. Every time making a linear search
consumes time and increases access time that is not desirable since a directory
information is frequently used. A sorted list allows for a binary search that is time
efficient compared to the linear search. But maintaining a sorted list is an overhead
especially because of file creations and deletions.

8.7.2 Hash table

Another data structure for directory implementation is the hash table. A linear list is used
to store directory entries. A hash table takes a value computed from the file name and
returns a pointer to the file name in the linear list. Thus search time is greatly reduced.
Insertions are prone to collisions that are resolved. The main problem is the hash function
that is dependent on the hash table size. A solution to the problem is to allow for chained
overflow with each hash entry being a linked list. Directory lookups in a hash table are
faster than in a linear list.

8.8 Summary

In this chapter the operating system as a secondary resource manager has been studied.
Data / information stored in secondary storage has to be managed and efficiently accessed
by executing processes. To do this the operating system uses the concept of a file. A file is
the smallest allotment of secondary storage. Any information to be stored needs to be
written on to a file. We have studied file attributes, operations on files, types and structure
of files, File access methods, File Allocation methods and implementation of a file. We
have also learnt the concept of a directory, its various structures for easy and protected
access of files and its implementation.

Self Assessment Questions

1. A file is a collection of related information recorded on the ___________.

2. ___________ is best suited access method where most of the records in a file are to be
processed.

3. _______________ requires a file to occupy continuous blocks on the disk.

4. In a linked allocation ________________ is not possible.

5. Problems of external fragmentation and size declaration present in contiguous

allocation are overcome in ______________.

8.9 Terminal Questions

1. Explain the concept of File.

2. What is the difference between a File and Directory?

3. Explain Different operations possible on Files.

4. What is the need for a directory? Explain the different directory structures.

5. Explain any two Disk space Allocation Methods.

6. Write a short note on Free space Management.

7. Discuss the different methods of implementing a Directory.

BT0070-Unit-09-Operating Systems in Distributed Processing

Unit-09-Operating Systems in Distributed Processing

Structure

9.1 Introduction

Objectives
9.2 Characteristics of Distributed Processing

9.3 Characteristics of Parallel processing

9.4 Centralized v/s Distributed Processing

Distributed Applications

Distribution of Data

Distribution of Control

9.5 Network Operating System (NOS) Architecture

9.6 Functions of NOS

Redirection

Communication Management

File / Printer Services

Network Management software

9.7 Global Operating System (GOS)

Migration

Resource Allocation / Deallocation

9.8 Remote Procedure Call (RPC)

Message Passing Schemes

Types of services

RPC

Calling Procedure

Parameter Representation

Ports

9.9 Distributed File Management

9.10 Summary

9.11 Terminal Questions

9.12 Answers

9.1 Introduction

Earlier were the days of centralized computing. With the advent of micro and mini
computers, distributed processing is becoming more and more popular. Merely having a
large central computer with a number of remote terminals connected to it or with a
number of computers at different locations with no connection among them do not
constitute a distributed processing because neither processing nor data is distributed in
any sense.

Operating systems have moved from single process systems to single processor, multi-
user, and multitasking systems. Today the trend is towards multiprocessor, multitasking
systems. Distributed processing and parallel processing are two technologies used to
harness the power of a multiprocessor system. A proper mix of the technologies may
yield better results.

Distributed processing and parallel processing have a common goal – high throughput
using more processors. Then why not use a faster processor? It is difficult to achieve
higher throughput out of hardware just by increasing speed of the processor. Moreover
faster processors mean high costs. Higher throughput was envisaged by using the
available microprocessors and interconnecting them. This is called distributed processing
or loosely coupled system. In parallel processing or tightly coupled systems there is only
one computer with multiple CPUs. The operating system here is responsible for load
distribution, communication and co-ordination.

In distributed processing, computers have to be connected to one another by links

enabling electronic data transfer and data sharing among the various connected
computers. In a distributed client-server computing environment, the server is huge and
handles large databases / computational requests. Clients have smaller processing
capability and are spread across different locations. The operating system in such a case
has to be restructured to cater to this form of distributed processing. Two approaches to
the problem are:

· Network operating system (NOS)

· Global operating system (GOS)

Objectives:

At the end of this unit, you will be able to understand:

· Characteristics of Distributed Processing, parallel processing and centralized
processing.

· Achitecture of Network Operating System(NOS) and functions of NOS.

· About Global Operating System, Remote Procedure Call and Distributed File
Management.

9.2 Characteristics of Distributed Processing

· Processing may be distributed by location

· Processing is divided among different processors depending on the type of processing

done. For example, I/O handled by one processor, user interaction by another and so on.

· Processes can be executing on dissimilar processors.

· Operating system running on each processor may be different.

9.3 Characteristics of Parallel processing

· All processors are tightly coupled, use shared memory for communication and are
present in one case.

· Any processor can execute any job. All processors are similar.

· All processors run a common operating system.

9.4 Centralized v/s Distributed Processing

Distributed processing implies a number of computers connected together to form a

network. This connection enables distributed applications, data, control or a combination
of all of them as against centralized applications, data and control in centralized systems.

