CPT304 Operating System Theory & Design Final Assignment
OS Theory Concept Map
John Turner
CPT 304
Operating Systems Theory & Design
Professor
Bret Konsavage
January
16, 2023
OS
Theory Concept Map
The fundamental concepts that underly an operating system
(OS) are the major functions; subsystems and components; processes including
process state and control blocks; single and multi-threading; the
critical-section problem; memory management; physical and virtual address
space; file management system; directory structures; I/O devices including
their hardware and software layers; protection and security including their
primary functions; and an access matrix.
The operating system sits at the heart of computer systems. Knowledge of the operating system will be key
to understanding lessons learned in future classes. This paper will identify
features and structure of a current OS; discuss sharing and exchanging
information that is enabled by an OS; discuss main memory and virtual memory in
the context of solving memory management issues; describe how a modern OS handles
files, mass storage and I/O’s; discuss mechanisms of protection and security;
and discuss how the lessons on OS will apply to future classes.
Describe the Features of Contemporary Operating Systems and their Structures
To allow users to use the computer, the OS
manages a user interface. This is accomplished by hardware, that the OS
manages, like keyboards and monitors. These are the I/O operations. In program
execution, the OS turns control over to a program and answers system calls from
that program. Managing the storage of data and programs is a key function of
computers. The OS manages this through file-system manipulation. The OS also
manages communications with other computers and error detection.
From a system operations point of view, the
OS manages and schedules resources through resource allocation. The OS
accomplishes protection and security OS by restricting access to data and
processes. This ensures that processes do not corrupt other processes and that
users access only the data and processes they are allowed to access. The OS may
also be responsible to keep an accounting of what users did, how long they
accessed the system, and how many resources they used. This can be used for
security but also to improve performance by better understanding how users use
the system.
Seeing the OS through data, instructions,
hardware, and safety is just another way to view an OS and there are many
overlapping functionalities from the above description of an OS through users vs.
system operations. Managing data is
absolutely key to any computer system. The OS manages data through cache
management, disc subsystems, and tertiary storage devices.
Instructions: This encompasses the idea of
running programs, processes, system calls, etc. But an OS must also manage
multiple programs happening at once and simultaneously data demands created by
multiprogramming and multiple users. "To ensure orderly access to the
shared memory, a memory controller synchronizes access to the memory"
(Silberschatz et al, 2014, p. 7). And "One of the most important aspects
of operating systems is the ability to multiprogram" (Silberschatz et al,
2014, p. 19). Managing multiple programs is called multiprogramming. Time-sharing,
in this context, is managing orderly access to memory. An OS must also manage
many of the hardware components of a computer. In particular, as mentioned
above, the OS may be responsible for memory-management components. The OS may
also manage the drivers that are used to control peripheral devices like
printers.
Another key aspect are all of the protection
and security functions that an OS may be responsible for. "Protection,
then, is any mechanism for controlling the access of processes or users to the
resources defined by a computer system" (Silberschatz et al, 2014, p. 30). Protection is similar to, but a different function
than, security. “It is the job of security to defend a system from external and
internal attacks" (Silberschatz et al, 2014, p. 30). Basically, protection
defends against accidental problems either from mismanagement of shared data or
errors in one program leaking over to create errors in other programs. Security
is protection from intentional attacks such as viruses. An aspect of safety is user
identifiers that will keep track of what users are doing and users’ permission
levels.
Discuss How Operating Systems Enable Processes to Share and Exchange
Information
A process is the part of a program that is in the process of
being executed. The data and instructions for a process are kept together in a
highly structured manner called the process control block. “Process Control
Block is a data structure that contains information of the process related to
it” (Onsman, 2020, para. 1). Keeping the data and instructions in a structured
PCB allows for more efficient process execution.
A process may be broken down into smaller
chunks called threads. One model of executing processes is to run threads from
one process, one after another, in succession, until the entire process is
complete. This is called single-thread. Another model is to have multiple
threads, possibly from separate processes, running at a time; this is called
multi-thread (Emer et al, 2007, p. 14). Multi-threading
can significantly improve computer performance by eliminating downtime, but it
comes with a host of challenges caused by different processes needing to share
and exchange information.
