COMP6015 - SecOS Flashcards
What are the 4 ‘roles’ of an Operating System?
Assistant, Broker, Supervisor, Interface.
ASBI
What does the OS do as an Assistant?
Provides common functions that can be reused across different programs.
What does the OS do as a Broker?
Shares resources (memory, disk space, network, CPU usage) between processes.
What does the OS do as a Supervisor?
Detects messages from processes such as interrupts and logging.
What are the 5 types of Computer?
Mainframe, ‘Miniframe’, Personal Computer, Mobile, Network Server.
What is the name of the system at the heart of the OS?
What does it have access to?
The Kernel.
Everything; hardware, memory, processes, etc.
What are the advantages and disadvantages of using a Microkernel?
Advantage: Kernel code is dangerous, so keeping it minimal reduces the risk of system crashes.
Disadvantages: Lots of functionality that has been moved out of the Kernel will need to be filtered through into one system, which can have a negative impact on performance.
What is a Modular Kernel?
Modular Kernel is an architecture where every component of the OS can be placed inside or outside of the Kernel.
This is done by Linux, but requires recompilation, so it’s only possible where the source code is available.
What does Intel call their privilege layers and how many are there?
4 or 7.
Standard:
- Ring 0 (Kernel),
- Ring 1 (Hardware I/O Drivers; e.g. video or audio),
- Ring 2 (System Functionality; e.g. file system access),
- Ring 3 (Application).
Detailed (conceptual; not represented by bits):
- Rings 0, 1, 2, and 3.
- Ring -1 (Hypervisor)
- Ring -2 (SMM - System Management Mode)
- Ring -3 (ME - Management Engine)
What is the difference between a Process and a Program?
The program is the instructions on disk.
The process is the instance of the program running, which also includes active memory allocation and a program counter.
What is the difference between Multiprocessing, Multiprogramming, Multithreading, and Multitasking?
Multiprocessing - Parallel execution of processes across multiple CPUs or cores.
Multiprogramming - Multiple programs loaded into memory and executed by a single CPU or core by switching between them.
Multithreading - Concurrent execution of multiple threads in the same process.
Multitasking - An umbrella term for any scenario for parallel or concurrent (time-sharing) execution of processes or tasks.
What is the difference between a Program, a Process, a Thread, and a Task?
Program - A program is a file containing a set of instructions.
Process - A process is an instance of a program with its own system resources such as allocated memory and a program counter.
Thread - A thread is a unit of execution within a process. A process can have one or more threads that run concurrently, and these threads share system resources such as memory.
Task - Umbrella term for either a process or a thread.
What are the states in a 2 state process model?
Not Running and Running.
What are the states in a 3 state process model?
Blocked, Ready, Running.
What are the states in a 5 state process model?
New, Blocked, Ready, Running, Exit.
What are the process states in Windows?
Running, Ready, Standby, Transition, Waiting, Terminated.
Standby - Marked to be scheduled.
Transition - Waiting only for memory paging and scheduling.
Waiting - Waiting for a syncronisation event.
Terminated - Done and can be cleaned up.
What are the process states in Linux?
Running, Runnable, Interruptable, Uninterruptable, Stopped, Terminated, Zombie.
Runnable - In Queue
Interruptable - Waiting for a synchronisation event.
Uninterruptable - Waiting for DMA or I/O.
Stopped - Marked to not execute, but can be revived.
Terminated - Done and can be cleaned up.
Zombie - Done but waiting for its parent process to collect its data.
What 4 things does a process consist of?
- Program.
- User Data.
- Stack.
- PCB (Process Control Block)
- Process ID and IDs of any children.
- State Information.
- Control Information
- Scheduling.
- ICP Information.
What are the two types of Interrupt handling responsible for?
First Level Interrupt Handling (FLIH)
- Save process information.
- E.g. Registers are saved to the Process Control Block (PCB).
Second Level Interrupt Handling (SLIH)
- Control is transferred
What is Thread Pooling?
Rather than having Processes create their own threads dynamically when needed, each Process is given a pool of some amount of threads that it can make free use of.
What are some examples of CPU Scheduling Algorithms
First Come First Served (FCFS)
Shortest Job First
Priority Scheduling
Round Robin
What are some of the metrics used to measure the effectiveness of Scheduling algorithms?
Average Turnaround Time - time from start to all tasks completed / number of processes
Average Waiting Time - average(time between process availability and process completed)
What Scheduling algorithm does Windows use?
Round Robin with 32 priority levels.