9.4.1 Distributed Applications

Distributed applications mean different programs on different computers. This scheme

allows the possibility of data capture at the place of its origin. Connections between these
computers then allow this data to be shared. Programs / applications could be distributed
in two ways. They are:

· Horizontal distribution

· Vertical / hierarchical distribution

In horizontal distribution all computers are at the same level implying that all the
computers are capable of handling any functionality. Examples include office automation
and reservation systems where many computers in a network are able to reserve, cancel
or enquire. Application with all its programs is duplicated at almost all the computers.

In vertical or hierarchical distribution, functionality is distributed among various levels.

These levels usually reflect some hierarchical levels in the organization. Computers at
each of these levels perform specialized functions. For example, computers at branch
level carry out branch level functions and those at zonal level are used for zonal level
functions in a banking organization. Computers at each level can be networked together
to avail shared data. There are possibilities of connections between levels to enable
exchange of data and information. Here applications running on different computers may
be the same but for an application program different capabilities may be present at
different levels. For example, sales analysis at branch level and sales analysis at zonal
level may generate summaries in different formats.

9.4.2 Distribution of Data

In a distributed environment, data can also be distributed similar to distribution of

programs. Data for applications could be maintained as:

· Centralized data

· Replicated data

· Partitioned data

In centralized data, data resides only at one central computer that can be accessed or
shared by all other computers in the network. For example, master database. This central
computer must run an operating system that implements functions of information
management. It must keep track of users and their files and handle data sharing,
protection, disk space allocation and other related issues. It must also run a front-end
software for receiving requests / queries from other computers for data. These requests
are then serviced one by one. It is because of this software that this central computer is
called a server. Computers connected to the server can have their own local data but
shared data has to necessarily reside in the server. In a distributed environment, part of
the master database could be centralized and the rest distributed among the connecting
computers.

Sometimes a particular database is required very often at each computer in the network.
If it is stored only in a central computer, as above, transmitting it from the server to local
computers when required is time consuming and an unwanted exercise because the
current state of the database may not have changed from a previous state. In such cases,
the specific database can be replicated or duplicated in the computer where it is needed
often. But to maintain data coherence when part of the database has been updated, the
modifications have to be reflected in all the places where it has been duplicated. For
example, information about train timings and fares would need replication because this
information is needed at all terminals which cater to train bookings / reservations /
enquires, the reason being frequency of changes to this particular database is very low.

Data could be distributed in a partitioned way. The entire database is sliced into many
parts. Each part of the database then resides on a computer. Processing depends upon the
kind of data distribution. Any other computer wanting to access information / data present
not locally but at a remote site must send a query and receive the contents needed. If such
is the case then each computer will run front-end software to receive queries and act a
server for the data stored in it.

9.4.3 Distribution of Control

Control in a distributed environment refers to deciding which program should be

scheduled to run next, at which node / computer, what is its data requirement, is there a
necessity for data at remote site to be transferred to the node and so on. Network
management routines continuously monitor lines and nodes. They help in fault detection
and suggest and implement necessary actions to be taken.

9.5 Network Operating System (NOS) Architecture

The architecture of typical NOS is shown below (Figure 9.1). The basic features in any
NOS are explained by tracing the steps involved in a remote read. It is assumed that
shared data resides on the server and clients are those computers in the network (other
than the server) that want to access the shared data.

· Software called redirection software exists in the client.

· A system call generated by an application program not related to any I/O function is
handled by the local operating system (LOS) running on the client.

· In a non-NOS environment all I/O by an application program is to the LOS only.

However, in the case of NOS environment this cannot be assumed. I/O may be to a local
database or a remote database. In such a case a call is made to the redirection software of
the NOS. The application program making this I/O call has knowledge about the location
of the data (local / remote) and hence requests either the LOS for local data or the NOS
for shared data. The NOS differentiates between a LOS I/O call and a NOS I/O call.

· If the request is for remote data then the call has to be processed as a remote procedure
call (RPC) from the client to the server. In response to this request, data traverses back to
the client from the server. Communication management software handles the request for
data and the actual data. This software resides both on the server as well as the client and
ensures that a message is communicated between client and the server without any error
and implements network functions such as packetizing, routing, error and flow control.
· For a remote request the redirection software on the client sends a request to the
communication management software on the client.

· The communication management software on the client generates a RPC and sends it
across the network.

· The communication management software on the server receives the request and in turn
requests the network services software on the server itself for the clients request. This
software is responsible for sharable resources such as files, disks, databases and printers.
The software receives many such requests from different clients, generates a task for each
one of them and schedules them for service. Thus NOS implements some kind of
multitasking to service multiple tasks. Since network services software accesses shared
resources, access control and protection are implemented.

· The network services software on the server communicates with the information
management module of the operating system running on the server to get the requested
data. Two approaches are possible. In one approach, capabilities of information
management are built into the NOS such as in NetWare. In the other approach, a separate
operating system such as UNIX runs on the server and the network services software
module of the NOS generates calls to the operating system, in this case, UNIX running
on the server for required data.

· The network services software on the server sends the required data to the
communication management software on the server to be sent to the client.

· The communication management software on the server also implements network

functions such as packetizing, routing, sequence control, error and flow control to ensure
error free data transfer to the client.

· The communication management software on the client now sends the received data to
the application program so that it proceeds.

