* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Fulltext PDF
Survey
Document related concepts
Transcript
GENERAL I ARTICLE Operating Systems 2. Functions, Protection and Security Mechanisms M Suresh Babu The objectives and stages of operating systems introduced in Part 1 are continued here. Four major components process management, input-output (I/O) device management, memory management, file management and protection are discussed. M Suresh Babu is currently a fourth year undergraduate student in the Department of Computer Science and Engineering, Narayana Engineering College, Nellore, Andhra Pradesh. He would like to work in operating systems, computer networks and also in Internet security concepts. Introduction The process concept and concurrency are at the heart of modern operating systems (OS). A process is the unit of work in a computer system. A process must be in main memory during execution. To improve the utilization of central processing unit (CPU) as well as the speed of its response to its users, the computer must keep several processes in memory. Many different memory-management schemes are discussed. The role of the OS in a computer I/O subsystem is to provide the simplest interface possible to the rest of the system. Protection is an internal problem. Security must consider both the computer system and the environment within which the system is used. Both the above concepts are also discussed. Process Management Part 1. Objectives and Evolution, Resonance, VoL7, No.3, pp.18-24, 2002. Keywords Memory management, process management, I/O device management, file management. A process can be thought of as a program in execution. A process will need a number of resources such as CPU time, memory, files and I/O devices to accomplish its tasks. These resources are allocated to the process either when it is created or while it is executing. The OS is responsible for the following activities in process management: the creation and deletion of both users' and system processes; the scheduling of processes; and the provision of mechanisms for synchronization, communication and deadlock handling for processes. -60-------------------------------~~------------R-E-S-O-N-A-N-C-E--I-A-p-ri-I-2-0-0-2 GENERAL I ARTICLE New: The process is being created. Running: Instructions are being executed. Waiting: The process is waiting for some event to occur. Ready: The process is waiting to be assigned to a processor. Terminated: The process has finished execution. Present-day computer systems allow multiple programs to be loaded into memory and to be executed concurrently. This evolution requires firmer control and more compartmentalization of the programs. This has led to the notion of a process which is more than the program code. Figure 1. We emphasize that a program itself is not a process; a program is a passive (static) entity, such as the contents of a file stored on disk, whereas a process is an active (dynamic) entity, with a program counter specifying the next instruction to execute and a set of associated resources. As a process executes, it changes state. The state of a process is defined in part by the current activity of that process as shown in Figure 1. The objective of time sharing is to allow fast interaction of users with their respective programs by rapidly switching their processes running in the CPU. Whenever the CPU becomes idle, the OS must select one of the processes in the ready queue to be executed. This selection process is carried out by CPU scheduler by implementing scheduling algorithms like First Come-First Serve, Shortest-Job-First, Priority, Round-Robin, Multilevel Queue Scheduling depending on the objective and the system. A cooperating process is one that can affect or be affected by the other processes executing in the system. Cooperating .processes Whenever the CPU becomes idle, the OS must select one of the processes in the ready queue to be executed. CPU scheduler carries out this selection process. -R-ES-O-N-A-N--CE--I--AP-r-il--2-00-?--------------~-------------------------------61 GENERAL The role of the as in computer I/O subsystem is to provide the simplest interface possible to the rest of the system. I ARTICLE may either directly share a logical address space, or be allowed to share data only through files. The former case is achieved through threads or lightweight processes and later by using synchronization techniques like Bounded-Buffer, Readers and Writer, Dining Philosopher Problems. (See [1]). INPUT/OUTPUT Device Management Perhaps the messiest aspect of OS design is input/output [I/O]. The devices attached to a computer vary in multiple dimensions. Devices transfer a character or a block of characters at a time. They can be accessed sequentially or randomly. They transfer data synchronously or asynchronously. They are dedicated or shared. They can be read-only or read-write. They also vary greatly in speed. Because of all these device variations, the OS needs to provide a wide range of functionality to applications, to allow them to control all aspects of the devices. The role of the OS in computer I/O is to manage and controlI/O operations and I/O devices. One key goal of an OS's I/O subsystem is to provide the simplest interface possible to the rest of the system. Because devices are a performance bottleneck, another key is to optimize I/O for maximum concurrency. The basic hardware elements involved in I/O are buses, device controllers and the devices themselves. The work of moving data between devices and main memory is performed by CPU as programmed I/O, or is offloaded to a DMA controller. The kernel's I/O subsystem provides numerous services. Among these are I/O scheduling, buffering, spooling, error handling and device reservation. Another service is name translation, to make the connection between hardware devices and the symbolic file names used by applications. It involves several levels of mapping that translate from a character string name to a specific device driver and device address, and then to physical addresses of I/O ports or bus controllers. This mapping may occur within the file-system --------~-------RESONANCE I April 2002 62 GENERAL I ARTICLE name space, as it does in UNIX, or in a separate device name space, as it does in MS-DOS. Memory Management In a uniprogramming system, main memory is divided into two parts: one part for the operating system (resident monitor, kernel) and the other for the program currently being executed. In a multiprogrammed system, the 'user' part of memory must be further sub-divided to accommodate multiple processes. The task of sub-dividing is carried out dynamically by the OS and is known as memory management. v Effective memory management is vital in a multiprogrammed system. If only a few processes are in memory, then for much of the time all the processes will be waiting for I/O and the processor will be idle. Thus, memory needs to be allocated efficiently to pack as many processes into memory as possible. While surveying the various mechanisms and policies associated with memory management, it is good to keep in mind the requirement that memory management is intended to satisfy. The five requirements are: