Chapter 5: I/O Management & Disk

Scheduling with File-System

Implementation
 Disk Storage
 Disk Scheduling
 Raid
 File Concept
 Access Methods
 Allocation Methods
 Free Space Management
 Directory Structure
 File Sharing
 Protection
 Security

Operating System Concepts with Java 11.1 Silberschatz, Galvin and Gagne
 Classification of Physical Storage
Media
 Speed with which data can be accessed
 Cost per unit of data
 Reliability
 data loss on power failure or system crash
 physical failure of the storage device
 Can differentiate storage into:
 volatile storage: loses contents when power is
switched off
 non-volatile storage:
 Contents persist even when power is switched
off.
 Includes secondary and tertiary storage, as well
as battery-backed up main-memory.

Operating System Concepts with Java 11.2 Silberschatz, Galvin and Gagne
 Physical Storage Media
 Cache – fastest and most costly form of
storage; volatile; managed by the computer
system hardware
 (Note: “Cache” is pronounced as “cash”)
 Main memory:
 fast access (10s to 100s of nanoseconds; 1
nanosecond = 10 –9 seconds)
 generally too small (or too expensive) to store
the entire database
capacities of up to a few Gigabytes widely
used currently
Capacities have gone up and per-byte costs
have decreased steadily and rapidly (roughly
factor of 2 every 2 to 3 years)
 Volatile — contents of main memory are usually
lost if a powe r failure or system crash occurs.
Operating System Concepts with Java 11.3 Silberschatz, Galvin and Gagne
 Physical Storage Media (Cont.)
 Flash memory
 Data survives power failure
 Data can be written at a location only once, but
location can be erased and written to again
Can support only a limited number (10K – 1M)
of write/erase cycles.
Erasing of memory has to be done to an entire
bank of memory
 Reads are roughly as fast as main memory
 But writes are slow (few microseconds), erase is
slower

Operating System Concepts with Java 11.4 Silberschatz, Galvin and Gagne
 Physical Storage Media (Cont.)
 Flash memory
 NOR Flash
Fast reads, very slow erase, lower capacity
Used to store program code in many embedded
devices
 NAND Flash
Page-at-a-time read/write, multi-page erase
High capacity (several GB)
Widely used as data storage mechanism in
portable devices

Operating System Concepts with Java 11.5 Silberschatz, Galvin and Gagne
 Physical Storage Media (Cont.)

 Magnetic-disk
 Data is stored on spinning disk, and read/written
magnetically
 Primary medium for the long-term storage of data;
typically stores entire database.
 Data must be moved from disk to main memory for
access, and written back for storage
 direct-access – possible to read data on disk in any
order, unlike magnetic tape
 Survives power failures and system crashes
disk failure can destroy data: is rare but does
happen

Operating System Concepts with Java 11.6 Silberschatz, Galvin and Gagne
 Physical Storage Media (Cont.)
 Optical storage
 non-volatile, data is read optically from a spinning
disk using a laser
 CD-ROM (640 MB) and DVD (4.7 to 17 GB) most
popular forms
 Write-one, read-many (WORM) optical disks used for
archival storage (CD-R, DVD-R, DVD+R)
 Multiple write versions also available (CD-RW, DVD-
RW, DVD+RW, and DVD-RAM)
 Reads and writes are slower than with magnetic
disk
 Juke-box systems, with large numbers of removable
disks, a few drives, and a mechanism for automatic
loading/unloading of disks available for storing large
volumes of data

Operating System Concepts with Java 11.7 Silberschatz, Galvin and Gagne
 Physical Storage Media (Cont.)
 Tape storage
 non-volatile, used primarily for backup (to
recover from disk failure), and for archival data
 sequential-access – much slower than disk
 very high capacity (40 to 300 GB tapes available)
 tape can be removed from drive  storage costs
much cheaper than disk, but drives are
expensive
 Tape jukeboxes available for storing massive
amounts of data
hundreds of terabytes (1 terabyte = 10 9 bytes)
to even a petabyte (1 petabyte = 10 12 bytes)

Operating System Concepts with Java 11.8 Silberschatz, Galvin and Gagne
 Storage Hierarchy

Operating System Concepts with Java 11.9 Silberschatz, Galvin and Gagne
 Storage Hierarchy (Cont.)
 primary storage: Fastest media but volatile
(cache, main memory).
 secondary storage: next level in hierarchy,
non-volatile, moderately fast access time
 also called on-line storage
 E.g. flash memory, magnetic disks
 tertiary storage: lowest level in hierarchy,
non-volatile, slow access time
 also called off-line storage
 E.g. magnetic tape, optical storage