NOSs are available on LANs. LAN is an interconnection of a number of workstations to

form a network. The network also has a large and more powerful computer attached to it.
This computer called the server has a large disk and a printer attached to it. The server
stores data that can be accessed by clients connected to the network. The clients in the
form of workstations have small local memories that can be used for storing frequently
accessed data once accessed from the server. Workstations can also be diskless in which
case they have no local memory. The LOS is also downloaded into main memory during
power up. All data in this case is requested and got from the server.
Figure 9.1: NOS architecture

9.6 Functions of NOS

The main functions of NOS can be summarized as follows:

· Redirection

· Communication management

· File / printer services

· Network management

9.6.1 Redirection

Redirection software normally resides on the client and also on the server. On the server
also because, if it is not a dedicated one then user of the server machine may want access
to other computers. When does the redirection software actually work? An interrupt is
executed by a system call generated, say for an I/O. It is at the time of execution of the
interrupt that redirection software intercepts to check if the I/O is local / remote. If it is
local, processing continues. If it is remote the redirection software has to generate a
request to the server. But generating a request to the server has problems. The operating
system running on the server may be different from that on the local machine generating
the request. Also system architecture of the server may be different from the client.
Therefore some conversion is necessary.

9.6.2 Communication Management

The communication management software runs on both the client and the server. It is
responsible for communication management. It is concerned with error-free transmission
of messages (requests and data) to the destination. The ordinary operating system
depends on separate software for this purpose. But in a NOS environment communication
management software is built into the NOS as a part of it. Thus it resides on all clients
and the server. It consists of a number of modules corresponding to the OSI layers.

9.6.3 File / Printer Services

File / printer resources are controlled by these services. This software runs only on the
server. Requests for shared resources are queued up, scheduled and then run as separate
tasks, thus making the NOS a multitasking operating system.

9.6.4 Network Management Software

Network management software is responsible for monitoring the network and its
components such as computers, modems, repeaters, lines, adapters, multiplexers and
many more. Special software enables online testing of these equipment from time to time,
checks their status and hence monitors the entire network. The network management
software is responsible for all this. It maintains a list of hardware equipment along with
its location and status. The list is updated when additional equipment is added or when
equipment is down for repair. It generates reports based on which action can be taken in
terms of repair / replacements. It helps routing algorithms to route data on appropriate
paths. The network management software resides on top of the existing operating system
in ordinary operating systems. But in a NOS environment it is part of the NOS.

9.7 Global Operating System (GOS)

The NOS is responsible for activities such as memory and process management on the
server. The NOS converts a request into a task, schedules and executes it. Memory and
processing power in all other computers in the network is not tapped to the maximum by
a NOS. This is exactly what the GOS attempts to do. It has a list of processes executing
on different machines and the resources needed by each one of them. Relatively free
processors can be scheduled with tasks for execution. Memory is managed at a global
level. The various functions of the GOS are:

· User interface

· Information management

· Process / object management

· Memory management

· Communication management
· Network management

A typical GOS environment is depicted in the figure below (Figure 9.2). Part of the
kernel of a GOS is duplicated at all sites. This kernel contains software to control
hardware. Resources like information, memory, etc are managed by software that need
not be replicated.

Figure 9.2: GOS environment

9.7.1 Migration

The GOS has a pool of resources that it allocates to various processes / tasks at a global
level. Migrations are necessary for optimal use of available resources. Migrations
include:

· Data migration

· Computation migration

· Process migration

Data migration involves movement of data. A program running at a site X wants access to
a file at site Y. Two options exist:

· Send the full file from Y to X

· Send only required portion of the file from Y to X

The first option is similar to the approach of a file server whereas the second is similar to
a database server. Software for sending the full file is simple. But the network will be
loaded and in case the file is updated at site X, the entire file has to be again sent back to
Y. If only required portions of a file are sent then network load is less but software to
handle this is complex. Depending on requests for remote data, the GOS may migrate
portion of data from one node to another or may replicate data to improve performance.
This also brings with it the problems of data integrity.

The GOS may sometimes resort to computation migration. If nodes are distributed in a
hierarchical fashion then data migration will need to transfer all files between levels.
Alternatively, if computation migration is followed then a process on one node can
request for execution of another process at a remote site through a RPC. The results of
this computation at remote site are then sent back for use. Here data file transfer is
avoided.
Sometimes a process may be scheduled on a node that does not have the necessary
requirements for the process because of which the process does not complete execution
but is waiting in a blocked state for a long time. Since it was the only processor at the
time of allocation it runs the process. Now that another processor with higher capacity is
free, the GOS should be able to migrate the process to the new processor. There exists a
tradeoff between the gain in performance of the migrated process and the overheads
involved.

GOS may resort to process migration to enforce:

· Load balancing: to have a uniform utilization of available resources

· Special facilities: to use hardware / software facilities available at a particular node

· Reducing network load: process execution at a proper node reduces data migration and
hence the load on the network.

9.7.2 Resource Allocation/ Deallocation

The GOS maintains a global list of all resources and allocates them to processes. This
also includes migrated processes . The resource allocation may lead to deadlocks.
Deadlock handling in distributed systems is complex due to difficulties in maintaining an
updated list of global resources. There is also a possibility of a false deadlock alarm. This
may be caused because of incorrect information about resources that in turn may be due
to delay in resource status reaching the global list. Deadlock detection can be centralized
or a distributed function. Deadlocks can also occur in the communication system due to
buffers getting full.