relocation, protection, sharing, logical organization and physical organization. . Effective memory management is vital in a multi programmed system. If only a few processes are in memory, then for much of the time all the processes will be waiting for I/O and the processor will be idle. The core task of any memory management system is to bring programs into main memory for execution by the processor. In almost all-modern multiprogrammed systems, this task involves a sophisticated scheme known as virtual memory. Virtual memory is in turn based on the use of one or both of two basic techniques: segmentation and paging. There are several memory management techniques of OS provided for this concept (see Table 1 and [4]). File Management In most applications, the file is the central element. Whatever the objective of the application, it involves the generation and use of data files. The input to applications is a file, and in virtu- -R-ES-O-N-A-N--CE--I-A-p-r-il--2-00-2--------------~-------------------------------6-3 GENERAL I ARTICLE Table 1. Comparison of memory management systems. Technique Description Strength Weakness Fixed partitioning. Main memory is divided into a number of static partitions at system generation time. A process may be loaded into a partition site equal to or greater than the process site. Simple to implement; little OS overhead. Inefficient use of memory due to internal fragmentation. Numbers of active processes are fixed. Dynamic partitioning. Partitions are created dynamically, so that each process is loaded into a partition of exactly the same size as that process. No internal fragmentation; more efficient use of main memory. Inefficient use of processor due to the need for compaction to counter external fragmentation. Simple paging Main memory is divided into a number of equal size frames. Each process is divided into a number of equal size pages of the same length. No external fragmentation. A small amount of internal fragmentation. Simple segmentation. Each process is divided into a number of segments. A process is loaded by loading all of its segments into dynamic partitions that need not be contiguous. No internal fragmentation. Need for compaction. Virtual memory paging. As with simple paging, except that it is not necessary to load all processes in main memory. Non-resident pages that are needed are brought in later automatically from disk. No external fragmentation; higher degree of multiprogrammi ng, large virtual process space. Overhead of complex memory management. Virtual memory segmentation. As with simple segmentation except that it is not necessary to load all of the segments of a process. Non-resident segments that are needed are brought in later automatically. No internal fragmentation, higher degree of memory management; large virtual address space, protection and s.haring support. Overhead of complex memory management. -64--------------------------------~~-------------R-ES-O-N-A--N-C-E-I--A-p-ri-I-2-0-0-2 GENERAL I ARTICLE ally all applications, output is saved in a file for long-term storage and for later access by the user and by other programs. Files have a life outside of any individual application that uses them for input and output. Users wish to access files, save them, and maintain the integrity of their contents. To aid in these objectives, virtually all computer systems provide separate filemanagement systems. Typically, such a system consists of system utility programs that run as privileged applications. File-management system needs special services from the as and often the entire file management system is considered part of the as. When discussing about files the four terms that are in common use are field, record, file, and database. Field is a basic element of data. A record is a collection of related fields. A file is a collection of similar records. A database is a collection of related files. A file management system is that set of system software that provides services to users and applications related to the use of files. Typically, the only way that a user or application may access files is through file management system. The operations that are supported by file management system are: Retrieve_All, Retrieve_One, Retrieve_Next, Retrieve_Previous, Insert_One, Delete_One, Update_one, Retrieve_Few. Suggested Reading [1] Silberschatz and Galvin, Operating System Concepts, Pearson Education, India, Delhi, 2000. [2] D H Dhamdhere, System Programming and Operating Systems, Tata McGraw Hill, 2000. [3] Andrew S Tanenbaum, Modem Operating Systems, Prentice Hall ofIndia, 2000. [4] William Stallings, Operating Systems, Prentice Hall of India, 2000. Protection and Security Sharing of programs and data among users of a computer system necessitates strong emphasis on protection and security measures in an as. Both protection and security imply guarding against intrusion in an as. However, in keeping with the convention followed in as literature, a distinction is made between two types of intrusion. Protection: Guarding a user's data and programs against intrusion by internal entities of a system, e.g. other authorized users of the system. Security: Guarding a user's data and programs against intru- Encryption is the fundamental technique for protecting confidentiality of data. Hence it forms the basis of many protection and security mechanisms. --------~-------RESONANCE I April 2002 65 GENERAL Encryption key (K) ~ I ARTICLE Decryption Key (K~ , Plain text ...... Encryption Cipher text Algorithnl (E) Figure 2. .... JIll' Decryption Algorithm (D) Plain text .... .... sion by entities external to a system, e.g. unauthorized persons. The various authorization provisions in a computer system may not confer sufficient protection for highly sensitive data. In such cases, data may be encrypted. It is not possible for encrypted data to be read unless the reader knows how to decipher (decrypt) the encrypted data. Encryption of Data Encryption is the fundamental technique for protecting confidentiality of data. Hence it forms the basis of many protection and security mechanisms. Encryption is the application of an algorithmic transformation to data. The original form of data in plain text is encrypted by an Encryption Algorithm E by using Encryption Key K. The transformed form is called cipher text. The cipher text is transmitted to the destination where that form is to be decrypted using a Decryption Algorithm D with the same Key K to obtain its plain text form, (See Figure 2). Conclusions Address for Correspondence M Suresh Babu In this short article, we have explained various facilities provided in OS. These advances in OS have considerably improved the utilization of resources of a computer and eased their use. C/o N Sudhakar Reddy D. No. 16-3-1141F Pinaki Nagar Haranathapuram IV line Nellore 524003 Andhra Pradesh, India. Email:suresh_0529@ Acknowledgements: The author sincerely acknowledges Prof. E V Prasad, Principal and K V Raghavendra Kumar, Head of the Computer Science and Engineering Department, Narayana Engineering College, Nellore for their timely directions and helpful suggestions to increase the richness of the contents of this article. rediffmail. com --------~-------66 RESONANCE I April 2002