o Information is stored by

Storage recording it
Management magnetically.
o Read – write head
 The management of the data “flies” just above each
storage equipment’s that is surface.
used to store the o Divided into Circular
user/computer generated tracks, which are
data. subdivided into
 A tool or set of processes Sectors.
used by administrators to o Sector – has a fixed
keep your data and storage side and it is the
equipment safe. smallest unit of
 A process for users to transfer; commonly
optimize the use of storage 512 bytes until 2010
devices and to protect the and migrating to 4KB
integrity of data. sector.
Key Attributes:  Heads – are attached to a
o Performance Disk arm – that moves all the
o Reliability heads as a unit.
o Recoverability  Cylinder – set of tracks at a
o Capacity given arm position.
o Each track may contain
Mass – Storage Structure hundreds of sectors.
 The disc drive motor spins it
Hard Disk Drives (HDD) at high speed.
 Each disk Platter – a flat o Rotate 60 to 250 times
circular shape; diameters per second or
range from 1.8 to 3.5 inches. Rotation per minute
(RPM)
o Rotation speed relates
to Transfer Rate.
 Transfer Rate – the rate at
which data flow between the
drive and the computer.
 Positioning Time/Random –
Access Time – consists of
two parts.
o Seek time – time
necessary to move the
disk arm to the desired
cylinder.
o Rotational latency –
the time necessary for
the desired sector to
o Two surfaces are rotate to the disk head.
covered with a  Typical disks can transfer
magnetic material. tens of hundreds of
megabytes of data per
 second, and they have seek
times and rational latencies of
several milliseconds.
o DRAM buffers – known as thumb drive
increase performance.
 Storage capacity measured in
gigabytes and terabytes.
 Disk head flies on an
extremely thin cushion
(measured in microns)
o The danger that the
head may make
contact with the disk
surface is called Head
Crash.
 Head Crash – Head will
sometimes damage the
magnetic surface.
o Cannot be repaired.
o The entire disk must be
replaced.
o Data on the disk are
lost unless they were
backed up to other
storage or RAID
protected.
 HDDs are sealed units and
some chassis.
o Allow their removal
without shutting down
the system or storage
chassis.
o Removable – including
CDs, DVDs and Blu –
ray discs.
Nonvolatile Memory Devices
(NVM)
 Electrical rather than
mechanical.
 The device is composed of a
controller and flash NAND die
semiconductor chips; used to
store data.
 DRAM with battery backing so
it doesn’t lose its content.
 Flash – memory – based
NVM – frequently used in a
disk – drive – like containers.
o Solid – state – disk
(SSD)
o USB drive – also
or flash drive or DRAM
stick.
 NVM devices are more
reliable than HDDs.
o No moving parts and
can be faster because
they have no seek time
or rational latency.
o Consume less power.
o Negative side: More
expensive per
megabyte; less
capacity
o SSDs and similar
devices are now used
in some laptop
computers to make
them smaller, faster,
and more energy
efficient.
 Some systems
use it as a direct
replacement for
disk drives.
NAND semiconductor:
 Read and written in “page”
increment but data can’t
overwrite.
 Data must first be erased, and
erases happen in larger
“block.”
 Can only be erased a limited
number of times before worn
out.
 NVM lifespan is not measured
in years but in Drive Writes
Per Day (DWPD) – measure
how many times the drive
capacity can be written per
day before it fails.
Volatile Memory Devices
 DRAM is frequently used as a
mass – storage device.
 o Can have file system, Kinds of buses available:
be used like very fast o Advanced technology
secondary storage. attachment (ATA).
 RAM drives (RAM disks) – o Serial ATA (SATA).
act like secondary storage but o eSATA
are created by devices drives o Serial Attached SCSI
that carve a section of the (SAS)
system’s DRAM. o Universal serial bus
o Present it to the rest of (USB)
the system as it if were o Fibr Channel (FC)
a storage device.  Most common connected
 The “drives” are used as raw method is SATA.
block devices.  NVM devices are much faster
o File systems are than HDDs.
created on them for o Industry creates a
standard file operation. special, fast interface
 DRAM is volatile, and data on for NVM devices called
a RAM drive does not survive NVM express (NVMe).
a system crash, shutdown, or  Directly
power down. connects the
 Caches and buffers are device to the
allocated by the programmer system PCI bus.
or operating system.  Increasing
 RAM drives allow the user to throughput and
place data in memory for decreasing
temporary safekeeping using latency.
standard file operations.  Controller/Host – bus
o Used as high – speed adapters (HBA) – the data
temporary storage transfers on a bus are carried
space. out by special electronic
Managing RAM: processor.
 Linux - /dev/ram  Host controller – the
 MacOS – controller at the computer end
diskutil of the bus.
 Windows - third- o Can perform a mass
party tools storage I/O operation.
 Solaris and  Using memory –
Linus – create mapped I/O
/tmp and type ports.
“tmpfs.” o It sends commands via
 NVM devices are fast, DRAM message to the Device
is much faster, and I/O controller.
operations to RAM drives are  Device controller – built into
the fastest. each storage device.
o Usually has a built – in
Secondary Storage
cache.
Connection Methods
 Data transfer at the drive
 Attached to a computer by the
happens between the cache
system bus or an I/O bus.
and the storage media, and to
 the host, at fast electronic
speeds, occurs between the
cache and DRAM via DMA
Magnetic Tapes
 an early secondary – storage
medium.
 A nonvolatile and can hold
large quantities of data.
 It accesses time is slow
compared with that of main
memory and drives.
 Random access to magnetic
tape is about thousands of
times slower than random
access of HDDs; a hundred
thousand times slower than
random access of SSDs.
 Used mainly for backup,
storage of infrequently used
information, and as a medium
for transferring information.
 A spool and is would or
rewound past a read – write
head.
HDD Scheduling
o Divided by the total
time between the first
request for the service
and the completion of
the last transfer.
 If the desired drive and
controller are available, the
request can be serviced
immediately; if it’s busy, any
new requests for service will
be placed in the queue of
pending requests for that
drive.
 In Multiprogramming system –
device queue may often have
several pending requests.
 In HDDs interface, much
effort was spent on disk
scheduling algorithms.
FCFS Scheduling
 First Come, First Served
 Simplest form of disk
scheduling.
 This algorithm is intrinsically
fair, but it generally does not
provide the fastest services.