9.8 Remote Procedure Call (RPC)

A distributed environment consists of servers and clients. Server is a computer that offers
services of shared resources. Client is a computer that requests for a shared resource
present on the server through a request. A procedure is present on the server to locate and
retrieve data present on a shared device attached to it. This procedure is part of the
operating system running on the server. When a client requests for some data on the
server this procedure on the server operating system is called remotely from the client.
Hence it is called a remote procedure call (RPC).

9.8.1 Message Passing Schemes

RPC can be considered as a special case of a generalized remote message-passing scheme

as shown in below (Figure 9.3). The message handling module forms the interface that
runs on all the nodes connected in the network. It interfaces with processes running on
the nodes using primitives like SEND and RECEIVE. These modules handle
communication across the network. Communication management functions are executed
to ensure error-free communication.
Figure 9.3: Message passing scheme

9.8.2 Types of Services

Message passing can be of two types. They are:

· Reliable service

· Unreliable service

A virtual circuit analogous to a telephone service is an example of a reliable service

whereas a datagram analogous to the postal service is an example for unreliable services.
A reliable service ensures that the receiver receives the message sent by a sender
correctly and properly in sequence. The overhead in this service includes an increased
load on the network. An unreliable service only guarantees a high probability that a sent
message is correctly received in proper order.

Message passing schemes could also be categorized as:

· Blocking

· Non-blocking

In the blocking scheme, the process on the client that has requested for service from the
server gets blocked until it receives back the data, whereas in the non-blocking scheme,
the process requesting for service continues without waiting.

9.8.3 RPC

RPC can be viewed as an enhancement of a reliable blocking message-passing scheme to

execute a remote procedure on another node. The message in this case is not a general
one but specifies the procedure to be executed on the remote node along with required
parameters.

9.8.4 Calling Procedure

A general format for an RPC could be as follows:

CALL P (A, B)

where P is the called procedure

A are the passed parameters

B are the returned parameters

Parameters can be passed either by value or by reference. When parameters are passed by
value, the actual parameters are passed. Thus A and B will be actual parameters. If
parameters are passed by reference then the addresses of the actual parameters are passed.

In RPC call by reference is very difficult because it is difficult to let processors on

different machines to share a common address space. Hence call by reference does not
make sense in RPC. It becomes tedious and time consuming. It also increases the load on
the network. That is why only call by value method is used in RPC. A general schematic
of RPC is shown below (Figure 9.4). The client process issues an RPC and gets blocked.
The interface process completes the call and returns the results after which the client
process becomes ready again.

Figure 9.4: A general schematic of RPC

9.8.5 Parameter Representation

If an RPC is issued between processes running on identical machines with same

operating systems then parameters passed will be identical for a given language. But this
is not the case if the machine architecture or the operating system or the programming
language differs. One approach to this problem could be to have a common standard
format. Then each interface module will have routines to convert from / to its own
formats to / from the standard format. These routines will have to be present in all nodes
as well as the server.

9.8.6 Ports
If a server provides multiple services then normally a port number is associated with each
service. For example, port number 1154 for listing current users, port number 2193 for
opening a file and so on. RPC makes use of these port numbers. This simplifies
communication. Hence a message sent as a RPC to a remote node contains among other
information the port number and parameters for the service. The interface module on the
remote node reads the port number and then executes the appropriate service.

9.9 Distributed File Management

A network has many nodes. Each node has files in its local database. In NOS a user has to
specify the exact location of a file to get it transferred to his / her node. But this is not
required in GOS.

Sometimes in a NOS environment it is advantageous to keep multiple copies of the same

file at different nodes. This reduces transfer time and also traffic on the network. The
nearest node having the file can then satisfy a user request. To implement this, the node
requesting the file, the remote node where the file is present and the frequency of requests
need to be known. This is a dynamic situation since the pattern for file requests change
with time. Hence the number of nodes to replicate a file is a dynamic issue. Maintaining
data integrity is a problem as will have to be made at multiple locations.

Each node in the network runs its own local operating system and thus has its own file
system. This local file system (LFS) is responsible for allocating space to a file,
maintaining buffers, tables like FAT and so on. Services for file creation, deletion, read
and write are provided by it. It maintains the directory structure and associated files. The
functions of the LFS on a remote file are carried out by the distributed file system (DFS).
It allows the users to see an entire structure of files and directories present in all the nodes
put together as a hierarchy. An important implementation consideration in the design of
DFS is the policy to be used to implement file operations, especially write and update
operations. DFS has to have software to interface with the operating system running on
different nodes. This software should be present on all the nodes. If all nodes run the
same operating system then complexity of DFS is greatly reduced.

UNIX has a feature called RFS that is a DFS for UNIX. SUN has its NFS that is again a
DFS and is part of the SunOS operating system. NetWare-386 can support multiple
machines and multiple networks / distributed file systems at the same time.

9.10 Summary

We have studied what distributed processing is all about. We have seen how
applications / data / control can be distributed. We have also seen the architecture of
typical NOS and its functions. A GOS is necessary for optimal use of memory and
processing power in all computers in a network. We have learnt what a RPC is and how it
is executed. In addition to this an overview of Distributed File Management has also been
discussed.
Self Assessment Questions

1. Distributed processing and parallel processing have a common goal of

_______________

2. Distributed processing systems are also called ________________.

3. The communication management software runs on ________________.

4. In RPC _______________ is very difficult because it is difficult to let processors on

different machines to share a common address space.