Operating System Concepts with Java 11.10 Silberschatz, Galvin and Gagne
 Magnetic Hard Disk Mechanism

NOTE: Diagram is schematic, and simplifies the structure of actual disk drives
Operating System Concepts with Java 11.11 Silberschatz, Galvin and Gagne
 Magnetic Disks
 Read-write head
 Positioned very close to the platter surface (almost
touching it)
 Reads or writes magnetically encoded information.
 Surface of platter divided into circular tracks
 Over 50K-100K tracks per platter on typical hard disks
 Each track is divided into sectors.
 Sector size typically 512 bytes
 Typical sectors per track: 500 (on inner tracks) to 1000
(on outer tracks)
 To read/write a sector
 disk arm swings to position head on right track
 platter spins continually; data is read/written as sector
passes under head
Operating System Concepts with Java 11.12 Silberschatz, Galvin and Gagne
 Magnetic Disks (Cont.)
 Head-disk assemblies
 multiple disk platters on a single spindle (1 to 5
usually)
 one head per platter, mounted on a common arm.
 Cylinder i consists of ith track of all the
platters
 Earlier generation disks were susceptible
to “head-crashes” leading to loss of all data
on disk
 Current generation disks are less susceptible to
such disastrous failures, but individual sectors
may get corrupted

Operating System Concepts with Java 11.13 Silberschatz, Galvin and Gagne
 Disk Scheduling
 Disk IO requests are for blocks, by number
 Block requests come in an ongoing stream from apps
 Requests are queued (possibly blocking the process)
until the disk is available
 OS can optimize disk performance by reordering the
queue
 Require low access time and high disk bandwidth.
 Access time is the time to start transferring data
 Bandwidth is the average transfer rate, from request to
completion
 Access time has two major components
 Seek time is the time for the disk arm to move the
heads to the cylinder containing the desired sector.
(large)
 Rotational latency is the additional time waiting for the
disk to rotate the desired sector to the disk head.
(small)
 Minimize seek time  seek distance

Operating System Concepts with Java 11.14 Silberschatz, Galvin and Gagne
 Disk Scheduling (Cont.)

 Given a request queue of block numbers, minimize

summed seek distance
 Block numbers are translated into track and sector
numbers
 Higher block numbers correspond to higher track
numbers
 Sector numbers may not be known exactly, but can be
computed for analysis

 Example, for a disk with range 0-199:

98, 183, 37, 122, 14, 124, 65, 67

 Head pointer initially at 53

 Optimal service order is

37, 14, 65, 67, 98, 122, 124, 183 (208)

Operating System Concepts with Java 11.15 Silberschatz, Galvin and Gagne
 FCFS
llustration shows total head movement of 640 cylinders.

Operating System Concepts with Java 11.16 Silberschatz, Galvin and Gagne
 SSTF
 Selects the request with the minimum seek
time from the current head position.

 Illustration shows total head movement of 236

cylinders.
 SSTF scheduling is a form of SJF scheduling;
may cause starvation of some requests.

Operating System Concepts with Java 11.17 Silberschatz, Galvin and Gagne
 SCAN
 The disk arm starts at one end of the disk, and
moves toward the other end, servicing
requests until it gets to the other end of the
disk, where the head movement is reversed
and servicing continues.

 Sometimes called the elevator algorithm.

 Illustration shows total head movement of 236
cylinders.
Operating System Concepts with Java 11.18 Silberschatz, Galvin and Gagne
 LOOK
 Version of SCAN
 Arm only goes as far as the last request in each
direction, then reverses direction immediately,
without first going all the way to the end of the disk.

Operating System Concepts with Java 11.19 Silberschatz, Galvin and Gagne
 
C-SCAN
The head moves from one end of the disk to the
other. servicing requests as it goes. When it
reaches the other end, however, it immediately
returns to the beginning of the disk, without
servicing any requests on the return trip.
 Treats the cylinders as a circular list that wraps
around from the last cylinder to the first one.

 Illustration shows total head movement of 183

cylinders, plus return time.
 Provides a more uniform wait time than SCAN.
Operating System Concepts with Java 11.20 Silberschatz, Galvin and Gagne
 C-LOOK
 Version of C-SCAN
 Arm only goes as far as the last request in
each direction, then reverses direction
immediately, without first going all the way to
the end of the disk.