 It is the responsibility of the

OS to use the hardware
efficiently.
 Meeting this responsibility
entails minimizing access
time and maximizing data
transfer bandwidth.
Two major components:
o Seek time – the time
for the device arm to
move the heads to the
cylinder containing the
desire sector.
o Rational latency – the
additional time for the
platter to rotate the
desired sector to the
head.
 Bandwidth – total number of
bytes transferred. SCAN Scheduling
 Sometime called the Elevator
algorithm.
 The disk arm starts at one
end of the disk and moves
towards the other end,
servicing request as it
reaches each cylinder, until it
gets to the other end of the
disk.
 At the other end, the direction
of head movement is
reversed, and the servicing
continues.
 Continuously scanning back
and forth.
 First servicing all the request
going up and then reversing
to service request to the other
way. Error Detection and Correction

 Determines if a problem has

occurred.
 Parity is one form of
Checksum – uses modular
arithmetic to compute, store,
compare values of fixed –
length words.
 Cyclic redundance check
(CRC) – a common method in
networking
o Uses hash function to
detect multiple – bits
errors.
 Error – correction code
(ECC) – not only detects but
can correct some errors.
C – SCAN Scheduling
o Soft errors – are
 Circular SCAN (C – SCAN)
correctable.
 Variant of SCAN
o Hard errors – are non-
 Provide a more uniform wait
correctable.
time.
 When the head reaches the
Storage Device Management
other end, it immediately
returns to the beginning of the
 OS is responsible for several
disk without servicing any
other aspects of storage
requests on the return trip.
device management.
 The new storage device is a
blank slate.
 o Just a platter; a set of across the
uninitialized devices.
semiconductor storage o Logical Formatting –
cells. creation of a file
 NVM pages must be initialize, system.
and Flash Translation  Stores the initial
Layers (FTL) file – system
o Also called as Low – data structures
level formatting or onto the device.
Physical formatting  The partition
 Low – level formatting – fills labeled for boot
the device with a special data is used to
structure for each storage establish the
location. root of the file
o Data structure for a system.
sector or page typically  A computer’s
consists of header, “file system”
data area and a trailer. consists of all
 Header and mounted
Trailer contain volumes.
information used  Cluster – a group blocks
by the controller. together into larger chunks.
Three Steps: o Device I/O is done via
o Partition – the device blocks, but files system
is being partitioned into I/O is done via Cluster.
one or more groups of  OS gives special programs
block pages. the ability to use a partition as
 Mounting – a a large sequential array of
file system is logical blocks, without any file
making the file – system data structures.
system available o Sometimes it is called
for use by the Raw disk.
system and its o I/O to this array is
users. called Raw I/O
o Volume – creation and  Bypassed all the
management. file – system
 Implicit, when a services such
file system is as:
placed directly  Buffer Cache
within the  File Locking
partition.  Prefetching
 Explicit, when  Space
multiple Allocation
partitions or  Filename
devices will be  Directories
used together
as a RAID set Boot Block
with one or
more file  Bootstrap loader – stored in
systems spread NVM flash memory firmware
 on the system motherboard or over a four – conductor
and mapped to a known copper cable.
memory location. Suitable for use of host –
 The tiny bootstrap loader attached storage:
program is also smart enough o HDDs
to bring in a full bootstrap o NVM devices
program from secondary o CD
storage. o DVD
o Full bootstrap o Blu – ray
program – stored in o Tape drive
the “boot blocks” at a o Storage – Area
fixed location. Networks (SANs)
o Boot/System disk – a
device that has a boot Network – Attached Storage
partition.  Provide access to storage
 Boot partition – contains the across a network.
OS and device drivers.  Either a special – purpose
 Master boot record (MBR) – storage system or general
place its boot code in the first computer system that
logical block on the hard disk provides its storage to other
or fist page. hosts across the network.
 Once it identifies the boot  Remote – procedure call
partition, it reads the first (RPC) – interface such as
sector/page from the partition NFS for Unix and Linus
called Boot Sector. systems or CIFS for Windows
o Directs it to the kernel. machine.
o Disk has moving parts o Carried via
and small tolerance; Transmission Control
Prone to failure. Protocol (TCP) or
 Most disks even come from User Datagram
the factor with Bad block. Protocol (UDP) over
an IP network.
Storage Attachment  Usually same
Local – Area
Access in Three ways: Network (LAN)
 Common Internet File
Host – Attached Storage System (CIFS) and Network
 Access through local I/O File System (NFS) provide
ports. various locking features,
 High – end workstations and allowing the sharing of files
servers generally need more between hosts accessing a
storage or need to share NAS with those protocols.
storage.  Provides a convenient way for
 User more sophisticated I/O all the computers on a LAN to
architectures, such as Fiber share a pool of storage with
Channel (FC) – a high – the same ease of naming and
speed serial architecture that access enjoyed with local
can operate over optical fiber host – attached storage.
  It tends to be less efficient o An application simply
and has lower performance pauses access until
than some direct – attached connectivity is
storage options. restored.
 Internet Small Computer
Systems Interface (iSCSI) – NAS
latest network - attached o Protocols were
storage protocol. designed for use LANs,
o Can be used as the which have lower
interconnected latency than WANs
between host and their and are much less
storage. likely to lose
connectivity between
Cloud Storage the storage user and
the storage device.
Difference: o If the LAN connection
fails, a system using
Cloud Storage NFS or CIFS might
o Provides access to hang until recovers.
storage across a
network. Storage – Area Networks

NAS  One drawback of the network

o The storage is
accessed over the
Internet or another
WAN to a remote data
center that provides
storage for a fee.
 How the storage access and
presented to user.
Cloud Storage
o Application Program
Interface (API) based.
o Use the APIs to access
the storage.
NAS
o Access as just another
file system.
 Reason that APIs is used.
 The latency and failure
scenarios of WAN.
Storage Array
– attached storage system.
o Consume bandwidth
on the date network,
thereby increasing the
latency if network
communication
 SAN is a private network,
connecting servers and
storage units
 The power of a SAN lies in its
flexibility.
 Multiple hos and multiple
storage arrays can attach to
the same SAN
 A SAN switch allows or
prohibit access between the
host and the storage
 SAN connectivity is over short
distances and typically has no
routing
 Nas can have many more
connected hosts than SAN.

