Storage Device Management

Contents

Storage
System System
Device RAID
Security Protection
Management
 Storage Device Management
➢Low-level formatting, or physical formatting — Dividing a disk into sectors that the disk
controller can read and write
➢Each sector can hold header information, plus data, plus error correction code (ECC)
➢Usually 512 bytes of data but can be selectable

➢To use a disk to hold files, the operating system still needs to record its own data structures on the
disk
➢Partition the disk into one or more groups of cylinders, each treated as a logical disk
➢Volume creation & management
➢Logical formatting or “making a file system”
➢To increase efficiency most file systems group blocks into clusters
➢Disk I/O done in blocks
➢File I/O done in clusters
 Storage Device Management Cont..
➢Root partition contains the OS, other partitions can hold other Oses, other file systems, or be raw
➢Mounted at boot time
➢Other partitions can mount automatically or manually

➢At mount time, file system consistency checked

➢Is all metadata correct?
➢If not, fix it, try again
➢If yes, add to mount table, allow access

➢Boot block can point to boot volume or boot loader set of blocks that contain enough code to know
how to load the kernel from the file system
➢Or a boot management program for multi-os booting
 Storage Device Management Cont..
➢Raw disk access for apps that want to do their own block management, keep OS out of the way
(databases for example)
➢Boot block initializes system
➢The bootstrap is stored in ROM, firmware
➢Bootstrap loader program stored in boot blocks of boot partition
➢Methods such as sector sparing used to handle bad blocks

Booting from secondary storage in Windows

Windows 10 Disk Management tool showing
devices, partitions, volumes,
and file systems.
 Swap-Space Management
➢Used for moving entire processes (swapping), or pages (paging), from DRAM to secondary storage
when DRAM not large enough for all processes
➢Operating system provides swap space management
➢Secondary storage slower than DRAM, so important to optimize performance
➢Usually multiple swap spaces possible – decreasing I/O load on any given device
➢Best to have dedicated devices
➢Can be in raw partition or a file within a file system (for convenience of adding)
➢Data structures for swapping on Linux systems:
 Storage Attachment
➢Computers access secondary storage in three ways
➢host-attached
➢network-attached
➢cloud
➢Host attached access through local I/O ports, using one of several technologies
➢To attach many devices, use storage busses such as USB, firewire, thunderbolt
➢High-end systems use fibre channel (FC)
➢High-speed serial architecture using fibre or copper cables
➢Multiple hosts and storage devices can connect to the FC fabric
NAS (network attached storage)
SAN (storage area network)
NAS Vs SAN
 Cloud Storage
➢Similar to NAS, provides access to storage across a network
➢Unlike NAS, accessed over the Internet or a WAN to remote data center
➢NAS presented as just another file system, while cloud storage is API based, with programs using the
APIs to provide access
➢Examples include Dropbox, Amazon S3, Microsoft OneDrive, Apple iCloud

➢Use APIs because of latency and failure scenarios (NAS protocols wouldn’t work well)
 RAID Structure
➢RAID – redundant array of inexpensive disks
➢multiple disk drives provides reliability via redundancy
➢Increases the mean time to failure
➢Mean time to repair – exposure time when another failure could cause data loss
➢Mean time to data loss based on above factors
➢If mirrored disks fail independently, consider disk with 1300,000 mean time to failure and 10 hour
mean time to repair
➢Mean time to data loss is 100, 0002 / (2 ∗ 10) = 500 ∗ 106 hours, or 57,000 years!
➢Frequently combined with NVRAM to improve write performance
➢Several improvements in disk-use techniques involve the use of multiple disks working
cooperatively
 RAID Levels
These are the following RAID levels:
•RAID 0 – striping
•RAID 1 – mirroring
•RAID 5 – striping with parity
•RAID 6 – striping with double parity
•RAID 10 – combining mirroring and striping