5. A virtual circuit analogous to a telephone service is an example of _____________.

9.11 Terminal Questions

1. Distinguish between distributed processing and parallel processing.

2. Explain how applications and data can be distributed.

3. Describe the procedure of performing a remote read in a NOS.

4. What is the need for migration? Explain the different types of migration.

5. Explain the execution of a RPC.

6. Write a note on Distributed File Management.

9.12 Answers to Self Assessment Questions and Terminal Questions

Answers to Self Assessment Questions

1. High throughput using more processors.

2. Loosely coupled systems.

3. Both the client and server

4. Call by reference

5. Reliable service

Answers to Terminal Questions

1. Refer section 9.2 and 9.3

2. Refer section 9.4.1 and 9.4.2

3. Refer section 9.5

4. Refer section 9.7.1

5. Refer section 9.8

6. Refer section 9.9

BT0070-Unit-10-Security and Protection

Unit-10-Security and Protection

Structure

10.1 Introduction

Objectives

10.2 Attacks on Security

Authentication

Browsing

Invalid Parameters

Line tapping

Improper Access Controls

Rogue Software

10.3 Computer Worms

10.4 Computer Virus

Types of Viruses

Infection Methods

Mode of Operation

Virus detection
Virus Removal

Virus Prevention

10.5 Security Design Principles

10.6 Authentication

10.7 Protection Mechanism

10.8 Encryption

10.9 Security in Distributed Environment

10.10 Summary

10.11 Terminal Questions

10.12 Answers

10.1 Introduction

Personal computers were designed and intended for individual use. Hence security and
protection features were minimal. No two users could simultaneously use the same
machine. Locking the room physically which housed the computer and its accessories
could easily protect data and stored information. But today hardware costs have reduced
and people have access to a wide variety of computing equipment. With a trend towards
networking, users have access to data and code present locally as well as at remote
locations. The main advantages of networking like data sharing and remote data access
have increased the requirements of security and protection. Security and protection are
the two main features that motivated development of a network operating system
(example Novell NetWare).

Major threats to security can be categorized as

· Tapping

· Disclosure

· Amendment

· Fabrication

· Denial
Unauthorized use of service (tapping) and unauthorized disclosure of information
(disclosure) are passive threats whereas unauthorized alteration or deletion of information
(amendment), unauthorized generation of information (fabrication) and denial of service
to authorized users (denial) are active threats. In either tapping or disclosure, information
goes to a third party. In the former, information is accessed by the third party without the
knowledge of the other two parties and in the latter the source willingly / knowingly
discloses it to the third party.

Security is an important aspect of any operating system. Open Systems Interconnection

(OSI) defines the elements of security in the following terms:

· Confidentiality: Information is not accessed in an unauthorized manner (controlled

read)

· Integrity: Information is not modified or deleted in an unauthorized manner (controlled

write)

· Availability: Information is available to authorized users when needed (controlled read /

write / fault recovery)

Security is concerned with the ability of the operating system to enforce control over
storage and movement of data in and between the objects that the operating system
supports.

Objectives:

At the end of this unit, you will be able to understand:

· Attacks on Security, Meaning of Authentication and Confidentiality.

· Computer Viruses and types of viruses.

· Computer worms.

· Security Design principles.

· Protection Mechanisms and Security in Distributed Environment.

10.2 Attacks on Security

A security system can be attacked in many ways. Some of them are discussed below:

10.2.1 Authentication

Authentication is verification of access to system resources. Penetration is by an intruder

who may :
· Guess / steal somebody’s password and use it

· Use vendor supplied password usually used by system administrator for purposes of
system maintenance

· Find a password by trial and error

· Use a terminal to access information that has been logged on by another user and just
left like that.

· Use a dummy login program to fool a user

10.2.2 Browsing

Browsing through system files could get an intruder information necessary to access files
with access controls which are very permissive thus giving the intruder access to
unprotected files / databases.

10.2.3 Invalid Parameters

Passing of invalid parameters of failure to validate them properly can lead to serious
security violations.

10.2.4 Line Tapping

A communication line is tapped and confidential data is accessed or even modified.

Threat could be in the form of tapping, amendment or fabrication.

10.2.5 Improper Access Controls

If the system administrator has not planned access controls properly, then some users may
have too many privileges and others very few. This amounts to unauthorized disclosure of
information or denial of service.

10.2.6 Rogue Software

A variety of software programs exist under this title. Computer virus is very well known
among others. This is a deliberately written program or part of it intended to create
mischief. Such programs vary in terms of complexity or damage they cause. Creators of
this software have a deep knowledge of the operating system and the underlying
hardware. Other rogue software includes Trojan horse, Chameleon, Software bomb,
Worm, etc.

The above mentioned were some common ways in which a security system could be
attacked. Other ways in which a security system can be attacked may be through Trap
doors, Electronic data capture, Lost line, Waste recovery and Covert channels.
10.3 Computer Worms

A computer worm is a full program by itself. It spreads to other computers over a

network and while doing so consumes network resources to a very large extent. It can
potentially bring the entire network to a halt.