Levels >16 are real time.
UI windows have their quantum time tripled when in focus.
Windows 8 and higher adjust the frequency of clock interrupts based on system activity to save power.
What Scheduling algorithm does Linux use?
Completely Fair Scheduler (CFS).
Each thread chooses its own scheduling policy and priority.
Previously it used an O(1) Scheduler, and before that it used a simple Round Robin system.
What is a Race Condition?
A race condition is where two or more threads attempt to access the same memory location or resource at the same time.
How do we solve the issue of a Race Condition, and what boundaries must be defined in our code to facilitate this.
A Mutex or Semaphore is required to prevent multiple threads from accessing a resource at the same time.
The Mutex or Semaphore should be placed around a Critical Region.
The Critical Region is the area of code where the resource is needed.
The Mutex or Semaphore will cause the program to wait at the Critical Region until it is safe to proceed.
What is the difference between a Mutex and Semaphore?
Mutexes are basic locking objects with two states (locked and unlocked).
Semaphores are non-negative integer counters used when you have multiple identical copies of a resource available and any of them can be used.
What is an ACL in Operating Systems?
An Access Control List (ACL) is a technique of managing permissions in the file system.
What are CAV and CLV in disk read/write?
Constant Angular Velocity - constant RPM.
Constant Linear Velocity - adjusted RPM based on radius position.
What is the equation for bandwidth?
(Number of Bytes Transferred) / (Time)
What are some of the methods of disk scheduling?
- First Come, First Served (FCFS)
- Shortest Seek Time First (SSTF)
- SCAN
- LOOK
What is the difference between SSTF and SCAN disk scheduling?
Shortest Seek Time First (SSTF) will rotate clockwise and anticlockwise to minimise the movement time and maximise the read/write time.
SCAN will rotate in only one direction.
SSTF is more efficient in terms of read/write time, however some requests may hang for a significant and unfair amount of time (if there are many requests on the opposite side of the platter). SCAN will avoid this starvation issue.
What is the difference between SCAN and C-SCAN disk scheduling?
SCAN will search from start to end, then end to start and repeat.
C-SCAN or Circular SCAN will search from start to end and then repeat.
What are the LOOK and C-LOOK disk scheduling algorithms?
Variants of SCAN and C-SCAN (respectively) that only reach the position of the final request before resetting, rather than the end of the disk.
What is RAID in storage?
Redundant Array of Independent Disks.
A method of combining small disks to provide redundancy in case of a failure.
What is RAID 0?
RAID 0 uses disk stripping to improve performance and capacity, but no redundancy is used meaning that a single drive failure will result in data loss.
What is RAID 1?
RAID 1 uses disk mirroring where data is directly copied across multiple drives.
What is RAID 2?
Data stripping at the bit level and uses Hamming for error correction.
Not used in practice as it is too difficult and expensive.
What is RAID 3?
Data stripping at the byte level with a dedicated parity disk.
Parity disk can be a bottleneck; not used in practice.
What is RAID 4?
Data stripping at the block level with dedicated parity disk.
Good read performance; parity disk can be a bottleneck; rarely used today.
What is RAID 5?
Data stripping at the block level (like RAID 4) but with parity distributed across all disks rather than having a dedicated parity disk.
+ Fault tolerance, read speed.
- write speed, disk rebuild speed.
Used for file servers.
What is RAID 10?
Combination of RAID 0 (Stripping) and RAID 1 (Mirroring).
+ high performance and fault tolerance, can sometimes recover from multiple disk failures.
- expensive (requires at least 4 disks), only 50% of storage is usable.
Which RAID levels should be used where?
Performance: RAID 0 or RAID 10.
Redundancy: RAID1 or RAID 10.
Capacity Efficiency + Redundancy: RAID 5.
What is RAID 6?
Similar to RAID 5 but uses double distributed parity meaning it can handle multiple disk failures at the cost of much slower write time.
What is a Virtual File System?
The Operating System doesn’t want to know the details of the storage system hardware, so access is conducted through an interface.
This means, for example, that a network drive behaves the same as a local drive.
What are inodes?
Inodes (or index nodes) store metadata about files and directories.
They store:
- File Type
- Permissions
- Owner (UID) and Group (GID)
- File Size
- Timestamps
- (and a few others)
But notably they do not store:
- Filename (stored in the directory structure)
- File content
What file structure does DOS use?
How does it work?
FAT32 (File Allocation Table 32-bit)
Uses a table to track where on disk files are stored.