 Illustration shows total head movement of 153

cylinders, plus return time.
Operating System Concepts with Java 11.21 Silberschatz, Galvin and Gagne
 Selecting a Disk-Scheduling
Algorithm
 Performance depends on the number and types of
requests.
 SSTF is common and has a natural appeal, but can starve
requests
 SCAN and C-SCAN perform better for systems that place a
heavy load on the disk - lots of requests to hit
 Optimal is NP-complete.
 Requests for disk service can be influenced by the file-
allocation method and directory layout.
 The disk-scheduling algorithm should be written as a
separate module of the operating system, allowing it to be
replaced with a different algorithm if necessary.
 Either SSTF or LOOK is a reasonable choice for the default
algorithm.
 Newer disks have
 Lower seek time relative to latency
 Built in scheduling - send requests in batches
 OS level scheduling is important at a coarser grain level,
for important disk activity, e.g., VM

Operating System Concepts with Java 11.22 Silberschatz, Galvin and Gagne
 RAID
 RAID: Redundant Arrays of Independent Disks
 disk organization techniques that manage a large
numbers of disks, providing a view of a single disk of
high capacity and high speed by using multiple
disks in parallel, and
high reliability by storing data redundantly, so that
data can be recovered even if a disk fails
 The chance that some disk out of a set of N
disks will fail is much higher than the chance
that a specific single disk will fail.
 E.g., a system with 100 disks, each with MTTF of
100,000 hours (approx. 11 years), will have a system
MTTF of 1000 hours (approx. 41 days)

Operating System Concepts with Java 11.23 Silberschatz, Galvin and Gagne
 RAID Levels
 RAID organizations, or RAID levels, have differing
cost, performance and reliability characteristics
 RAID Level 0: Block striping; non-redundant.
 Used in high-performance applications where data lost
is not critical.
 RAID Level 1: Mirrored disks with block striping
 Offers best write performance.
 Popular for applications such as storing log files in a
database system.

Operating System Concepts with Java 11.24 Silberschatz, Galvin and Gagne
 RAID Levels (Cont.)
 RAID Level 2: Memory-Style Error-Correcting-
Codes (ECC) with bit striping.
 RAID Level 3: Bit-Interleaved Parity
 a single parity bit is enough for error correction, not
just detection
When writing data, corresponding parity bits must
also be computed and written to a parity bit disk
To recover data in a damaged disk, compute XOR
of bits from other disks (including parity bit disk)

Operating System Concepts with Java 11.25 Silberschatz, Galvin and Gagne
 RAID Levels (Cont.)
 RAID Level 3 (Cont.)
 Faster data transfer than with a single disk, but fewer I/Os
per second since every disk has to participate in every I/O.
 RAID Level 4: Block-Interleaved Parity; uses block-
level striping, and keeps a parity block on a
separate disk for corresponding blocks from N other
disks.
 When writing data block, corresponding block of parity bits
must also be computed and written to parity disk
 To find value of a damaged block, compute XOR of bits from
corresponding blocks (including parity block) from other
disks.

Operating System Concepts with Java 11.26 Silberschatz, Galvin and Gagne
 RAID Levels (Cont.)
 RAID Level 4 (Cont.)
 Provides higher I/O rates for independent block reads than
Level 3
block read goes to a single disk, so blocks stored on
different disks can be read in parallel
 Before writing a block, parity data must be computed
Can be done by using old parity block, old value of
current block and new value of current block (2 block
reads + 2 block writes)
Or by recomputing the parity value using the new
values of blocks corresponding to the parity block
– More efficient for writing large amounts of data
sequentially
 Parity block becomes a bottleneck for independent block
writes since every block write also writes to parity disk

Operating System Concepts with Java 11.27 Silberschatz, Galvin and Gagne
 RAID Levels (Cont.)
 RAID Level 5: Block-Interleaved Distributed Parity;
partitions data and parity among all N + 1 disks,
rather than storing data in N disks and parity in 1
disk.
 E.g., with 5 disks, parity block for nth set of
blocks is stored on disk (n mod 5) + 1, with the
data blocks stored on the other 4 disks.