 Other types used…but rarely: RAID 2,3,4,……

 RAID 0
➢It splits data among two or more disks.
➢Provides good performance.
➢Lack of data redundancy means there is no fail over support with
this configuration.
➢In the diagram to the right, the odd blocks are written to disk 0
and the even blocks to disk 1 such that A1, A2, A3, A4, … would
be the order of blocks read if read sequentially from the
beginning.
➢Used in read only NFS systems and gaming systems.
➢This allows smaller sections of the entire chunk of data to be
read off the drive in parallel, hence good performance
 RAID 1
➢RAID1 is ‘data mirroring’.
➢Two copies of the data are held on two physical disks, and
the data is always identical.
➢ Twice as many disks are required to store the same data
when compared to RAID 0.
➢Array continues to operate so long as at least one drive is
functioning.
➢If we use independent disk controllers for each disk, then
we can increase the read or write speeds by doing operations
in parallel.
➢Security increases
 RAID 5
➢RAID 5 is an ideal combination of good performance,
good fault tolerance and high capacity and storage
efficiency.

➢ An arrangement of parity and CRC to help rebuilding

drive data in case of disk failures.

➢ “Distributed Parity” is the key word here.

 RAID 5 Cont..
➢MTBF is slightly better than RAID 0. This is because
failure of one disk is not quite a harm. We need more time if
2 or more disks fail.
➢Performance is also as good as RAID 0, if not better. We
can read and write parallel blocks of data.
➢One of the drawbacks is that the write involves heavy
parity calculations by the RAID controller. Write operations
are slower compared to RAID 0.
➢Pretty useful for general purpose uses where ‘read’s’
are more frequent the ‘write’s’.
 RAID 6
➢Like with RAID 5, read data transactions are
very fast.
➢If two drives fail, you still have access to all data,
even while the failed drives are being replaced. So
RAID 6 is more secure than RAID 5.
➢DisAdv:
1. Write data transactions are slower than RAID 5
due to the additional parity data
2. Complex
 RAID 10
➢Combines RAID 1 and RAID 0.
➢Which means having the pleasure of both - good
performance and good failover handling.
➢Also called ‘Nested RAID’.
System Security
 The Security Problem
➢System secure if resources used and accessed as intended under all circumstances
➢Unachievable
➢Intruders (crackers) attempt to breach security
➢Threat is potential security violation
➢Attack is attempt to breach security
➢Attack can be accidental or malicious
➢Easier to protect against accidental than malicious misuse
 Security Violation Categories
➢Breach of confidentiality
➢Unauthorized reading of data

➢Breach of integrity
➢Unauthorized modification of data

➢Breach of availability
➢Unauthorized destruction of data

➢Theft of service
➢Unauthorized use of resources

➢Denial of service (DOS)

➢Prevention of legitimate use
 Security Violation Methods
➢Masquerading (breach authentication)
➢Pretending to be an authorized user to escalate privileges

➢Replay attack
➢As is or with message modification

➢Man-in-the-middle attack
➢Intruder sits in data flow, masquerading as sender to receiver and vice versa

➢Session hijacking
➢Intercept an already-established session to bypass authentication

➢Privilege escalation
➢Common attack type with access beyond what a user or resource is supposed to have
Standard Security Attacks
 Security Measure Levels
➢Impossible to have absolute security, but make cost to perpetrator sufficiently high to deter most
intruders
➢Security must occur at four levels to be effective:
➢Physical
➢Data centers, servers, connected terminals
➢Application
➢Benign or malicious apps can cause security problems
➢Operating System
➢Protection mechanisms, debugging
➢Network
➢Intercepted communications, interruption, DOS
➢Security is as weak as the weakest link in the chain
➢Humans a risk too via phishing and social-engineering attacks
➢But can too much security be a problem?
 Program Threats
➢Many variations, many names
➢Trojan Horse
➢Code segment that misuses its environment
➢Exploits mechanisms for allowing programs written by users to be executed by
other users
➢Spyware, pop-up browser windows, covert channels
➢Up to 80% of spam delivered by spyware-infected systems
➢Trap Door
➢Specific user identifier or password that circumvents normal security procedures
➢Could be included in a compiler
➢How to detect them?
 Program Threats Cont..
➢Malware - Software designed to exploit, disable, or damage computer
➢Trojan Horse – Program that acts in a clandestine manner
➢Spyware – Program frequently installed with legitimate software to display adds, capture user data
➢Ransomware – locks up data via encryption, demanding payment to unlock it
➢Others include trap doors, logic boms
➢All try to violate the Principle of Least Privilege