Cloud Storage
  A purpose – built device that
includes SAN ports, network
ports, or both.
 Contains drives to store data
and a controller to manage
the storage and allow access
to the storage across the
networks.
 Controller – compose of
CPUs, memory and software
that implement the features of
the array.
 Easy to add or remove
storage, and new host and
locate it storage.
 FC is common SAN
interconnect.
 InfiniBan (IB) – a special
purpose bus architecture that
provides hardware and
software support for high –
speed interconnection
network for the servers and
storage units.
Raid Structure
 Economically feasible to
attach many drives to a
computer system.
 Having a large number of
drives in a system presents
opportunities for improving
the rate at which data can be
read or written, if the drives
are operated in parallel
 This set up offers the potential
for improving the reliability of
data storage.
 Redundant information can be
stored on multiple drives.
 Failure of one drive does not
lead to loss of data
 Redundant Array of
Independent Disk (RAIDS) –
Variety of disk – organization
techniques
o to address the
performance and
reliability issues.
 The composition of small,
cheap disks was viewed as a
cost – effective alternative to
large, expensive disks.
 Used for their higher reliability
and higher data – transfer
rate rather than for economic
reasons.
 I in RAID once stood for
“Inexpensive”
Improvement of Reliability via
Redundancy
 The solution to the problem of
reliability is to introduce
redundancy.
o Store extra information
that is not normally
needed but can be
used in the event of
disk failure to rebuild
the lost information.
 RAID can be applied to NVM
devices as well.
 Mirroring technique – the
simplest (but most expensive)
approach to introducing
redundancy and it is to
duplicate every drive.
o Every writing is carried
out on both drives.
o The result is called a
mirrored volume.
 Data will be lost only if the
second drive fails before the
first failed drive is replaced.
 Mean Time Between Failure
(MTBF) – failure is the loss of
data
Two factors:
o MTBF of the individual
drivers.
o the mean time to
repair, which is the
time it takes (on
 average) to replace a
failed drive and to
restore the data on it.
 cannot really assume that
drive failures will be
independent.
o Power failures and
natural disasters.
 As the drivers age, the
probability of failure grows.
 mirrored-drive systems offer
much higher reliability than do
single-drive systems.
 Power failures are a particular
source of concern, since they
occur far more frequently.
 Power fails before both blocks
are fully written; the two
blocks can be in an
inconsistent state.
o One solution to this
problem is to write one
copy first, then the
next.
o to add a solid-state
nonvolatile cache.
 This write-back cache is
protected from data loss
during power failures.
Improvement in Performance via
Parallelism
 With mirroring, the rate at
which read requests can be
handled is doubled, since
read requests can be sent to
either drive.
 The transfer rate of each read
is the same as in a single
drive system, but the number
of reads per unit time has
doubled.
 With multiple drives, we can
improve the transfer rate as
well (or instead) by stripping
data across the drives.
 Data Striping – splitting the
bits of each byte across
multiple drives; such striping
is called Bit – level striping.
 In Block – level striping –
blocks of a file are striped
across multiple drives.
Two main goals:
o Increase the
throughput of multiple
small accesses (that is,
page accesses) by
load balancing.
o Reduce the response
time of large accesses.
 RAID is frequently combined
with NVRAM to improve write
performance and is arranged
into six different levels
RAID Levels
 Mirroring provides high
reliability, but it is expensive.
Striping provides high data-
transfer rates, but it does not
improve reliability.
 To provide redundancy at
lower cost by using disk
striping combined with “parity”
bits.
 These schemes have different
cost–performance trade-offs
and are classified according
to levels called RAID levels.
Three categories:
o Standard
o Nested
o Nonstandard
Standard RAID Level
 RAID 0
o Has striping but no
redundancy of data.
o Offers the best
performance, but it
does not provide fault
tolerance
 RAID 1
o Also known as Disk
mirroring.
 o Consists of at least two o based on parity block-
drives that duplicate level striping.
the storage of data. o The parity information
o No striping. is stripped across each
o Read performance is drive, enabling the
improved, since either array to function, even
disk can be read at the if one drive were to fail.
same time. o results in performance
o The write performance better than that of a
is the same as for single drive.
single disk storage. o RAID 5 requires at
 RAID 2 least three disks.
o Uses striping across  recommended
disks. to use at least
o Storing error checking five disks for
and correcting (ECC) performance
information. reasons.
o Uses a dedicated o generally considered to
Hamming code parity. be a poor choice for
o RAID 2 has no use on write-intensive
advantage over RAID 3 systems because of
and is no longer used. the performance
 RAID 3 impact associated with
o uses striping and writing parity data.
dedicates one drive to  RAID 6
storing parity o similar to RAID 5.
information. o a second parity
o embedded ECC scheme distributed
information is used to across the drives in the
detect errors. array.
o Data recovery is o The use of additional
accomplished by parity enables the
calculating the array to continue
exclusive information. functioning, even if two
o RAID 3 is best for disks fail
single-user systems simultaneously.
with long record o extra protection comes
applications. at a cost.
 RAID 4 o RAID 6 arrays often
o uses large stripes. have slower write
o The user can read performance than
RAID 5 arrays.
records from any single
o Snapchat – a view of
drive.
o all write operations are the file system before
the last update took
required to update the
place.
parity drive, no I/O
o Replication –
overlapping is possible.
 RAID 5 automatic duplication
of writes between
 separate sites for  store information on various
redundancy and storage media.
disaster recovery; can  Devices, HDDs, magnetic
be synchronous or tapes, and optical disks.
asynchronous.  File – mapped by the
 In Synchronous, operating system onto
each block must physical devices.
be written locally o storage devices are
and remotely usually nonvolatile.
before the write o named collection of
is considered related information that
complete. is recorded on
 In secondary storage.
asynchronous, o represent programs
the writes are (both source and
grouped object forms) and data.
together and
 In general, a file is a
written
sequence of bits, bytes, lines,
periodically.
or records, the meaning of
o Hot spare - not used
which is defined by the file’s
for data but is creator and user.
configured to be used Types of Information:
as a replacement in o source or executable
case of drive failure.
programs
o The RAID level can be
o numeric
reestablished
o text data
automatically, without
o photos
waiting for the failed
drive to be replaced. o music
o Allocating more than o video
one hot spare allows o etc.
more than one failure Defined Structure:
to be repaired without o Text file - sequence of
human intervention. characters organized
into lines (and possibly
File – System Interface pages).
o Source file –
Two distinct parts: sequence of functions,
o a collection of files, each of which is further
each storing related organized as
data. declarations followed
o a directory structure, by executable
which organizes and statements.
provides information. o Executable file –
 Most file systems live on series of code sections
storage devices. that the loader can
bring into memory and
File Concept execute.

File Attributes
 File Operation
 A file is named, for the
convenience of its human  A file is an abstract data type.
users, and is referred to by its  The operating system can
name. provide system calls to
o Usually a string of create, write, read, reposition,
characters. delete, and truncate files.
 When a file is named, it Six Basic File Operations:
becomes independent of the o Creating File – Two
process, the user, and even steps; space in the file
the system that created it system must be found
Typically consists of: for the file, and an
 Name – the only information entry for the new file
kept in human-readable form. must be made in the
 Identifier – identifies the file directory.
within the file system; it is the o Writing a File – Make
nonhuman-readable name for a system call
the file. specifying both the
 Type – needed for systems name of the file and
that support different types of the information to be
files. written to the file.
 Location – a pointer to a  Writing pointer
device and to the location of – the location in
the file on that device. the file where
 Size – current size of the file the next write is
 Protection – Access-control to take place;
information determines who must be
can do reading, writing, updated
executing, and so on. whenever a
 Time, date and user write occurs.
identification – This o Reading a File – use a
information may be kept for system call that
creation, last modification, specifies the name of
and last use. the file and where (in
o useful for protection, memory) the next block
security, and usage of the file should be
monitoring. put.
 Read pointer –
 Extended file attributes –
to the location in
character encoding of file and
the file where
security features checksum.
the next read is
 File info window – displays a
to take place.
file’s attributes.
 Both the read
 Directory Structure – it is a and write
collection of nodes collecting operations use
information about files. this same
 Directory entry consists of the pointer, saving
file’s name and its unique space and
identifier. reducing system
complexity.
 o Reposition within a o File pointer - unique to
File – Directory is each process operating
searched for the on the file and
appropriate entry, and therefore must be kept
the current-file-position separate from the on-
pointer is repositioned disk file attributes.
to a given value. o File – open count –
 Also known as tracks the number of
Seek opens and closes and
o Deleting a File – reaches zero on the
search the directory for last close.
the named file; we o Disk location of the
release all file space, file – information
so that it can be reused needed to locate the
by other files, and file on disk is kept in
erase the directory memory.
entry. o Access rights –
o Truncating a File – stored on the per-
user may want to erase process table; the
the contents of a file operating system can
but keep its attributes. allow or deny
 remain subsequent I/O
unchanged requests.
 except for file o File lock – allow one
length process to lock a file
 but lets the file and prevent other
be reset to processes from gaining
length zero and access to it.
its file space  useful for files
released. that are shared
o Open (Fi) – move the by several
content of entry to processes.
memory.  Same
o Close (Fi) – In memory functionality as
to directory structure read – write
on disk. lock.
 To avoid this constant o Shared Lock – akin to
searching a reader lock in that
 open () system call be made several processes can
before a file is first used. acquire the lock
 Open – file table – OS table; concurrently.
containing information about o Exclusive Lock -
all open files. behaves like a writer
 Open count - associated with lock; only one process
each file to indicate how many at a time can acquire
processes have the file such a lock.
opened. o Mandatory/Advisory
Associated with Open File: file – locking
mechanisms
  If a lock is
mandatory, then
once a process
acquires an
exclusive lock,
the operating
system will
prevent any
other process
from accessing
the locked file.