Operating System Concepts with Java 11.28 Silberschatz, Galvin and Gagne
 RAID Levels (Cont.)
 RAID Level 5 (Cont.)
 Higher I/O rates than Level 4.
Block writes occur in parallel if the blocks and
their parity blocks are on different disks.
 Subsumes Level 4: provides same benefits, but
avoids bottleneck of parity disk.
 RAID Level 6: P+Q Redundancy scheme;
similar to Level 5, but stores extra redundant
information to guard against multiple disk
failures.
 Better reliability than Level 5 at a higher cost; not
used as widely.

Operating System Concepts with Java 11.29 Silberschatz, Galvin and Gagne
 Choice of RAID Level
 Factors in choosing RAID level
 Monetary cost
 Performance: Number of I/O operations per second, and
bandwidth during normal operation
 Performance during failure
 Performance during rebuild of failed disk
 Including time taken to rebuild failed disk
 RAID 0 is used only when data safety is not important
 E.g. data can be recovered quickly from other sources
 Level 2 and 4 never used since they are subsumed by 3
and 5
 Level 3 is not used since bit-striping forces single block
reads to access all disks, wasting disk arm movement
 Level 6 is rarely used since levels 1 and 5 offer adequate
safety for most applications
 So competition is mainly between 1 and 5

Operating System Concepts with Java 11.30 Silberschatz, Galvin and Gagne
 Choice of RAID Level (Cont.)
 Level 1 provides much better write performance than level 5
 Level 5 requires at least 2 block reads and 2 block writes to
write a single block, whereas Level 1 only requires 2 block
writes
 Level 1 preferred for high update environments such as log
disks
 Level 1 had higher storage cost than level 5
 disk drive capacities increasing rapidly (50%/year) whereas
disk access times have decreased much less (x 3 in 10 years)
 I/O requirements have increased greatly, e.g. for Web servers
 When enough disks have been bought to satisfy required rate of
I/O, they often have spare storage capacity
 so there is often no extra monetary cost for Level 1!
 Level 5 is preferred for applications with low update rate,
and large amounts of data
 Level 1 is preferred for all other applications

Operating System Concepts with Java 11.31 Silberschatz, Galvin and Gagne
 File Concept
 Contiguous logical address space

 Types:
 Data
 numeric
 character
 binary
 Program

Operating System Concepts with Java 11.32 Silberschatz, Galvin and Gagne
 File Structure
 None - sequence of words, bytes
 Simple record structure
 Lines
 Fixed length
 Variable length
 Complex Structures
 Formatted document
 Relocatable load file
 Can simulate last two with first method by inserting
appropriate control characters
 Who decides:
 Operating system
 Program

Operating System Concepts with Java 11.33 Silberschatz, Galvin and Gagne
 File Attributes
 Name – only information kept in human-readable
form
 Type – needed for systems that support different
types
 Location – pointer to file location on device
 Size – current file size
 Protection – controls who can do reading, writing,
executing
 Time, date, and user identification – data for
protection, security, and usage monitoring
 Information about files are kept in the directory
structure, which is maintained on the disk

Operating System Concepts with Java 11.34 Silberschatz, Galvin and Gagne
 File Operations
 Create
 Write
 Read
 file seek – reposition within file
 Delete
 Truncate
 Open(Fi) – search the directory structure on disk for
entry Fi, and move the content of entry to memory
 Close (Fi) – move the content of entry Fi in memory
to directory structure on disk

Operating System Concepts with Java 11.35 Silberschatz, Galvin and Gagne
 Open Files
 Several pieces of data are needed to manage open
files:
 File pointer: pointer to last read/write location, per
process that has the file open
 File-open count: counter of number of times a file is
open – to allow removal of data from open-file table
when last processes closes it
 Disk location of the file: cache of data access
information
 Access rights: per-process access mode information

Operating System Concepts with Java 11.36 Silberschatz, Galvin and Gagne
 Open File Locking
 Provided by some operating systems and file
systems
 Mediates access to a file
 Mandatory or advisory:
 Mandatory – access is denied depending on locks held
and requested
 Advisory – processes can find status of locks and
decide what to do

Operating System Concepts with Java 11.37 Silberschatz, Galvin and Gagne
 File Types – Name, Extension

Operating System Concepts with Java 11.38 Silberschatz, Galvin and Gagne
 Access Methods
 Sequential Access
read next
write next
reset
no read after last write
(rewrite)
 Direct Access
read n
write n
position to n
read next
write next
rewrite n
n = relative block number

 Index Access

Operating System Concepts with Java 11.39 Silberschatz, Galvin and Gagne
 Sequential-access File

Operating System Concepts with Java 11.40 Silberschatz, Galvin and Gagne
 Simulation of Sequential Access on a Direct-access File

