Homework 1 Solutions [5] 1.5) In a multiprogramming and time-sharing environment, several users share the system simultaneously. This situation can result in various security problems.
1. One user can read the private data of another user - privacy. 2. One user can corrupt the private data of another user - integrity. 3. One user can prevent another user from getting anything done - denail of service.
There are two answers, either one correct. Yes - if we can ensure that the operating system prevents any sharing of data between users, either for reading or writing, and fairly shares the computer, then we can achieve the same level of security. No - we can never be sure that our software doesn't have bugs, so we can never be sure that we prevent all sharing of data and fairly allocate computer resources.
A user is better off under three situations: when it is cheaper, faster, or easier. For example: 1. When the user is paying for management costs, and the costs are cheaper for a time-sharing system than for a single-user computer. 2. When running a simulation or calculationg that takes too long to run on a single PC or workstation. 3. When a user is travelling and doesn't have laptop to carry around, they can connect remotely to a time-shared system and do their work.
This is not as necessary as it once was - computers now have enough RAM and disk space that they can afford to waste some, particularly to make the computer easier to use. In addition, it may make sense to do things in a less efficient, but simpler and less error prone fashion to improve security and reliability. However, most users occasionally overtax their machine, either through gaming or other CPU and memory intensive programs, and to make the computer feel responsive the OS has to effectively share the resources.
Answer from lecture: an interrupt is an asynchronous (can happen at any point in the execution of a program) signal to the processor, usually from a peripheral, to execute some service code. Answer from the book: an interrupt is any event which must be handled by the operating system. A trap is a synchronous, software generated signal (caused by a particular program instruction) to the processor to execute some operating system code. The trap may be requested (via a trap instruction) or the result of an error, such as an illegal memory access. Interrupts, as defined in lecture, are used for external devices to signal the processor to execute some service code, such as transferring data. Traps are used both for controlled transfers between user code and the operating system, via system calls, and for error handling.
1. Caches allow faster access to data by storing data in a physically faster device (e.g. memory instead of disk). 2. Caches reduce the cost of finding data by requiring only a small number of items be searched. 3. Caches reduce the load on a slow physical devices, by handling most accesses to data on a faster, more capable device. Caches solve the problem of slow data access, by keeping needed data in a cheap-to-access place. Caches cause consistency problems, because the real data (for example, on disk) may be different than the cache. Making a cache as large as the device may be useful if it can be made fast. However, the device is still needed to store data when power is turned off.
- Dual-mode bit: Allows hardware-level distinction between user and system modes and hence protects the OS from malicious or faulty user programs by restricting dangerous behavior to system mode operation. - Memory protection (base and limit registers or page tables): Base and limit registers effectively define the legal address range of a program and as such, they allow the CPU to check that every address a program generates is legal, protecting operating system memory from malicious or wonton accesses. - Fixed-rate clock and counter for interrupts: A clock and counter can be used to implement regular interrupts (and context switches to the OS) through which we can avoid the possibility of getting stuck in an infinite user-space loop.
System calls provide a defined point of entry to the operating system, so that it can limit what functions are called by user programs. System calls allow user programs to request operating system services.
The main advantage of the layered approach to system design is modularity, this makes development, maintenance, debugging, and verification easier.
The advantage of the microkernel approach to system design is that the kernel is small, so it is easy to deal with (e.g. modify, port, verify security). The microkernel approach is also beneficial in that it allows for easy, user-space extension of capability. Separating policy and mechanism allows for greater flexibility, by leaving the policy decisions up to the administrator, user, or program. Changing policies, such as allowing users to share files or not, can be done easily without changing the mechanism (meaning code).
|