The invention of computer worms was for a good purpose. Research scientists at XEROX
PARC research center wanted to carry out large computations. They designed small
programs (worms) containing some identified piece of computations that could be carried
out independently and which could spread to other computers. The worm would then
execute on a machine if idle resources were available or else it would hunt the network
for machines with idle resources.

A computer worm does not harm any other program or data but spreads, thereby
consuming large resources like disk storage, transmission capacity, etc. thus denying
them to legal users. A worm usually operates on a network. A node in a network
maintains a list of all other nodes on the network and also a list of machine addresses on
the network. A worm program accesses this list and using it copies itself to all those
address and spreads. This large continuous transfer across the network eats up network
resources like line capacity, disk space, network buffers, tables, etc.

Two major safeguards against worms are:

· Prevent its creation: through strong security and protection policies

· Prevent its spreading: by introducing checkpoints in the communication system and

disallowing transfer of executable files over a network unless until they are permitted by
some authorized person.

10.4 Computer Virus

A computer virus is written with an intention of infecting other programs. It is a part of a

program that piggybacks on to a valid program. It differs from the worm in the following
ways:

· Worm is a complete program by itself and can execute independently whereas virus
does not operate independently.

Worm consumes only system resources but virus causes direct harm to the system by
corrupting code as well as data.

10.4.1 Types of Viruses

There are several types of computer viruses. New types get added every now and then.
Some of the common varieties are:
· Boot sector infectors

· Memory resident infectors

· File specific infectors

· Command processor infectors

· General purpose infectors

10.4.2 Infection Methods

Viruses infect other programs in the following ways:

· Append: virus code appends itself to a valid unaffected program

· Replace: virus code replaces the original executable program either completely or
partially

· Insert: virus code gets inserted into the body of the executable code to carry out some
undesirable actions

· Delete: Virus code deletes some part of the executable program

· Redirect: The normal flow of a program is changed to execute a virus code that could
exist as an appended portion of an otherwise normal program.

10.4.3 Mode of Operation

A virus works in a number of ways. The developer of a virus (a very intelligent person)
writes an interesting program such as a game or a utility knowing well the operating
system details on which it is supposed to execute. This program has some embedded
virus code in it. The program is then distributed to users for use through enticing
advertisements and at a low price. Having bought the program at a throwaway price, the
user copies it into his / her machine not aware of the devil which will show up soon. The
virus is now said to be in a nascent state. Curious about the output of the program bought,
the user executes it. Because the virus is embedded in the host program being run, it also
executes and spreads thus causing havoc.

10.4.4 Virus Detection

Virus detection programs check for the integrity of binary files by maintaining a
checksum and recalculating it at regular intervals. A mismatch indicates a change in the
executable file, which may be caused due to tampering. Some programs are also available
that are resident in memory and continuously monitor memory and I/O operations.
10.4.5 Virus Removal

A generalized virus removal program is very difficult. Anti-virus codes for removal of
viruses are available. Bit patterns in some virus code are predictable. The anti-virus
programs scan the disk files for such patterns of the known virus and remove them. But
with a number of viruses cropping up every now and then, development and availability
of anti-virus for a particular type is delayed and harm done.

10.4.6 Virus Prevention

‘Prevention is better than cure’. As the saying goes, there is no good cure available after
infection. One of the safest ways to prevent virus attacks is to use legal copies of
software. Also system needs to be protected against use of unauthorized / unchecked
floppy disks. Frequent backups and running of monitoring programs help detection and
subsequent prevention.

10.5 Security Design Principles

General design principles for protection put forward by Saltzer and Schroeder can be
outlined as under:

· Public design: a security system should not be a secret, an assumption that the
penetrator will know about it is a better assumption.

· Least privileges: every process must be given the least possible privileges necessary for
execution. This assures that domains to be protected are normally small. But an
associated overhead is frequent switching between domains when privileges are updated.

· Explicit demand: access rights to processes should not be granted as default. Access
rights should be explicitly demanded. But this may result in denial of access on some
ground to a legal user.

· Continuous verification: access rights should be verified frequently. Checking only at

the beginning may not be sufficient because the intruder may change access rights after
initial check.

· Simple design: a simple uniform security system built in layers, as an integral part of
the system is preferred.

· User acceptance: Users should not have to spend a lot of effort to learn how to protect
their files.

· Multiple conditions: wherever possible, the system must be designed to depend on more
than one condition, for example, two passwords / two keys.

10.6 Authentication
Authentication is a process of verifying whether a person is a legal user or not. This can
be by either verification of users logging into a centralized system or authentication of
computers that are to work in a network or a distributed environment.

Password is the most commonly used scheme. It is easy to implement. User name is
associated with a password. This is stored in encrypted form by the system. When the
user logs onto the system, the user has to enter his user name and password against a
prompt. The entered password is then encrypted and matched with the one that is stored
in the file system. A tally will allow the user to login. No external hardware is needed.
But limited protection is provided.

The password is generally not echoed on the screen while being keyed in. Also it is stored
in encrypted form. It cannot be deciphered easily because knowing the algorithm for
deciphering will not suffice as the key is ought to be known for deciphering it.

Choosing a password can be done by the system or by the system administrator or by the
users themselves. A system-selected password is not a good choice as it is difficult to
remember. If the system administrator gives a user a password then more than one person
knows about it. User chosen passwords is practical and popular. Users should choose
passwords that are not easy to guess. Choosing user names, family names, names of
cities, etc are easy to guess.