Operating System Concepts with Java 11.41 Silberschatz, Galvin and Gagne
 Example of Index Access and Relative
Files

Operating System Concepts with Java 11.42 Silberschatz, Galvin and Gagne
 Allocation Methods
 An allocation method refers to how disk blocks are
allocated for files:

 Contiguous allocation

 Linked allocation

 Indexed allocation

Operating System Concepts with Java 11.43 Silberschatz, Galvin and Gagne
 Contiguous Allocation
 Each file occupies a set of contiguous blocks
on the disk

 Simple – only starting location (block #) and

length (number of blocks) are required

 Random access

 Wasteful of space (dynamic storage-allocation

problem)

 Files cannot grow

Operating System Concepts with Java 11.44 Silberschatz, Galvin and Gagne
 Contiguous Allocation
 Mapping from logical to physical

LA/512

Block to be accessed = ! + starting address

Displacement into block = R

Operating System Concepts with Java 11.45 Silberschatz, Galvin and Gagne
 Contiguous Allocation of Disk
Space

Operating System Concepts with Java 11.46 Silberschatz, Galvin and Gagne
 Linked Allocation
 Each file is a linked list of disk blocks: blocks may
be scattered anywhere on the disk.

block = pointer

Operating System Concepts with Java 11.47 Silberschatz, Galvin and Gagne
 Linked Allocation (Cont.)
 Simple – need only starting address
 Free-space management system – no waste of space
 No random access
 Mapping

Q
LA/511
R

Block to be accessed is the Qth block in the linked

chain of blocks representing the file.
Displacement into block = R + 1
File-allocation table (FAT) – disk-space allocation used
by MS-DOS and OS/2.

Operating System Concepts with Java 11.48 Silberschatz, Galvin and Gagne
 Linked Allocation

Operating System Concepts with Java 11.49 Silberschatz, Galvin and Gagne
 Indexed Allocation
 Brings all pointers together into the index block.
 Logical view.

index table

Operating System Concepts with Java 11.50 Silberschatz, Galvin and Gagne
 Example of Indexed Allocation

Operating System Concepts with Java 11.51 Silberschatz, Galvin and Gagne
 Indexed Allocation (Cont.)
 Need index table
 Random access
 Dynamic access without external fragmentation,
but have overhead of index block.
 Mapping from logical to physical in a file of
maximum size of 256K words and block size of
512 words. We need only 1 block for index table.

Q
LA/512
R

Q = displacement into index table

R = displacement into block

Operating System Concepts with Java 11.52 Silberschatz, Galvin and Gagne
 Indexed Allocation – Mapping
(Cont.)
 Mapping from logical to physical in a file of
unbounded length (block size of 512 words).
 Linked scheme – Link blocks of index table
(no limit on size).

Q1
LA / (512 x 511)
R1
Q1 = block of index table
R1 is used as follows:
Q2
R1 / 512
R2

Q2 = displacement into block of index table

R2 displacement into block of file:

Operating System Concepts with Java 11.53 Silberschatz, Galvin and Gagne
 Indexed Allocation – Mapping
(Cont.)
 Two-level index (maximum file size is 512 3)

Q1
LA / (512 x 512)
R1

Q1 = displacement into outer-index

R1 is used as follows:
Q2
R1 / 512
R2

Q2 = displacement into block of index table

R2 displacement into block of file:

Operating System Concepts with Java 11.54 Silberschatz, Galvin and Gagne
 Free-Space Management
 Bit vector (n blocks)
0 1 2 n-1
…

0  block[i] free


bit[i] =
1  block[i] occupied

Block number calculation

(number of bits per word) *

(number of 0-value words) +
offset of first 1 bit

Operating System Concepts with Java 11.55 Silberschatz, Galvin and Gagne
 Free-Space Management (Cont.)
 Bit map requires extra space
 Example:

block size = 212 bytes

disk size = 230 bytes (1 gigabyte)
n = 230/212 = 218 bits (or 32K bytes)
 Easy to get contiguous files
 Linked list (free list)
 Cannot get contiguous space easily
 No waste of space
 Grouping
 Counting

Operating System Concepts with Java 11.56 Silberschatz, Galvin and Gagne
 Free-Space Management (Cont.)
 Need to protect:
 Pointer to free list
 Bit map
 Must be kept on disk
 Copy in memory and disk may differ
 Cannot allow for block[i] to have a situation
where bit[i] = 1 in memory and bit[i] = 0 on
disk
 Solution:
 Set bit[i] = 1 in disk
 Allocate block[i]
 Set bit[i] = 1 in memory