Table records Chains of Clusters (of Blocks).
Each entry points to the next Cluster of the file, or marks the end of the file.
How do directories work in FAT32?
Directories are special files that contain a list of filenames with their cluster locations, sizes and some other attributes.
How does FAT32 handle free space?
Unused Clusters are marked as free.
When a new file is created, the system looks for free clusters.
Where is FAT32 used?
USB storage devices, SD cards, external storage devices.
Sometimes full computer system storage.
However it’s quite dated and its main benefit today is cross-platform compatibility.
What file structure does modern Windows use?
How does it work?
NTFS (New Technology File System)
Has a Master File Table (MFT) to store metadata about every file and directory.
Small files can be stored directly in the MFT (‘resident’ files) for performance.
Disk is split into Clusters (of around 4KB).
Files larger than 1 Cluster will have all locations listed in the MFT.
Directories are structured as B (Balanced) Trees for quick traversal.
Journaling / Transition Log is used (before modification to the file system takes place) so that changes can be undone or replayed in the event of a crash.
Uses Access Control Lists (ACLs).
Supports Encrypted File System (EFS).
Supports Symbolic Links.
What file structure did Mac OS use before 2017?
How does it work?
HFS+ (Hierarchical File System Plus)
- Partition Map to keep track of different partitions on the disk.
- Allocation File tracks block usage.
- Catalog file holds B (Balanced) Tree of file directory
What file structure does Mac OS use since 2017?
APFS (Apple File System)
What are the differences between NTFS and HFS+?
NTFS optimised for Windows; HFS+ optimised for Mac OS.
HTFS supports more sophisticated Journaling.
HTFS supports more sophisticated Access Control Lists (ACL).
HTFS supports Encrypted File System (EFS).
HTFS is optimised for SSDs.
HTFS deals better with disk fragmentation.
What are the 6 most common File System structures?
What are the key differences between them?
FAT32 -> ExFAT
NTFS -> ReFS (Windows)
HFS+ -> APFS (Mac OS)
ExFAT replaced FAT32; APFS replaced HFS+; ReFS is a more optimised alternative to NTFS for Windows Server only.
Journaling is not present in FAT32 or ExFAT. It is more advanced in ReFS and APFS.
Compression is only available in NTFS and HFS+.
Encryption is available in NTFS, HFS+ and APFS.
Fragmentation is best handled in ReFS and APFS; handled well in ExFAT and NTFS; poorly in HFS+; very poorly in FAT32.
FAT32 and ExFAT have no crash protection.
NTFS achieves it with Transaction Logs.
ReFS with Self-healing.
HFS+ with Journaling.
APFS with Atomic Transactions.
FAT32 - Best for compatibility.
ExFAT - More robust than FAT32 at a slight cost to compatibility.
NTFS - Secure with large volume support.
ReFS - Scalable with data integrity, but only for Windows Server.
HFS+ - Best Mac OS support
APFS - Fast secure and robust, but only for modern Apple devices.
What is Journaling in File Systems?
Journaling is where when data is updated, the old data is not actually replaced, but rather new nodes are created in a linked-list-like structure and the relevant references are updated.
What file structures are used by CD ROMs?
ISO 9660 (High Sierra) - non-rewritable disks.
ISO 13346 - rewritable disks.
What is a Deadlock?
To avoid Race Conditions, processes need to lock down resources.
If two processes both need access to the same two resources and one process has a lock on one resource and the other on the other, you have an infinite loop where neither process can progress and return the resource.
This kind of locking infinite loop is called a deadlock, and can sometimes be invoked from large chains of processes.
What are the 4 conditions of a Deadlock?
Mutual Exclusion.
Hold and Wait.
No Preemption (resource cannot be taken from a holding process).
Circular Wait.
What is Banker’s Algorithm?
Deadlock Avoidance algorithm by Dijkstra.
- Maximum
- Allocated
- Required
- Available
- Total
You have matrices for Maximum and Allocated which tell you how many of each Resource each Process needs, and already has.
You also have a matrix for Required, which is Maximum - Allocated.
You have the number of each Resource that is still Available for allocation.
You can compute the Total number of each Resource by summing Allocated for each Process and the Available.
How does Banker’s Algorithm work?
Given the Maximum and Allocated matrices along with the Available Resources, compute the Required and Total.
For each process, if Required < Available the process can complete and Available increases by Allocated for the process.
Repeat until all processes have been completed or a full loop has run without completing any processes.
If there are incomplete Processes and no more can be completed, you have a deadlock.