File Types

 always consider; the

operating system recognizes
and supports file types.
 a user tries to output the
binary-object form of a
program.
o This attempt normally
produces garbage.
 common technique
 to include the type as part of
the file name.
 split into two parts—a name
and an extension, usually
separated by a period.
 two forms of binary
executable files.
o Shell script
containing, in ASCII
format, commands to
the operating system.
 UNIX system uses a crude
Magic number – stored at
the beginning of some files to
indicate roughly the type of
the file
 Not all files have magic
numbers.
Access Method
 information must be accessed
and read into computer
memory.
-
Sequential Access
 Simplest access method.
 Information in the file is
processed in order, one
recorded after the other.

Direct Access

 Also known as Relative

Access
 a file is made up of fixed-
length Logical Records –
that allow programs to read
and write records rapidly in no
particular order.
  based on a disk model of a o Could Computing –
file, since disks allow random fire sharing as well.
access to any file block.  Anonymous Access –
 The file is viewed as a allows a user to transfer files
numbered sequence of blocks without having an account on
or records. the remote system.
 no restrictions on the order  FTP is used for both
 great use for immediate anonymous and authenticated
access to large amounts of access.
information.  WWW uses anonymous file
 Relative Block Number - e exchange almost exclusively.
block number provided by the  DFS involves a much tighter
user to the operating system integration between the
o an index relative to the machine that is accessing the
beginning of the file. remote files and the machine
providing the files.
File Sharing
File – System Implementation
 very desirable for users who
want to collaborate and to  Several on-disk and in-
reduce the effort required to memory structures are used
achieve a computing goal. to implement a file system.
 Multiple Users – The system  On disk, the file system may
can either allow a user to contain information about how
access the files of other users to boot an operating system
by default or require that a stored.
user specifically grant access o Boot Control Block
to the files. (per volume) –
 Remote File System – contains information
networking allows the sharing needed by the system
of resources spread across a to boot an operating
campus or even around the system from that
world. volume.
o File Transfer Protocol  If the disk does
(FTP) - manually not contain an
transferring files operating
between machines. system, this
o Distributed File block can be
System (DFS) – empty.
remote directories are  first block of a
visible from a local volume.
machine.  In UFS, it’s
o World Wide Web called Boot
(WWW) – a reversion block
to the first and a  In NTFS, it’s
browser is needed to called Partition
gain access to the Boot sector
remote files. o Volume Control
Block (per volume) –
 contains volume (or  Disks provide most of the
partition) details. secondary storage on which
 In UFS, this is file systems are maintained.
called a Two Characteristics:
Superblock. o A disk can be rewritten
 In NTFS, it is in place.
stored in the o A disk can access
Master File directly any block of
Table. information it contains.
o Directory Structure  To improve I/O efficiency, I/O
(per file system) – transfers between memory
used to organize the and disk are performed in
files. units of blocks.
 In UFS, this  Each block has one or more
includes file sectors.
names and  File system provides efficient
associated and convenient access to the
inode numbers. disk by allowing data to be
 In NTFS, it is stored, located, and retrieved
stored in the easily.
master file table. Two Different Design
 in-memory information is used Problem:
for both file-system o defining how the file
management and system should look to
performance improvement via the user.
caching. o creating algorithms and
o Mount table – data structures to map
contains information the logical file system
about each mounted onto the physical
volume. secondary-storage
o Directed – Structure devices.
cache – holds the  The file system itself is
directory information of generally composed of many
recently accessed different levels.
directories. o I/O control – consists
o System – wide open – of device drivers and
file table – contains a interrupt handlers to
copy of the FCB of transfer information
each open file, as well between the main
as other information. memory and the disk
o Per – process open – system.
file table – contains a o Basic File System –
pointer to the needs only to issue
appropriate entry in the generic commands to
system-wide open-file the appropriate device
table, as well as other driver to read and write
information. physical blocks on the
disk.
File – System Structure
  Each physical UNIX file systems)
block is contains information
identified by its about the file, including
numeric disk ownership,
address permissions, and
 also manages location of the file
the memory contents.
buffers and
caches that hold I/O Systems
various
filesystem,  The two main jobs of a
directory, and computer are I/O and
data blocks. processing. In many cases,
 A block in the the main job is I/O, and the
buffer is processing is merely
allocated before incidental.
the transfer of a  vary so widely in their function
disk block can and speed.
occur.  varied methods are needed to
o File – Organization control them.
Module – files and Two conflicting trends:
their logical blocks, as o Increasing
well as physical blocks. standardization of
 translate logical software and hardware
block addresses interfaces.
to physical block o increasingly broad
addresses for variety of I/O devices.
the basic file  To encapsulate the details
system to and oddities of different
transfer. devices, the kernel of an
o Logical File System – operating system is structured
manages metadata to use Device – driver
information. modules.
 Metadata  Device - driver modules –
includes all of uniform device access
the file-system interface to the I/O
structure except subsystem, much as system
the actual data. calls provide a standard
 manages the interface between the
directory application and the operating
structure to system.
provide the file- Most fit into the general
organization categories of:
module with the o storage devices (disks,
information the tapes)
latter needs, o transmission devices
given a symbolic
(network connections,
file name.
Bluetooth)
o File Control Block
(FCB) – (an inode in
 o human-interface
devices (screen,
keyboard, mouse,
audio in and out)

Common Concept

 Port – a connection point

where a device
communicates with a
computer system by sending
signals over a cable or even  Daisy Chain – an
through the air. arrangement wherein in terms
 Bus – a set of wires and a of the electronics, the
rigidly defined protocol that messages are conveyed by
specifies a set of messages patterns of electrical voltages
that can be sent on the wires. applied to the wires with
It is used if devices share a defined timings.
common set of wires. Buses  Controller – collection of
are used widely in computer electronics that can operate a
architecture and vary in their port, a bus, or a device.
signaling methods, speed,  Host Adapter – a separate
throughput, and connection circuit board that plugs into
methods. the computer.
o PCI bus – the common  Disk Controller – a circuit
PC system bus, board attached to one side of
connects the a disk drive. It implements the
processor–memory disk side of the protocol for
subsystem to fast some kind of connection.
devices. o SCSI or Serial
o Expansion bus – it Advanced Technology
connects relatively Attachment (SATA).
slow devices, such as o It has microcode and a
the keyboard and serial processor to do many
and USB ports. tasks.
o Small Computer
System Interface
(SCSI) bus
composed of four disks
– Protection
connected together
and plugged into a and Security
SCSI controller.
o PCI Express (PCIe) –  a technique to avoid
throughput of up to 16 tampering with logical and
GB per second. physical resources.
o Hyper Transport –  The system must be
throughput of up to 25 protected against
GB per second. unauthorized access, viruses,
worms etc.