➢Goal frequently is to leave behind Remote Access Tool (RAT) for repeated access
 Program Threats Cont..
➢Viruses
➢Code fragment embedded in legitimate program
➢Self-replicating, designed to infect other computers
➢Very specific to CPU architecture, operating system, applications
➢Usually borne via email or as a macro
➢Visual Basic Macro to reformat hard drive
Sub AutoOpen()
Dim oFS
Set oFS = CreateObject(’’Scripting.FileSystemObject’’)
vs = Shell(’’c:command.com /k format c:’’,vbHide)
End Sub
 Program Threats Cont..
➢Attacks still common, still occurring
➢Attacks moved over time from science experiments to tools of organized crime
➢Targeting specific companies
➢Creating botnets to use as tool for spam and DDOS delivery
➢Keystroke logger to grab passwords, credit card numbers
➢Why is Windows the target for most attacks?
➢Most common
➢Everyone is an administrator
➢Licensing required?
➢Monoculture considered harmful
Four-layered Model of Security
 System and Network Threats
➢Some systems “open” rather than secure by default
➢Reduce attack surface
➢But harder to use, more knowledge needed to administer
➢Network threats harder to detect, prevent
➢Protection systems weaker
➢More difficult to have a shared secret on which to base access
➢No physical limits once system attached to internet
➢Or on network with system attached to internet
➢Even determining location of connecting system difficult
➢IP address is only knowledge
 System and Network Threats Cont..
➢Worms – use spawn mechanism; standalone program
➢Internet worm
➢Exploited UNIX networking features (remote access) and bugs in finger and sendmail
programs
➢Exploited trust-relationship mechanism used by rsh to access friendly systems
without use of password
➢Grappling hook program uploaded main worm program
➢99 lines of C code
➢Hooked system then uploaded main code, tried to attack connected systems
➢Also tried to break into other users accounts on local system via password guessing
➢If target system already infected, abort, except for every 7th time
 Worm Vs Virus Vs Trojan Horses

➢Worms replicate itself to cause slow down the computer system.

➢Virus is a software or computer program that connect itself to another software or
computer program to harm computer system
➢Trojan Horse rather than replicate capture some important information about a
computer system or a computer network.
➢https://www.geeksforgeeks.org/difference-between-virus-worm-and-trojan-horse/
 System and Network Threats Cont..
➢Port scanning
➢Automated attempt to connect to a range of ports on one or a range of IP
addresses
➢Detection of answering service protocol
➢Detection of OS and version running on system
➢nmap scans all ports in a given IP range for a response
➢nessus has a database of protocols and bugs (and exploits) to apply against a
system
➢Frequently launched from zombie systems
➢To decrease trace-ability
 System and Network Threats Cont..
➢Denial of Service
➢Overload the targeted computer preventing it from doing any
useful work
➢Distributed Denial-of-Service (DDoS) come from multiple sites
at once
➢Consider the start of the IP-connection handshake (SYN)
➢How many started-connections can the OS handle?
➢Consider traffic to a web site
➢How can you tell the difference between being a target and
being really popular?
➢Accidental – CS students writing bad fork() code
➢Purposeful – extortion, punishment
➢Port scanning
➢Automated tool to look for network ports accepting connections
➢Used for good and evil
 Cryptography as a Security Tool
➢Broadest security tool available

➢Internal to a given computer, source and destination of messages can be known and protected
➢OS creates, manages, protects process IDs, communication ports
➢Source and destination of messages on network cannot be trusted without cryptography
➢Local network – IP address?
➢Consider unauthorized host added
➢WAN / Internet – how to establish authenticity
➢Not via IP address
 Cryptography
Means to constrain potential senders (sources) and / or receivers (destinations) of messages

◦ Based on secrets (keys)

◦ Enables
◦ Confirmation of source
◦ Receipt only by certain destination
◦ Trust relationship between sender and receiver
 Encryption
Constrains the set of possible receivers of a message