Length of a password plays an important role in the effectiveness of the password. If it is

short it is easy to remember and use but easy to decipher too. Longer the password it is
difficult to break and also to remember and key in. A trade off results in a password of
length 6-8 characters.

Salting is a technique to make it difficult to break a password. Salting technique appends

a random number ‘n’ to the password before encryption is done. Just knowing the
password is not enough. The system itself calculates, stores and compares these random
numbers each time a password is used.

Multiple passwords at different levels could provide additional security. Change of

password at regular intervals is a good practice. Many operating systems allow a user to
try only a few guesses for a login after which the user is logged off the system.

10.7 Protection Mechanism

System resources need to be protected. Resources include both hardware and software.
Different mechanisms for protection are as follows:

Files need to be protected from unauthorized users. The problem of protecting files is
more acute in multi-user systems. Some files may have only read access for some users,
read / write access for some others, and so on. Also a directory of files may not be
accessible to a group of users. For example, student users do not access to any other files
except their own. Like files devices, databases, processes also need protection. All such
items are grouped together as objects. Thus objects are to be protected from subjects who
need access to these objects.

The operating system allows different access rights for different objects. For example,
UNIX has read, write and execute (rwx) rights for owners, groups and others. Possible
access rights are listed below:

· No access

· Execute only

· Read only

· Append only

· Update

· Modify protection rights

· Delete

A hierarchy of access rights is identified. For example, if update right is granted then it is
implied that all rights above update in the hierarchy are granted. This scheme is simple
but creation of a hierarchy of access rights is not easy. It is easy for a process to inherit
access rights from the user who has created it. The system then need maintain a matrix of
access rights for different files for different users.

Figure 10.1: Domains in matrix form

The operating system defines the concept of a domain. A domain consists of objects and
access rights of these objects. A subject then gets associated with the domains and access
to objects in the domains. A domain is a set of access rights for associated objects and a
system consists of many such domains. A user process always executes in any one of the
domains. Domain switching is also possible. Domains in the form of a matrix is shown in
Figure 10.1.

A variation of the above scheme is to organize domains in a hierarchy. Here also a

domain is a set of access rights for associated objects. But the protection space is divided
into ‘n’ domains from 0 to (n-1) in such a way that domain 0 has maximum access rights
and domain (n-1) has the least. Domain switching is also possible. A domain switch to an
outer domain is easy because it is less privileged whereas a domain switch to an inner
domain requires permissions.

Domain is an abstract concept. In reality domain is a user with a specific id having

different access rights for different objects such as files, directories and devices.
Processes created by the user inherit all access rights for that user. An access control
matrix showing users and objects (files) needs to be stored by the operating system in
order to decide granting of access rights to users for files.

Since the matrix has many holes, storing the entire matrix is waste of space. Access
control list is one way of storing the matrix. Only information in the columns is stored
and that too only where information is present that is each file has information about
users and their access rights. The best place to maintain this information is the directory
entry for that file.

Capability list is another way of storing the access control matrix. Here information is
stored row wise. The operating system maintains a list of files / devices (objects) that a
user can access along with access rights.

A combination of both access control list and capability list is also possible.

10.8 Encryption

Encryption is an important tool in protection, security and authentication. The process

involves two steps (Figure 10.2):

· Encryption: the original message is changed to some other form

· Decryption: the encrypted message is restored back to the original

Figure 10.2: Conventional Encryption

Data before encryption is called plain text and after encryption is called cipher text.
Usually the above operations are performed by hardware.

Encryption could be by one of the following two basic methods:

· Transposition ciphers

· Substitution ciphers
In transposition ciphers the contents of the data are not changed but the order is changed.
For example, a message could be sent in reverse order like:

Railfence cipher is a method that belongs to this class. The method is slow because the
entire message is to be stored and then encrypted. It also requires more storage space
when messages are long.

Substitution ciphers work by sending a set of characters different from the original like:

Ceasar cipher is a popular method of this type. This method is fast and requires less
memory because characters can be changed as they are read and no storage is required.

Variations of this scheme are used for bit streams. Encryption in this case involves adding
a key to every bit stream and decryption is removing the key from the cipher text.

Thus every algorithm has a key. It must ensure restoration. Normally a single piece of
hardware is responsible for both encryption and decryption.

In the conventional encryption scheme two parties A and B agree upon a key. Someone
say A or B or a third party has to decide upon this common key get concurrence from
concerned parties and initiate communication. This is called key distribution. Each pair of
nodes needs a unique key. If there are ‘n’ nodes then there will be nx(n-1)/2 keys. If ‘n’ is
large then the number of keys will also be large. Deciding, conveying and storing these
keys is a mammoth job. Tapping can take place. This is the key distribution problem.

An alternate is the public key encryption. Keys used for encryption and decryption are
not the same. Key K1 is used for encryption and another key K2 is used for decryption. A
message encrypted using K1 can be decrypted only using K2 and not K1. One of the keys
is publicly known. Hence the name public key encryption. Decryption is done using a
private key and hence information cannot leak out. Interchange of keys K1 and K2 is
possible, that is, K2 to encrypt and K1 to decrypt.

Each user has two keys, one public and one private (Figure 10.3). The private key is a
secret but the user publishes the public key to a central key database. The database
maintains public keys of different users.