DIFERENCE BETWEEN
PROTECTION AND SECUTIRY
Protected
 Deals with who has access to
the system.
 Tackles the system’s internal
threats.
Security
 Gives the system access only
to authorized users.
 Tackles the system’s external
threats.
Protection
 Protected from one another’s
activities.
 A mechanism for controlling
the access of programs,
processes, or users to the
resources defined.
GOALS OF PROTECTION
Several reason to Provide
Protection
 To prevent the mischievous,
intentional violation of an
access restriction by a user.
 To improve reliability by
detecting latent errors at the
interfaces between
component subsystems.
Mechanisms
 How something will be done.
Policies
 What will be done.
PRINCIPLES OF PROTECTION
Principle of least privilege
 A key
 Time-tested guiding principle
of protection.
 Give just enough privilege to
perform their tasks.
 Simplifies design decisions
and keeps the system
consistent and easy to
understand.
Failure or Compromise:
o May result damage like
lost, misused, and
copied information
Audit Trail
 Allow us to trace all protection
and security activities.
DOMAIN OF PROTECTION
1. Hardware Objects
2. Software Objects
CPU
 Can only execute.
Memory Segment
 Can be read and written.
CD-ROM or DVD-ROM
 Can only be read.
Tape Drives
 Can be read, written, and
rewound.
Data files
 Can be created, opened,
read, written, closed, and
deleted.
Program files
 Can be read, written,
executed, and deleted.
Need-to-know principle
 Useful in limiting the amount
of damage a faulty process
can cause.
 Minimize the risks of
possible security violations.
DOMAIN STRUCTURE
Protection Domain
 The resources that the
process may access.
Access right Implement policy decisions
 To execute an operation on o Involves which rights
an object. should be included in
the entry.
Domain
 A collection of access
rights, each of which is an
ordered pair.
Static  Allowing controlled change in
o If the set of resources the contents of the access-
available to the matrix entries requires three
process is fixed additional operations:
throughout the 1. Copy
process’s lifetime. o Allows the access right
Dynamic to be copied only
o More complicated within the column for
Domain Switching which the right is
 Enable the defined.
process to o Denoted by an asterisk
switch from appended.
one domain to
another.

Domain can be realized in a

variety of ways:

User
 It occurs when the user
changes.
Process
 It occurs when one process
sends a message to another
process and then waits for a
response.
Procedure Three copy right:
 Occurs when a procedure call  Copy
is made.  Transfer
 Limited Copy
ACCESS MATRIX
2. Owned
 The general model of o Allows additional of
protection can be viewed new rights and
abstractly as a matrix. removal of some
 Rows represent Domain. rights.
 Columns represent Object.
  Consists of ordered pairs
<domain, right-set>.
 Define all domains with a
non-empty set of access
right for that object.

Capability List for Domain

 A list of objects together
with the operations allowed
on those objects.
Capability
3. Control o An object is often
o Applicable only to represented by its
domain object. physical name or
address.

A Lock-Key Mechanism
 A compromise between
access lists and capability
lists.
Locks
Confinement Problem o Each object has a list
 Generally unsolvable. of unique bit patterns.
 Problem of guaranteeing that Keys
no information initially held in o Each domain has a list
an object can migrate outside. of unique bit patterns.
IMPLEMENTATION OF THE ACCESS CONTROL
ACCESS MATRIX
 Can be used on files within a
Several methods file system.
Global Table Role-Based Access Control
 Consist of a set of ordered (RBAC)
triples <domain, object,  Solaris 10 advances the
rights-set>. protection available in the
Drawback: operating system by explicitly
o Tables are usually adding the principle of least
larger and thus privilege.
cannot be kept in
main memory. Privilege
o Virtual memory  The right to execute a
techniques are often system call or to use an
used. option within that system
call.
Access List for Object  Can be assigned to
 Each column for one object, processes, limiting them to
the empty entries can be exactly access they need to
discarded. perform.
  The capabilities point
indirectly, not directly, to
the objects.

Keys
 A unique bit pattern that can
be associated with a
capability.
 It can be neither modified
nor inspected by the process
that owns the capability.
Master key
o Associated with each
object; it can defined
or replaced with the
set-key operation.

REVOCATION OF ACCESS CAPABILITY-BASED SYSTEMS

RIGHTS
1. Immediate versus Delayed.
2. Selective versus General.
3. Partial versus Total.
4. Temporary versus
Permanent.
Revocation
 Is immediate and can be
general or selective, total or
partial, and permanent or
temporary.
 The capabilities are
distributed throughout the
system, we must find them
before we can revoke them.
Re-acquisition
 Periodically, capabilities are
deleted from each domain.
 Reacquire the capability.
Back-pointers
 A list of pointers is
maintained with each object,
pointing to all capabilities
associated with that object.
Indirection
Hydra
 Provides considerable
flexibility.
 It implements a fixed set of
possible access rights,
including such basic forms of
access as the right to read,
write, or execute a memory
segment.
Auxiliary rights
o When the definition of
an object is made
known to Hydra.
Rights amplification
o Allows a procedure to
be certified as
trustworthy to act on
a formal parameter of a
specified type on
behalf of any process
that holds a right to
execute the procedure.
CAP System
 Can be used to provide
secure protection of user-
defined objects.
Data capability
o It can be used to
provide access to
 objects, but the only 3. Efficiency
rights provided are
the standard read, SECURITY
write, and execute of
the individual storage  Not only an adequate
segments associated protection system but also
with the object. consideration of the
Software Capability external environment.
o Protected, but nor
interpreted, by the THE SECURITY PROBLEM
CAP microcode.
 Total security cannot be
LANGUAGE-BASED PROTECTION achieved.
 We must have mechanisms
 Protection is provided in to make security breaches a
existing computer systems; it rare occurrence, rather than
is usually achieved through the norm.
an operating-system kernel. Intentional (Malicious)
o Easier to protect
COMPILER-BASED against accidental
ENFORCEMENT misuse than against
malicious misuse.
 Specifying the desired Accidental
control of access to a o Protection mechanisms
shared resource in a are the core
system is making a protection from
declarative statement about accidents.
the resource.
Advantage: Intruder and Cracker
o Protection needs are  Those attempting to breach
simply declared, rather security.
than programmed.
o Protection Threat
requirements can be  The potential for a security
stated independently of violation.
the facilities provided.
o The means for Attack
enforcement need to  The attempt to break
not be provided by the security.
designer of a
subsystem. Accident and malicious security
o A declarative notation violations:
is natural because of
access privilege. Breach of confidentiality
Merits of enforcement based  Unauthorized reading of
solely on a kernel: data.