One way in which an OS enables processes to
share and exchange information is through well-defined memory locations. This
is accomplished through the use of two registers, the base register and the
limit register. In this way, the OS can allow processes to access the memory
they are allowed to access while preventing accidental—or malicious—accessing
of that memory by other processes. The OS may also allow different processes to
access the same information. Processes can then exchange information by
updating shared information. This could cause a problem of a process using
outdated information. To prevent this, a process has a critical section, a
section where it is allowed to access and modify shared information (or other
resources). This can, however, lead to what is known as the critical section
problem.
As described in the textbook, the critical
section problem is the problem of coordinating different processes so that only
one process is running in its critical section at a time. The critical section
is a section of a process that shares common resources with other processes
(Silberschatz et al, 2014). This is part of the process synchronization that
ensures dater integrity. A solution to the critical-section problem must make
sure that only one process is in the critical-section at a time. To reduce
overhead, only processes that still need to enter a critical section should be
considered when granting one process permission to enter their
critical-section.
Finally, there needs to be a limit on how long
a process has to wait to enter its critical-section. To accomplish this,
"There exists a bound, or limit, on the number of times that other
processes are allowed to enter their critical sections after a process has made
a request to enter its critical section and before that request is
granted" (Silberschatz et al, 2014, p. 206-207). This coordination enables
multiple processes to share and exchange information.
Explain How Main Memory and Virtual Memory Can Solve Memory Management
Issues
Memory management issues revolve around one key limitation. The
textbook explains that the CPU cannot access storage (like hard discs, etc). "Main
memory and the registers built into the processor itself are the only
general-purpose storage that the CPU can access directly" (Silberschatz et
al, 2014, p. 326). This means that in order for data and instructions to be
used by a CPU, they must be moved from storage to memory. Because memory is
smaller than storage, the OS must manage which bits of data and/or instructions
are kept in memory at any given time.
To complicate things, an OS will manage the
data/instructions from several processes at one time. To prevent a process from
interfering with the memory of other processes—or the OS itself—each process is
allotted a certain block of memory that it is allowed to access. The block is
defined by the base (or starting address) of the block, and the limit (or the
size) of the block.
The OS will manage main memory as efficiently as possible to
keep as much data as possible directly accessible to the processor. One solution to
this is to use virtual memory. When a program is written, it will not be known
where the data from the program will reside in memory. The program may assign a
type of virtual—or logical—address. At some point, a real address must be
assigned, that is it must go from a logical address to a physical address. This
is referred to, in the text, as binding. There are several stages where a real
memory address can be bound to a segment of data. This can come, according to
the textbook, at compile time, load time, or run/execution time. For
compile-time and load-time, mapping can be done before the CPU sees the
addresses. Run-time mapping is handled by a specific piece of hardware called
the memory-management unit (MMU) (Silberschatz, 2014).
Explain How Files, Mass Storage, and I/O Are Handled in a Modern Computer
System
File systems must be able to access files, both to read and
write. In order to access a file, there must be some way to keep track of what
space is available for new files and where existing files are stored. To do
this, the OS uses a file directory. The directory must be able to: Search for a
file, create a file, delete a file, list a directory, rename a file, and
traverse the file system (Silberschatz et al, 2014, p. 492). In order to make
communication between the I/O device and the OS more efficient, there needs to
be a standard set of interfaces. However, to accommodate new and sometimes very
different types of I/O devices, the interface needs to be less standardized and
more flexible. To handle these divergent needs, the OS uses a combination of
hardware and software.
The textbook states what types of hardware and software are
used. "The basic I/O hardware elements, such as ports, buses, and device
controllers, accommodate a wide variety of I/O devices" (Silberschatz et
al, 2014, p. 562). The software side is handled by the OS through the use of a
dedicated kernel. "These methods form the I/O subsystem of the kernel,
which separates the rest of the kernel from the complexities of managing I/O devices"
(Silberschatz et al, 2014, p. 561). Through this kernel, the OS provides
several I/O services. "Several services—scheduling, buffering, caching,
spooling, device reservation, and error handling—are provided by the kernel’s I/O
subsystem and build on the hardware and device-driver infrastructure. The I/O subsystem
is also responsible for protecting itself from errant processes and malicious
users" (Silberschatz et al, 2014, p. 578). Files are used by modern
computers mostly to create organization that a human can understand.