Figure 10.3: Public key Encryption

Encryption and decryption are as follows:

· A wants to send a message to B.

· A searches the database of public keys for the public key of B.

· A encrypts the data using B’s public key.

· The cipher text is sent to B.

· B receives this cipher text.

· B decrypts the received cipher text using its private key and reads the message.

The problem here is that of authentication. B does not know who has sent the message to
it because everybody knows B’s public key. In the conventional encryption method a
single key is used between two parties and hence the receiver knows the sender. But it
suffers from the problem of key distribution. In public key encryption method, for ‘n’
nodes in the network only 2xn keys (1 public and 1 private for each of the nodes) are
required. There need be no agreement. Private key is chosen and a public key is made
known. Key distribution is really not necessary. Key leakage and tapping are minimal.
Protection is ensured but authentication is not provided.

10.9 Security in Distributed Environment

Security problems in a distributed environment are complex. Messages through a network

can be tapped at multiple locations. For an active attack the intruder gets control over a
link so that data modification / deletion is possible. For a passive attack the intruder just
listens to a link and uses the passing information.

Encryption in a distributed environment can be of two forms:

· End-to-end encryption

· Link encryption

If end-to-end encryption is used, the encryption / decryption devices are needed only at
the ends. Data from source to destination moves on the network in encrypted form. In
packet switched networks, data is sent in the form of packets. Each packet has control
information (source address, destination address, checksum, routing information, etc.)
and data. Since routing address is needed for the packet to hop from the source till it
reaches the destination, the control information cannot be encrypted as there is no facility
to decrypt it anywhere in between. Only the data part in a packet can be encrypted. The
system thus becomes vulnerable for tapping.
Link encryption needs more encryption / decryption devices, usually two for each link.
This allows total encryption of a packet and prevents tapping. The method is expensive
and slow.

A combination of both is possible.

Message authentication allows users to verify that data received is authentic. Usually the
following attributes of a user need to be authenticated:

· Actual message

· Time at which sent

· Sequence in which sent

· Source from which it has arrived

Common methods for message authentication are:

· Authentication code

· Encryption

· Digital signatures

In authentication code, a secret key is used to generate a check sum, which is sent along
with the data. The receiver performs the same operation using the same secret key on the
received data and regenerates the check sum. If both of them are same then the receiver
knows the sender since the secret key is known to only both of them.

Encryption is as discussed above where conventional encryption provides authentication

but suffers from key distribution problems and public key encryption provides good
protection but no authentication.

Digital signature is like a human signature on paper. If a signed letter is sent by A to B, A

cannot deny having sent it to B (B has the signed copy) and B cannot refuse having got it
(A has an acknowledgement for B having received it). This is what happens in a manual
system and should happen in electronic messages as well.

As discussed earlier, public key encryption provides protection but not authentication. If
we want to authentication without protection, reversal of the keys applied is a solution as
shown below (Figure 10.4).
Figure 10.4: Public key Encryption for authentication without protection

This is based on the concept that public key encryption algorithm works by using either
of the keys to encrypt and the other for decryption. A encrypts the message to be sent to B
using its private key. At the other end B decrypts the received message using A’s public
key which is known to everybody. Thus B knows that A has sent the message. Protection
is not provided as anyone can decrypt the message sent by A.

If both authentication and protection are needed then a specific sequence of public and
private keys is used as show below (Figure 10.5).

The two keys are used as shown. At points 2 and 4 the cipher text is the same. Similarly
at points 1 and 5 the text is the same. Authentication is possible because between 4 and 5
decryption is done by A’s public key and is possible only because A has encrypted it with
its private key. Protection is also guaranteed because from point 3 onwards only B can
decrypt with its private key. This is how digital signatures work.

Figure 10.5: Public key Encryption for both authentication and protection

10.10 Summary

This unit looks into an important part of any operating system – security and protection.
These were trivial matters in earlier systems since computers were centralized systems
accessed only by knowledgeable users. With advances and use of networking, security
and protection requirements have increased. Different ways in which system could be
attacked are understood. Authentication using passwords is studied. Protection by looking
at objects and users in domains accessing objects with different access rights is analyzed.
Encryption as an important tool in protection, security and authentication has been
studied.

Self Assessment Questions

1. Unauthorized use of service (tapping) and unauthorized disclosure of information

(disclosure) are _______________.

2. ________________ is verification of access to system resources.

3. One of the safest ways to prevent virus attacks is to use ____________.

4. ______________ plays an important role in the effectiveness of the password.

5. In transposition ciphers the contents of the data are not changed but
_________________.

10.11 Terminal Questions

1. Discuss the need for security and protection in computer systems.

2. Write a note on computer virus.

3. Describe authentication by using passwords.

4. How is protection implemented using the concept of domains?

5. What is encryption? What are the different ways in which a message can be encrypted?

6. Write a note on digital signatures.

10.12 Answers to Self Assessment Questions and Terminal Questions

Answers to Self Assessment Questions

1. Passive threats.

2. Authentication.

3. legal copies of software

4. Length of a password

5. the order is changed

Answers to Terminal Questions

1. Refer section 10.2

2. Refer section 10.4

3. Refer section 10.6

4. Refer section 10.7

5. Refer section10.8
6. Refer section 10.9