1. Security Breach of integrity

2. Flexibility
  Unauthorized modification of Physical
data.  Physically secured against
armed or surreptitious entry
Breach of availability by intruders.
 Unauthorized destruction of
data. Human
 Authorization must be done
Theft of service carefully to assure that only
 Unauthorized use of appropriate users have
resources. access to the system.
Social Engineering
Denial of service o Aimed at talking a
 Preventing legitimate use of target into revealing
system. specific information
Denial-Of-Service (DOS) or performing a
o Attackers are specific action for
sometimes accidental. illegitimate reasons.
Phishing
Attackers use several standard  A legitimate-
methods in their attempts to looking email
breach security: or web page
misleads a
Masquerading user into
 One participant in a entering
communication pretends to confidential
be someone else. information.
 Attacker breach Dumpster diving
authentication.  Attempting to
gather
Replay Attack information in
 The captured exchange of order to gain
data consists of the malicious unauthorized
or fraudulent repeat of a valid access.
data transmission.
Operating System
Man-In-The-Middle Attack  A system must protect itself
 The attacker sits in the data from accidental or purposeful
flow of a communication, security breaches.
masquerading as the sender
to the receiver, and vice Network
versa.  Intercepting data could be just
Session Hijacking as harmful as breaking into a
o An active computer, and interruption of
communication communication could
session is constitute a remote denial-of-
intercepted. service attack.

Four level of security measures:

 o A macro problem.
Two mistakes:
 A user may run
with more
privileges than
necessary.
 An operating
system may
allow by default
more privileges
than a normal
user needs.

Trap Door
 The designer of a program or
system might leave a hole in
the software that only she
is capable of using.

Logic Bomb
PROGRAM THREATS  A predefined set of
parameters was met, the
 Processes, along with the security hole would be
kernel are the only means created.
of accomplishing work.
o Breach of security is Stack and Buffer Overflow
the common goal of  On a network or dial-up
cracker. connection, to gain
unauthorized access to the
Trojan Horse target system.
 A code segment that
misuses its environment. Virus
Variation:  A fragment of code
A program that emulates a embedded in a legitimate
login program program.
 A self-replicating and are
Spyware designed to “infect” other
o To download ads to programs.
display on the user’s  Once a virus reaches a target
system, create pop- machine, virus dropper
up browser windows inserted the virus into the
when certain sites system.
are visited or capture Types of Viruses:
information from the File
user’s system and o Infects a system by
return it to a central appending itself to a
site. file.
o Also known as Covert Boot
channels.
 o It infects the boot Multipartite
sector of the system, o Infect multiple parts of
executing every time a system.
the system is booted Armored
and before the o a coded virus to make
Operating System is it hard for antivirus
loaded. researchers to
Macro unravel and
o Written in a high-level understand.
language.
o It triggered when a Keystroke logger
program capable of  Records everything entered
executing the macro is on the keyboard.
run.
Source code Monoculture
o It looks for source  Many systems run the same
code and modifies is hardware, operating system,
to include the virus and application software.
and to help spread the
virus. SYSTEM AND NETWORK
Polymorphic THREATS
o It changes each time
it is installed to avoid  Program threats typically use
detection by antivirus a breakdown in the protection
software. mechanisms of a system to
Virus signature attack programs.
 A pattern that  The more open an operating
can be used to system is the more services it
identify a virus, has enabled and the more
typically a series functions it allows; and the
of bytes that more likely it is that a bug is
make up the available to exploit.
virus code.  Masquerading and Replay
Encrypted attacks are also commonly
o Decryption code launched over networks
along with the between systems.
encrypted virus to
avoid deletion. Attack Surface
Stealth  The set of ways in which an
o It is modifying parts attacker can try to break
of the system that into the system.
could be used to detect
it. Worms
Tunneling  A process that uses the
o Bypass detection by an spawn mechanism to
antivirus scanner by duplicate itself.
installing itself in the  It copies itself, using up
interrupt-handler system resources and
chain.
 perhaps locking out all other o Disrupting the network
processes. of the facility.

Morris’s method: Distributed Denial of Service

(DDOS)
Grappling hook  Launched from multiple
o Also called bootstrap sites at once, toward a
or vector program. common target, typically by
o Consisted of 99 lines of zombies.
C code compiled and
run each machine it CRYPTOGRAPHY AS A
accessed. SECURITY TOOL

Cryptography
 Used to constrain the
potential senders and/or
receivers of a message.
Main program  Enable a recipient of a
o To search for other message to verify that the
machines to which the message was created by
newly infected system some computer possessing a
could connect easily. certain key.
 The action has been
characterized as both a Keys
harmless prank gone away  Selectively distributed to
and a serious criminal computers in a network and
offense. used to process messages.