Operating System Concepts with Java 11.57 Silberschatz, Galvin and Gagne
 Linked Free Space List on Disk

Operating System Concepts with Java 11.58 Silberschatz, Galvin and Gagne
 Efficiency and Performance
 Efficiency dependent on:
 disk allocation and directory algorithms
 types of data kept in file’s directory entry

 Performance
 disk cache – separate section of main memory for
frequently used blocks
 free-behind and read-ahead – techniques to optimize
sequential access
 improve PC performance by dedicating section of
memory as virtual disk, or RAM disk

Operating System Concepts with Java 11.59 Silberschatz, Galvin and Gagne
 Directory Structure
 A collection of nodes containing information about all files

Directory

Files
F1 F2 F4
F3
Fn

Both the directory structure and the files reside

on disk
Backups of these two structures are kept on
tapes
Operating System Concepts with Java 11.60 Silberschatz, Galvin and Gagne
 A Typical File-system Organization

Operating System Concepts with Java 11.61 Silberschatz, Galvin and Gagne
 Information in a Device Directory
 Name
 Type
 Address
 Current length
 Maximum length
 Date last accessed (for archival)
 Date last updated (for dump)
 Owner ID
 Protection information (discuss later)

Operating System Concepts with Java 11.62 Silberschatz, Galvin and Gagne
 Operations Performed on Directory
 Search for a file
 Create a file
 Delete a file
 List a directory
 Rename a file
 Traverse the file system

Operating System Concepts with Java 11.63 Silberschatz, Galvin and Gagne
 Organize the Directory (Logically) to
Obtain

 Efficiency – locating a file quickly

 Naming – convenient to users
 Two users can have same name for different
files
 The same file can have several different names
 Grouping – logical grouping of files by
properties, (e.g., all Java programs, all
games, …)

Operating System Concepts with Java 11.64 Silberschatz, Galvin and Gagne
 Single-Level Directory

 A single directory for all users

Naming problem

Grouping problem

Operating System Concepts with Java 11.65 Silberschatz, Galvin and Gagne
 Two-Level Directory

 Separate directory for each user

•Path name
•Can have the same file name for different user
•Efficient searching
•No grouping capability

Operating System Concepts with Java 11.66 Silberschatz, Galvin and Gagne
 Tree-Structured Directories

Operating System Concepts with Java 11.67 Silberschatz, Galvin and Gagne
 Tree-Structured Directories (Cont)
 Efficient searching

 Grouping Capability

 Current directory (working directory)

 cd /spell/mail/prog
 type list

Operating System Concepts with Java 11.68 Silberschatz, Galvin and Gagne
 Tree-Structured Directories (Cont)
 Absolute or relative path name
 Creating a new file is done in current directory
 Delete a file
rm <file-name>
 Creating a new subdirectory is done in current
directory
mkdir <dir-name>
Example: if in current directory /mail
mkdir count
mail

prog copy prt expcount

Deleting “mail”  deleting the entire subtree rooted

by “mail”
Operating System Concepts with Java 11.69 Silberschatz, Galvin and Gagne
 Acyclic-Graph Directories
 Have shared subdirectories and files

Operating System Concepts with Java 11.70 Silberschatz, Galvin and Gagne
 Acyclic-Graph Directories (Cont.)
 Two different names (aliasing)

 If dict deletes list  dangling pointer

Solutions:
 Backpointers, so we can delete all pointers
Variable size records a problem
 Backpointers using a daisy chain organization
 Entry-hold-count solution

Operating System Concepts with Java 11.71 Silberschatz, Galvin and Gagne
 Directory Implementation
 Linear list of file names with pointer to the data
blocks
 simple to program
 time-consuming to execute
 Hash Table – linear list with hash data structure
 decreases directory search time
 collisions – situations where two file names hash to
the same location
 fixed size

Operating System Concepts with Java 11.72 Silberschatz, Galvin and Gagne
 File Sharing
 Sharing of files on multi-user systems is desirable

 Sharing may be done through a protection scheme

 On distributed systems, files may be shared across

a network

 Network File System (NFS) is a common distributed

file-sharing method

Operating System Concepts with Java 11.73 Silberschatz, Galvin and Gagne
 File Sharing – Multiple Users