Encryption algorithm consists of

◦ Set K of keys
◦ Set M of Messages
◦ Set C of ciphertexts (encrypted messages)
◦ A function E : K → (M→C). That is, for each k  K, Ek is a function for
generating ciphertexts from messages
◦ Both E and Ek for any k should be efficiently computable functions
◦ A function D : K → (C → M). That is, for each k  K, Dk is a function for
generating messages from ciphertexts
◦ Both D and Dk for any k should be efficiently computable functions
 Symmetric Encryption
Same key used to encrypt and decrypt
◦ Therefore k must be kept secret
DES was most commonly used symmetric block-encryption algorithm (created by US Govt)
◦ Encrypts a block of data at a time
◦ Keys too short so now considered insecure
Triple-DES considered more secure
◦ Algorithm used 3 times using 2 or 3 keys
◦ For example
2001 NIST adopted new block cipher - Advanced Encryption Standard (AES)
◦ Keys of 128, 192, or 256 bits, works on 128 bit blocks
RC4 is most common symmetric stream cipher, but known to have vulnerabilities
◦ Encrypts/decrypts a stream of bytes (i.e., wireless transmission)
◦ Key is a input to pseudo-random-bit generator
◦ Generates an infinite keystream
Secure Communication over Insecure Medium
 Asymmetric Encryption
Public-key encryption based on each user having two keys:

◦ public key – published key used to encrypt data

◦ private key – key known only to individual user used to decrypt data
Must be an encryption scheme that can be made public without making it easy to figure out the
decryption scheme
◦ Most common is RSA block cipher
◦ Efficient algorithm for testing whether or not a number is prime
◦ No efficient algorithm is know for finding the prime factors of a number
 Asymmetric Encryption (Cont.)
Formally, it is computationally infeasible to derive kd,N from ke,N, and so ke need not be kept secret and
can be widely disseminated

◦ ke is the public key

◦ kd is the private key
◦ N is the product of two large, randomly chosen prime numbers p and q (for example, p and q are
512 bits each)
◦ Encryption algorithm is Eke,N(m) = mke mod N, where ke satisfies kekd mod (p−1)(q −1) = 1
◦ The decryption algorithm is then Dkd,N(c) = ckd mod N
Encryption using RSA Asymmetric Cryptography
 Authentication
Constraining set of potential senders of a message

◦ Complementary to encryption
◦ Also can prove message unmodified
Algorithm components
◦ A set K of keys
◦ A set M of messages
◦ A set A of authenticators
◦ A function S : K → (M→ A)
◦ That is, for each k  K, Sk is a function for generating authenticators from
messages
◦ Both S and Sk for any k should be efficiently computable functions
◦ A function V : K → (M × A→ {true, false}). That is, for each k  K, Vk is a
function for verifying authenticators on messages
◦ Both V and Vk for any k should be efficiently computable functions
 Authentication – Hash Functions
Basis of authentication:
Creates small, fixed-size block of data message digest (hash value) from m
Hash Function H must be collision resistant on m
◦ Must be infeasible to find an m’ ≠ m such that H(m) = H(m’)
If H(m) = H(m’), then m = m’
◦ The message has not been modified
Common message-digest functions include MD5, which produces a 128-bit hash, and SHA-1, which
outputs a 160-bit hash
Not useful as authenticators
◦ For example H(m) can be sent with a message
◦ But if H is known someone could modify m to m’ and recompute H(m’) and modification not
detected
◦ So must authenticate H(m)
 Authentication - MAC
Symmetric encryption used in message-authentication code (MAC) authentication algorithm