Outline the Mechanisms Necessary to Control the Access of Programs or Users
to the Resources Defined by a Computer System
To control the access of programs and users to resources, an
OS will use both security and protection. The goal of protection is, “…[T]o
ensure that each program component active in a system uses system resources
only in ways consistent with stated policies" (Silberschatz et al, 2014,
p. 602).
One mechanism of protection and security comes from
language-based protection or security. While the domain-based methods above may
operate at lower levels, the language-based methods work with higher programming
levels. “In computer science, language-based security (LBS) is a set of
techniques that may be used to strengthen the security of applications on a
high level by using the properties of programming languages. LBS is considered
to enforce computer security on an application-level, making it possible to
prevent vulnerabilities which traditional operating system security is unable
to handle” (Language-Based Security, 2022, para. 1). This creates another level
of protection and security.
Protection and security must protect programs, systems, and
networks, but still make them available to users and processes. One of the
major mechanisms of protection and security is the principle of least
privilege. According to the principle of least privilege, an OS will limit
which objects a process can access. "A computer system is a collection of
processes and objects. By objects, we mean both hardware objects (such as the
CPU, memory segments, printers, disks, and tape drives) and software objects (such
as files, programs, and semaphores)" (Silberschatz et al, 2014, p. 603). Each
process should be limited to which objects it can access and what actions it
can execute on that object with only as much permission as is necessary.
One mechanism to achieve both protection and security is to
enforce domains. A domain is an area in which a process is allowed to operate. Or,
to put it another way, a domain contains all of the access rights that a
process has.
Another mechanism to promote security and protection is an access
matrix. This is where access rights are organized into domains. "The
ability to execute an operation on an object is an access right. A domain is a
collection of access rights, each of which is an ordered pair <object-name,
rights-set>" (Silberschatz et al, 2014, p. 604).To keep track of the
various access rights, they can be arranged into an access matrix. This is
simply a table with the various objects as column headers and the various
domains as row headers. At the intersection of an object and process, the
matrix lists any access rights (i.e. read or write).
Recommend How You Will Use These Concepts About Operating Systems Theory in
Future Courses and/or Future Jobs
While I am just over halfway through this bachelor’s degree
program, I have just finished the general education portion of the program and
moved into the computer-specific classes.
Many of the concepts are new to me, so it is difficult to know exactly
how each new thing learned will fit into the bigger picture. However, to be sure, the OS will be at the
heart of everything that is to come.
When learning to program, it will be useful to know how the OS manages
memory and program to make the best use of that memory management. Actually, it is nice to know the difference
between memory and storage. Another
important area is protection and security.
It seems that this will be another topic that is key to all other
areas. For instance, in this week’s
lesson, we read about how a security hole caused by a stack overflow can be
eliminated by simply enforcing a limit on input size. When I learn about things like this in the
classes to come, having a basic understanding of the OS will help me understand
how things fit together.
Figures
Figure 02: Process State Concept
Map
Conclusion
The OS sits at the heart of modern computing systems. A basic understanding of the OS will aid in
understanding every other function of a computer. This class will be a great starting point for
the classes that follow. The class
covered features and structure of an OS; sharing and exchanging information
among processes; main memory and virtual memory in the context of solving
memory management issues; how a modern OS handles files, mass storage, and
I/O’s; mechanisms of protection and security; and discuss how the lessons on OS
will apply to future classes.
References
Emer, J. Hill, M. Patt, Y.N. Yi, J.J. Chiou, D. Sendag, R.
(2007). Single-threaded vs. multithreaded: Where should we focus?. IEEE
Computing Society. https://research.cs.wisc.edu/multifacet/papers/ieeemicro07_debate.pdf
Language-based security. (2022, January 5). In Wikipedia.
https://en.wikipedia.org/wiki/Language-based_securityOnsman, A. (June 23,
2020). What is process control block (PCB)?. Tutorials Point.
https://www.tutorialspoint.com/what-is-process-control-block-pcb
Silberschatz, A.,
Galvin, P. B., & Gagne, G. (2014). Operating system concepts essentials
(2nd ed.). Retrieved from https://redshelf.com/
Comments
Post a Comment