 User IDs identify users, allowing permissions

and protections to be per-user

 Group IDs allow users to be in groups,

permitting group access rights

Operating System Concepts with Java 11.74 Silberschatz, Galvin and Gagne
 File Sharing – Remote File Systems
 Uses networking to allow file system access between
systems
 Manually via programs like FTP
 Automatically, seamlessly using distributed file systems
 Semi automatically via the world wide web
 Client-server model allows clients to mount remote file
systems from servers
 Server can serve multiple clients
 Client and user-on-client identification is insecure or
complicated
 NFS is standard UNIX client-server file sharing protocol
 CIFS is standard Windows protocol
 Standard operating system file calls are translated into
remote calls
 Distributed Information Systems (distributed naming
services) such as LDAP, DNS, NIS implement unified
access to information needed for remote computing

Operating System Concepts with Java 11.75 Silberschatz, Galvin and Gagne
 Protection
Deals with threats to information that are internal to the system, and
protect it.

 File owner/creator should be able to control:

 what can be done
 by whom

 Types of access
 Read
 Write
 Execute
 Append
 Delete
 List

Operating System Concepts with Java 11.76 Silberschatz, Galvin and Gagne
 Access Lists and Groups
 Mode of access: read, write, execute
 Three classes of users
RWX
a) owner access 7  111
RWX
b) group access 6  110
RWX
c) public access 1  001
 Ask manager to create a group (unique name), say
G, and add some users to the group.
 For a particular file (say game) or subdirectory,
define an appropriate access.
owner group public

chmod 761 game

Attach a group to a file

chgrp G game

Operating System Concepts with Java 11.77 Silberschatz, Galvin and Gagne
 Goals of Protection
 Operating system consists of a collection of
objects, hardware or software

 Each object has a unique name and can be

accessed through a well-defined set of operations

 Protection problem - ensure that each object is

accessed correctly and only by those processes
that are allowed to do so

Operating System Concepts with Java 11.78 Silberschatz, Galvin and Gagne
 Principles of Protection
 Guiding principle – principle of least privilege
 Programs, users and systems should be given just
enough privileges to perform their tasks

Operating System Concepts with Java 11.79 Silberschatz, Galvin and Gagne
 Domain Structure
 Access-right = <object-name, rights-set>
where rights-set is a subset of all valid operations
that can be performed on the object.

 Domain = set of access-rights

Operating System Concepts with Java 11.80 Silberschatz, Galvin and Gagne
 Access Matrix
 View protection as a matrix (access matrix)

 Rows represent domains

 Columns represent objects

 Access(i, j) is the set of operations that a process

executing in Domaini can invoke on Objectj

Operating System Concepts with Java 11.81 Silberschatz, Galvin and Gagne
 Access Matrix

Operating System Concepts with Java 11.82 Silberschatz, Galvin and Gagne
 Use of Access Matrix
 If a process in Domain Di tries to do “op” on object
Oj, then “op” must be in the access matrix

 Can be expanded to dynamic protection

 Operations to add, delete access rights
 Special access rights:
 owner of Oi

 copy op from Oi to Oj
 control – Di can modify Dj access rights
 transfer – switch from domain Di to Dj

Operating System Concepts with Java 11.83 Silberschatz, Galvin and Gagne
 Use of Access Matrix (Cont)
 Access matrix design separates mechanism from
policy
 Mechanism
 Operating system provides access-matrix + rules
 If ensures that the matrix is only manipulated by
authorized agents and that rules are strictly
enforced
 Policy
 User dictates policy
 Who can access what object and in what mode

Operating System Concepts with Java 11.84 Silberschatz, Galvin and Gagne
 Implementation of Access Matrix
 Implementation using Global Table<Di,Oj,Rk) where Di
is the domain,Oj is the object, Rk is the Rights Set.

 Each column = Access-control list for one object

Defines who can perform what operation.
Domain 1 = Read, Write
Domain 2 = Read
Domain 3 = Read


 Each Row = Capability List (like a key for domains)
Fore each domain, what operations allowed on what
objects.
Object 1 – Read
Object 4 – Read, Write, Execute
Object 5 – Read, Write, Delete, Copy

Operating System Concepts with Java 11.85 Silberschatz, Galvin and Gagne
 Access Matrix of Figure A With Domains as
Objects

Figure B

Operating System Concepts with Java 11.86 Silberschatz, Galvin and Gagne
 Revocation of Access Rights
 Access List – Delete access rights from access list
 Simple
 Immediate

 Capability List – Scheme required to locate

capability in the system before capability can be
revoked
 Reacquisition-capabilities are deleted from each domain.
 Back-pointers-list of pointers with each object.
 Indirection-capabilities points indirectly to objects,table entry and object for
a capability must match
 Keys-key of capability must match with the master key.