What is the difference between a Mainframe and a Miniframe?
Miniframes have more users, so the OS role of an Interface becomes more important.
During CPU Scheduling, what are the different types of systems, and what task priorities do they have?
- All Systems
- Fairness
- Policy
- Balance
- System-critical
- Batch Systems
- Throughput
- Turnaround time
- CPU Utilisation
- Interactive Systems
- Response time
- Active Windows
- Real-time Systems
- Meeting deadlines
- Predictability
What are the 6 parts of Process Management?
Creation
Termination
Process State Models
Process Description
Process Control Block (PCB)
Process Switching and Interrupts.
What is Strict Alternation?
A turn-based system to solve Race Condition issues.
Main problem is that when a process doesn’t use its turn, it will not pass its turn on to other processes that may need it.
What is Peterson’s Algorithm?
A system to solve Race Condition issues.
One critical region ticket is available.
Process must claim the ticket before entering the critical section.
Only one process may have the ticket at once.
If a process doesn’t need it, it doesn’t prevent the others (solves issue of Strict Alternation).
What is a File System?
[Definition]
An organised collection of files, usually in a hierarchical structure.
What is a Record? (File Systems)
[Definition]
A discrete part of a file. Records can be single bytes or more complex data structures.
What is a Block? (File Systems)
[Definition]
The smallest chunks of individually addressable storage.
What is the CIA principle?
Confidentiality
Integrity
Availability
Non-repudiation
How do you recover from a Deadlock?
- Don’t claim any of the required resources unless they’re all available.
- If a process is waiting for more than some small but random amount of time, drop all held resources, pause and then try again.
What is Paging?
The mapping between virtual memory addresses (that we use in programming) and physical memory in the device.
Why do we need Paging?
Because the virtual memory space we want to use is often larger than the physical space.
(check this).
What is a Page Fault?
When we try to lookup a page from the Page Table and it is absent.
(check this).
What is NRU replacement in Paging
Not Recently Used
R bit -recently accessed flag
M bit - recently modified flag
4 classes (each combination of R and M)
(find more info).
What is Second Chance replacement in Paging?
?
What is Clock-based replacement in Paging?
?
The same as Second Chance replacement but uses a circular queue instead of a regular queue
note to self: review Week 7
What is a Multi-level Page Table?
12-bit offset leaves 64-12=52 bits for paging on a 64-bit machine (32-12=20 bits on 32-bit).
This gives us the capacity for ~4PB of RAM which is not very practical.
Instead,we can make use of an optimisation technique(?)
(more info)
What are the different Segmentations in a Program?
- Symbol Table
- Source Text
- Constants
- Parse Tree
- Call Stack
What are the benefits to using Segmentation?
- Arc Injection prevention.
- DMA protection?
(find more).
What are the benefits of Harvard Architecture over Von Neumann?
- Security
- Speed (parallel instruction/data access)
(more?)
What are the drawbacks of Harvard Architecture vs Von Neumann?
- Cost
- Device efficiency? (if one is at capacity it cant use extra space from the other)
(more?)
What is ASLR?
Adress Space Layout Randomisation
(more info)
What is the Optimal Page Replacement Algorithm?
?
What is ESP?
Executable Space Protection.
(more info; reference buffer overflow)
What is the difference between Protection and Security?
Protection is internally-facing.
Security is externally-facing.
What is RBAC?
Role-based Access Control.
Permissions are set for roles rather than individuals.
What are ACLs?
Access Control Lists.
Used by RBACs to store the permissions for each role.
Contain Access Control Entries (ACEs).
What is an Access Matrix?
Abstraction of a systems protection domain.
Row labels = users/processes
Column labels = objects
Cells = permission levels
What are the 3 principles of Protection?
Principle of least privilege
Principle of privilege separation
KISS Principle
What are the 3 main types of kernel?
Monolithic
Microkernel
Hybrid
(What about Modular Kernel?)
When would you use a Monolithic Kernel vs Microkernel?
Monolithic has everything in one place which is efficient but can become very complex.
Microkernel separates things out and delegates different functions to different processes, offering flexibility and modularity at the cost of performance.
Monolithic might be preferable for performance-critical systems like simulation clusters, or just where the requirement specification itself is fairly simple.
What is the difference between Monolithic Kernel, Microkernel, and Modular Kernel?
(todo)
How does Buffer Overflow work?
Give Pseudocode.
(todo)
What is Address Randomisation?
(todo; reference buffer overflow)