Port Scanning The most important part of

 Not an attacker but rather a cryptography
means for a cracker to
detect a system’s Encryption
vulnerabilities to attack.  Used frequently in many
 It involves a tool that attempts aspects of modern computing
to create a TCP/IP connection because it solves a wide
to a specific port or range of variety of communication
ports. security problems.
 Used to send messages
Denial of Service securely across a network
 Aimed not at gaining as well as protect database
information or stealing data, file, and even entire
resources but rather at disks from having the
disrupting legitimate use of a contents read by
system or facility. unauthorized entities.
Categories:
o Use so many facility Two Types of Encryption
Algorithms
resources that in
essence, no useful
Symmetric Encryption
work can be done.
  Both parties need the key,  Constraining the set of
and no one else should have potential senders of a
it. message.
 Thus, complementary to
Data-Encryption Standard encryption.
(DES)  Also useful for proving that a
o By taking a 64-bit value message has not been
and a 56-bit key and modified.
performing a series of
transformations that Two Types of Authentication
are based on Algorithms
substitution and
permutation Message-Authentication Code
operations. (MAC)
 A cryptographic checksum is
Block cipher generated from the message
 A block of bits using a secret key.
at a time and its  To securely authenticate short
transformation. value.
 If the same key
is used to Digital-Signature Algorithms
encrypt an Digital Signature
extended o Enable anyone to
amount of data, verify the authenticity
it becomes of the message.
vulnerable to
attack. Key Distribution
Out-of-band
Advanced Encryption o Via a paper document
Standard (AES)
or conversation to
o another block ciphers.
deliver the symmetric
o Can use key lengths of key.
128, 192, or 256 bits Digital Certificate
and works a 128-bit o A public key digitally
blocks; compact and signed by a trusted
efficient. party.
Certification Authorities
Asymmetric Encryption o Have their public keys
 Begins with publication of the included within the web
key to the destination. before they are
 Much more computationally distributed.
expensive to execute.
Public-key encryption USER AUTHENTICATION
o A breakthrough in
cryptography.  Major security problem.
o No longer must a key  Authentication involves
be kept secret and messages and sessions.
delivered securely.  If a system cannot
authenticate a user, then
Authentication
 authenticating that a message
came from that user is
pointless.
User’s identity is authentic if:
 The user’s possession.
 The user’s knowledge.
 An attribute of the user.
Password
 The user identifies herself by
user ID or account name, she
is ask for a password.
 Used to protect objects in the
computer system.
 Most systems require only
one password for a user to
gain full rights.
Password Vulnerabilities
Ways to guess a password:
 To know the user or to have
information about the user.
 To use brute force, trying
enumeration or all possible
combination of valid password
character.
Shoulder surfing
o The user is logging in
and can learn the
password easily by
watching the keyboard.
 Human nature.
System generated password
 Difficult to remember, and
thus users may write them
down.
User selected password
 Easy to guess.
One-Time Passwords
 Avoid the problem of sniffing
and shoulder surfing, a
system can use a set of
paired passwords -  A living document that is
randomly selects and
presents one part of a
password pair, user must
supply the other part.
 Challenged and must
Respond with correct answer
to that challenge.
Personal Identification Number
(PIN)
 A one-time password.
Two-Factor Authentication
 Involved one-time password
generator that requires input
by the users.
One-time pad
 A list of single-use
passwords.
 Password on the list is used
once and then is crossed out
or erased.
Biometric
 Palm or hand readers are
commonly used to secure
physical access.
Fingerprint reader
 Accurate and cos-effective
and should become more
common in the future.
 Read finger ridge pattern and
convert them into a sequence
of numbers.
Multi factor Authentication
 Better still
IMPLEMENTING SECURITY
DEFENSES
Security Policy
 First step towards improving
the security.
 It varies widely but generally
includes a statement.
reviewed and updated
 periodically to ensure that is
still pertinent and still Anomaly Detection
followed.  Attempt through various
techniques to detect
Vulnerability Assessment anomalous behavior within
 A way to determine whether a computer system.
security policy has been Zero-day attacks
correctly implemented. o Find previously
unknown method of
Risk Assessment intrusion.
 A value can be placed on
trying to secure the entity. Virus Protection
 Works by searching all the
Penetration test programs on a system for the
 Core activity. specific pattern of
 The entity is scanned for instruction known to make
known vulnerabilities. up the virus.
Safe computing
Intrusion Detection o The best protection
 Securing systems and against computer
facilities is intimately linked to viruses is prevention.
intrusion detection.
 It strives to detect FIREWALLING TO PROTECT
attempted or successful SYSTEM AND NETWORK
intrusions into computer
systems and its name Firewall
suggests, strives to detect  A computer, appliance, or
attempted or successful router that sits between the
intrusion into computer rusted and the untrusted.
systems.  Secure and attack-proof.
 To initiate appropriate  Do not prevent attacks that
responses to the intrusions. tunnels, or travel within
protocols or connections that
Intrusion-Detection Systems the firewall allows.
(IDSs)
 Raise an alarm when Network firewall
intrusion is detected.  Limits network access
between the two security
Intrusion-Prevention Systems domains and monitor and log
(IDPs) all connections.
 Act as a router; passing  Can separate a network into
traffic unless an intrusion is multiple domains.
detected. Demilitarized zone (DMZ)
o An implementation has
Signature-Based Detection the internet as the
 A system input or network untrusted domain, a
traffic is examined for semi-trusted and semi-
specific behavior patterns secure network.
known to indicate attacks.
 their actions through the use
of audit capabilities.
C1-class system
o Incorporate some
form of controls that
allow users to protect
private information
and to keep other
Spoofing users from accidentally
 An unauthorized host reading or destroying
pretends to be an their data.
authorized host by meeting C2-class system
some authorized criterion. o Adds an individual-
level access control
Personal Firewall to the requirement of
 Software was later either C1.
included with the operating Division B
system or added as an  Mandatory-protection systems
application. have all the properties of
 Rather than limiting the class-C2 system.
communication between  Attach a sensitivity label to
security domains, it limits each object in the system.
communication to a given B1-class
host. o Used for decisions
pertaining to
Application Proxy Firewall mandatory access
 Understands the protocols control.
that applications speak B2-class
across the network. o Extend the sensitivity
label to each system
System-call Firewall resource. Such as
 Sit between application and storage objects.
the kernel, monitoring o Physical devices are
system-call execution. assigned minimum-
and maximum-
COMPUTER-SECURITY security levels that
CLASSIFICATION the system uses to
enforce constraints.
Division D B3-class
 It includes only one class o Allows the creation of
and is used for systems that an access-control list
have failed to meet the that denotes users or
requirements of any of the groups not granted
other security. access to given
Division C named object.
 Provides discretionary o Also contains a
protection and mechanism to monitor
accountability of users and events that may
 indicate a violation of
security policy.
Division A
 Functionally equivalent to a
B3 system, but it uses
formal design specification
and verification techniques,
granting a high degree of
assurance that the TCB has
been implemented.
Multiple Processor
Systems
3 kinds of Organization Multiple
Processors
SHARED-MEMORY
MULTIPROCESSOR
o Shared memory
location with multiple
CPU
UMA (Uniform Memory Access)
 Each CPU has given equal
access to memory
o Figure a. no caching
only relying on the
share memory.
o Figure b. each CPU
have a local cache that
have direct access with
certain local variables
which is faster instead
of accessing shared
memory
o Figure c. with caching
and private memories
UMA Multiprocessors using
Crossbar Switches
o Row – CPU and
Column – Memories
o Accessing the specific
CPU and Memory,
using closed and
opened switches
o Advantage:
Nonblocking crossbar;
no interruption
o Drawback: cost of n2 of
n processors
Multistage Switching Network
o Figure a. Use in 2x2
switch
o Figure b. a message
format
o For n memory modules
n
log 2 n stages with
2
switches in each stage
are required
 o ( n2 ) lo g n ≪ n
2
2

Omega Network

o Each node has their

own set of process,
containing CPU,
Memory, Directory and
Local bus that connect
to Interconnection
Network
o An implementation of o Accessing Node ->
bit manipulation Block -> Offset
o Routing due to address o Using Directory can
bits values have faster access
o Conflict possible instead of
forcing retransmission interconnected network
o Interleaved memory that gives slower
system with routing access
based on low-order
bits. Master-Slave Multiprocessors

NUMA (Non-Uniform Memory

Access)
 Non uniform access to the
memory
o There is a single o Each CPU shared
address space visible Memory were
to all CPUs containing OS and a
o Access to remote I/O
memory is via LOAD o There is one CPU that
and STORE consider a Master,
instructions other CPU will be
o Access to remote consider as a Slave
memory is slower than o Single ready processes
access to local list
memory o Avoidance of
nc-NUMA overloading
o When the access time o Master is a bottleneck,
to remote, memory is solution not well
not hidden (because of scalable
no caching)
cc-Numa Multiprocessor Operating System
o When coherent caches Types
are present

Directory-based NUMA
architecture

o Have a User mode and
Kernel Mode operation
o Partitioning
multiprocessor memory
based on how many
CPUs are but sharing a Multicore
single copy of the
operating system code.
Symmetric Multiprocessors (SMP)
o All processors of equal
importance but with the
use of Locks to be
consider before they
can access the
resources
o One copy of operating
system which may be
run by each processor
o Still some trouble with
scalability
o Kernel must be divided
into smaller critical
regions, kernel must be
reentrant
o Huge costs of
synchronization
Multiprocessor Synchronization
o CPU first will read then
the process will be
send then write back to
CPU with the value
that they want to call or
read
o Four steps leading to
an error demonstrated.
The TSL instruction
may fail if the bus
blocking fails. Blocking
of bus/crossbar is
required.
 an integrated circuit that has
two or more processor cores
attached to enhance
performance and reduce
consumption.
 Enable more efficient
simultaneous processing of
multiple tasks, such as
parallel processing and
multithreading
 Multicore refers to 2-8 cores
and Manycore refers to
dozens or hundreds of cores
 The core “C” is connected to
a router “R” through network
adaptor and the core
communicates to other cores
as well as to the external
word passing through the
routers.
 The current core has Level-2
cache memory shared with
 the instruction and data, and
Level-3 tag memory to feed
data from the other cores.