Cryptographic checksum generated from message using secret key

◦ Can securely authenticate short values
If used to authenticate H(m) for an H that is collision resistant, then obtain a way to securely
authenticate long message by hashing them first
Note that k is needed to compute both Sk and Vk, so anyone able to compute one can compute the
other
 Authentication – Digital Signature
Based on asymmetric keys and digital signature algorithm
Authenticators produced are digital signatures
Very useful – anyone can verify authenticity of a message
In a digital-signature algorithm, computationally infeasible to derive ks from kv
◦ V is a one-way function
◦ Thus, kv is the public key and ks is the private key
Consider the RSA digital-signature algorithm
◦ Similar to the RSA encryption algorithm, but the key use is reversed
◦ Digital signature of message Sks (m) = H(m)ks mod N
◦ The key ks again is a pair (d, N), where N is the product of two large, randomly
chosen prime numbers p and q
◦ Verification algorithm is Vkv(m, a) (akv mod N = H(m))
◦ Where kv satisfies kvks mod (p − 1)(q − 1) = 1
 Digital Certificates
Proof of who or what owns a public key

Public key digitally signed a trusted party

Trusted party receives proof of identification from entity and certifies that public
key belongs to entity
Certificate authority are trusted party – their public keys included with web
browser distributions
◦ They vouch for other authorities via digitally signing their keys, and so on
Man-in-the-middle Attack on Asymmetric Cryptography
Authentication Vs Authorization
Authentication Vs Authorization Cont..
System Protection
 Goals of Protection
➢In one protection model, computer consists of a collection of objects, hardware or software
➢Each object has a unique name and can be accessed through a well-defined set of operations
➢Protection problem - ensure that each object is accessed correctly and only by those
processes that are allowed to do so
 Principles of Protection
➢Guiding principle – principle of least privilege
➢Programs, users and systems should be given just enough privileges to perform
their tasks
➢Properly set permissions can limit damage if entity has a bug, gets abused
➢Can be static (during life of system, during life of process)
➢Or dynamic (changed by process as needed) – domain switching, privilege
escalation
➢Must consider “grain” aspect
➢Rough-grained privilege management easier, simpler, but least privilege now done
in large chunks
➢For example, traditional Unix processes either have abilities of the associated user,
or of root
➢Fine-grained management more complex, more overhead, but more protective
➢File ACL lists, RBAC
 Domain of Protection
➢Rings of protection separate functions into domains and order them hierarchically
➢Computer can be treated as processes and objects
➢Hardware objects (such as devices) and software objects (such as files, programs, semaphores
➢Process for example should only have access to objects it currently requires to complete its task –
the need-to-know principle
 Domain of Protection Cont..
➢Implementation can be via process operating in a protection domain
➢Specifies resources process may access
➢Each domain specifies set of objects and types of operations on them
➢Ability to execute an operation on an object is an access right
➢<object-name, rights-set>
➢Domains may share access rights
➢Associations can be static or dynamic
➢If dynamic, processes can domain switch
 Domain Structure
➢Access-right = <object-name, rights-set>
where rights-set is a subset of all valid operations that can be performed
on the object
➢Domain = set of access-rights
 Access Matrix
➢View protection as a matrix (access matrix)
➢Rows represent domains
➢Columns represent objects
➢Access(i, j) is the set of operations that a process executing in Domaini can invoke on
Objectj
 Revocation of Access Rights
➢Various options to remove the access right of a domain to an object
➢Immediate vs. delayed
➢Selective vs. general
➢Partial vs. total
➢Temporary vs. permanent
➢Access List – Delete access rights from access list
➢Simple – search access list and remove entry
➢Immediate, general or selective, total or partial, permanent or temporary
 Revision: Numerical 1: Multi-level Paging
Ques: Consider a computer system with 57-bit virtual addressing using multi-level tree-structured
page tables with L levels for virtual to physical address translation. The page size is 4 KB
(1 KB=1024 B) and a page table entry at any of the levels occupies 8 bytes. What is the value of L?
Ans:
 Revision: Numerical 2: Multi-level Paging
Ques: A computer system supports a logical address space of 232 bytes. It uses two-level hierarchical
paging with a page size of 4096 bytes. A logical address is divided into a b-bit index to the outer page
table, an offset within the page of the inner page table, and an offset within the desired page. Each
entry of the inner page table uses eight bytes. All the pages in the system have the same size.
The value of b is _________. (Answer in integer)
Ans: Given here Logical Address space size is 32 bit.
Page table size = 4096 bytes=2^12 bytes.
Given it is a 2−level page table ,
So, we have it will be look like this,
Thank you & All the
Best!