Operating System Concepts with Java 11.87 Silberschatz, Galvin and Gagne
 Security
 Security must consider external environment of the
system, and protect it from:
 unauthorized access.
 malicious modification or destruction
 accidental introduction of inconsistency.

 To protect the system we must take security

measures at four levels:-
(1)Physical
(2)Human
(3)Network
(4)Operating System

Operating System Concepts with Java 11.88 Silberschatz, Galvin and Gagne
 Authentication
 User identity most often established through
passwords, can be considered a special case of
either keys or capabilities.

 It is Based on:-
 User identification through passwords.
 Artifact based authentication (badge card).
 Fingerprints, retina pattern or signature (biometrics).

 Passwords may also either be encrypted or allowed

to be used only once.

Operating System Concepts with Java 11.89 Silberschatz, Galvin and Gagne
 Program Threats
 Trojan Horse
 Code segment that misuses its environment.
 Exploits mechanisms for allowing programs written by
users to be executed by other users.

 Trap Door
 Specific user identifier or password that circumvents
normal security procedures.
 Could be included in a compiler.

 Stack and Buffer Overflow

 Exploits a bug in a program (overflow either the stack
or memory buffers.)

Operating System Concepts with Java 11.90 Silberschatz, Galvin and Gagne
 System Threats
 Worms – use spawn mechanism; standalone program
 Internet worm
 Exploited UNIX networking features (remote access) and
bugs in finger and sendmail programs.
 Grappling hook program uploaded main worm program.
 Viruses – fragment of code embedded in a legitimate
program.
 Mainly effect microcomputer systems.
 Downloading viral programs from public bulletin boards or
exchanging floppy disks containing an infection.
 Safe computing.
 Denial of Service
 Overload the targeted computer preventing it from doing any
useeful work.

Operating System Concepts with Java 11.91 Silberschatz, Galvin and Gagne
 Threat Monitoring using Firewall
 Check for suspicious patterns of activity – i.e.,
several incorrect password attempts may signal
password guessing.
 Audit log – records the time, user, and type of all
accesses to an object; useful for recovery from a
violation and developing better security measures.
 Scan the system periodically for security holes;
done when the computer is relatively unused.

 A firewall is placed between trusted and untrusted

hosts.
 The firewall limits network access between these
two security domains.

Operating System Concepts with Java 11.92 Silberschatz, Galvin and Gagne
 Intrusion Detection
 Detect attempts to intrude into computer systems.

 Detection methods:
 Auditing and logging.
 Tripwire (UNIX software that checks if certain files
and directories have been altered – I.e. password files)

 System call monitoring

Operating System Concepts with Java 11.93 Silberschatz, Galvin and Gagne
 Encryption
 Encrypt clear text into cipher text.
 Properties of good encryption technique:
 Relatively simple for authorized users to incrypt and
decrypt data.
 Encryption scheme depends not on the secrecy of the
algorithm but on a parameter of the algorithm called
the encryption key.
 Extremely difficult for an intruder to determine the
encryption key.
 Data Encryption Standard substitutes characters
and rearranges their order on the basis of an
encryption key provided to authorized users via a
secure mechanism. Scheme only as secure as the
mechanism.

Operating System Concepts with Java 11.94 Silberschatz, Galvin and Gagne
 Encryption (Cont.)
 Public-key encryption based on each user having
two keys:
 public key – published key used to encrypt data.
 private key – key known only to individual user used to
decrypt data.
 Must be an encryption scheme that can be made
public without making it easy to figure out the
decryption scheme.
 Efficient algorithm for testing whether or not a number
is prime.
 No efficient algorithm is know for finding the prime
factors of a number.

Operating System Concepts with Java 11.95 Silberschatz, Galvin and Gagne
 Encryption Example - SSL
 SSL – Secure Socket Layer

 Cryptographic protocol that limits two computers to

only exchange messages with each other.

 Used between web servers and browsers for secure

communication (credit card numbers)

 The server is verified with a certificate.

 Communication between each computers uses

symmetric key cryptography.

Operating System Concepts with Java 11.96 Silberschatz, Galvin and Gagne