MULTICOMPUTER

o Consist of CPU with

own memory allocation
which is connected to
internet in a wide area
application
o Use interconnection o Hardware level –
with each CPU have its where shared memory
own local memory is located at the middle
allocation of Operating System
and Hardware
o Operating System
Level – where shared
memory is located at
the middle of Run-time
System and Operating
System
o User-Level Software –
where shared memory
 Interconnect topologies is located at the middle
o A. Single Switch of Application and Run-
o B. Ring time System
o C. Grid
o D. Double Torus DSM Memory Distribution
o E. Cube
o F. 4D Hypercube

DISTRIBUTED SYSTEM MEMORY

(DSM)
  Use to translate different kind
of OS to run a specific
application

Network Hardware

o Figure A. Pages of the

address space
distributed among four
machines.
o Figure B. Situation o Figure A. Classical
after CPU 1 references Ethernet
page 10 o Figure B. Switched
o Figure C. Situation if
Ethernet
page 10 is read only
and replication is used Network Interface
Load Balancing

Heuristic algorithm:
 Figure A. An overloaded node o In terms of
looking for a lightly loaded multicomputer, it
node to hand off process connects using each
 Figure B. An empty node network interface, with
looking for a work to do the use of board RAM

Distributed System Different types of Middleware

 Document-based Middleware
 File system-based
Middleware
 Shared object-based
Middleware
 Coordination-based
Middleware in Distributed System Middleware

The Internet
 o Each message has its
own unique IP and
TCP
Network Service
File System-Based Middleware

o Figure A.
Upload/Download
o Connection-oriented: model
no interference, no o Figure B. Remote
delay Access model
o Connectionless:
Need of address and VIRTUAL MACHINE
do the routing, it might  Fundamental Idea – abstract
have some delay and hardware of a single
subdivided into computer into several
different type of different execution
packets; unreliable; environments
might have some data o Basically, creating a
loss computer inside a
computer
Document-Based Middleware o Host – underlying
hardware system
o Virtual Machine
Manager (VMM) or
Hypervisor – creates
and runs virtual
machines by providing
o WWW pages create a big,
interface that is
directed graph of
identical to the host
documents, referencing
o Guest – process
provided with virtual
Packet Headers
copy of the host
o A single physical
machine can run
multiple operating
systems concurrently,
 each in its own Virtual
Machine
System Models
Hypervisor Implementation
 Type 0 – Hardware-based
solutions that provide support
for virtual machines creation
and management via
firmware
 Type 1 – Operating-System-
Like Software built to provide
virtualization
o Also includes general-
purpose operating
systems that provide
standard functions as
well as VMM function
o Direct creation of VM
 Type 2 – Applications that run
on standard operating
systems but provide VMM
features to guest operating
systems
o Implementation – it
uses hosted OS that
need to manage before
using the creating an
VM and communicate
using the Hypervisor
Hypervisor Types
Paravirtualization
 Technique in which the guest
operation system is modified
to work in cooperation with
the VMM to optimize
performance
Programming-environment
Virtualization
 Do not virtualize real
hardware but instead create
an optimized virtual system
o Run in different level of
environment
Emulators
 Allow application written for
one hardware environment to
run on a very different
hardware environment, such
as a different type of CPU
o Use to run a different
kind of application if
the system does not
have a specific kind of
requirements that has
been meet
Application Containment
 Not virtualization at all but
rather provided virtualization-
like features by segregating
applications from the
operating system, making
them more secure and
manageable
 o Use to test and run in  Input allowing the users to
different type kind of control the system or to enter
OS using the VM information
 Output allowing the system to
Is their contemporary processing inform the user (feedback)
power huge enough to resolve all
research/everyday problems? Command-Line Interface (CLI)
 Uses text commands and a
How scalable are computer method for entering them (a
systems? keyboard for typing in
commands in a specific
What is better: connected format with specific options).
autonomous systems or many It provides a command-line
processors with shared memory? interface, or command
interpreter, that allows users
INTERFACING TO to directly enter commands to
be performed.
OPERATING
Graphical User Interface (GUI)
SYSTEMS AND THE  The interface is a window
SPECIAL-PURPOSE system with a pointing device
to direct I/O, choose from
SYTEM menus, and make selections
and a keyboard to enter text.
Interfacing with operating
systems Touch-Screen Interface
 Crucial for software  Interact by making gestures
development, as it allows on the touch screen.
applications to leverage the
capabilities of the underlying Batch Interface
system; Utilizing operating  Non-interactive user
system interfaces. interfaces, where the users
specifies all the details of the
Special-purpose System batch job in advance to batch
 A systems designed for processing and receives the
specific tasks or industries, output when all the
often requiring custom processing is done.
interfaces to interact with
them Choice of Interface
 Whether to use a command-
INTERFACING TO OPERATING line or GUI is mostly one of
SYSTEMS personal reference.
 System Administrators
The User Interface manage computer, Power
 The aggregate of means by Users with deep knowledge
which people (users) interact of a system.
with a particular machine,  Shell Scripts are very
device, computer program or common on systems that are
other complex tool (system) command-line oriented.
THE OERATING SYSTEM
INTERFACE
 The mechanisms for invoking
the operating system are
Interrupts.
 Modern computers will go into
a special mode called
System Mode when they
handle an interrupts.
Interrupts
 It stops what It is doing and
immediately transfers
execution to a fixed location,
usually contain the starting
address where the service
routine for the interrupts is
located.
o Software Interrupts -
invoked by software.
o External Interrupts -
invoked by external
devices.
o Exceptions - invoked
by the processor when
errors occurs.
Software Interrupts
 Triggered by executing
program to request operating
system service
 Application Program
Interface (API) high-level
languages usually provide a
higher-level operating system
interface.
System Calls
 Provide an interface to the
services made available by an
operating system.
Interrupts Handler
 Installed at the target address
for interrupts; it restores the
states of the process that was
executing when the interrupt
occurred.
THE SPECIAL-PURPOSE
SYSTEMS
 Designed and optimized for
specific tasks or
environments; it tailored to
meed the unique
requirements of the targeted
domain.
Real-Time Embedded Systems
 Designed to handle events as
they occur; commonly found
and used in robotics.
 Real-Time OS is designed for
system that requires precise
timing and quick response to
external events.
Multimedia Systems
 A comfortable environment for
the execution of programs,
and it ensures effective
utilization of the computer
hardware.
Handheld and Portable Systems
 Refers to small portable
devices that can be carried
along and are capable of
performing normal operations.
 Small computer pocket side
computing system or
handheld is any portable
devices.

System Mode
 Do things that its cannot do in
the normal mode, which is
called User Mode.
 The foundation of OS
Security.
o

o


o