[5] 1.5) In a multiprogramming and time-sharing environment, several users share the system simultaneously. This situation can result in various security problems.

a) What are two such problems?

1. One user can read the private data of another user - privacy.

2. One user can corrupt the private data of another user - integrity.

3. One user can prevent another user from getting anything done - denail of service.

b) Can we ensure the same degree of security in a time-shared machine as we have in a dedicated machine? Explain your answer.

There are two answers, either one correct.

Yes - if we can ensure that the operating system prevents any sharing of data between users, either for reading or writing, and fairly shares the computer, then we can achieve the same level of security.

No - we can never be sure that our software doesn't have bugs, so we can never be sure that we prevent all sharing of data and fairly allocate computer resources.

[5] 1.8: Under what circumstances would a user be better off using a time-sharing system, rather than a PC or single-user workstation.

A user is better off under three situations: when it is cheaper, faster, or easier. For example:

1. When the user is paying for management costs, and the costs are cheaper for a time-sharing system than for a single-user computer.

2. When running a simulation or calculationg that takes too long to run on a single PC or workstation.

3. When a user is travelling and doesn't have laptop to carry around, they can connect remotely to a time-shared system and do their work.

[5] 1.x: The chapter stresses the need for an OS to make efficient use of computing resources -- is this really as necessary on a single-user PC with, e.g., a 3 GHz processor?

This is not as necessary as it once was - computers now have enough RAM and disk space that they can afford to waste some, particularly to make the computer easier to use. In addition, it may make sense to do things in a less efficient, but simpler and less error prone fashion to improve security and reliability. However, most users occasionally overtax their machine, either through gaming or other CPU and memory intensive programs, and to make the computer feel responsive the OS has to effectively share the resources.

[5] 2.3: What are the differences between a trap and an interrupt? What is the use of each function?

Answer from lecture: an interrupt is an asynchronous (can happen at any point in the execution of a program) signal to the processor, usually from a peripheral, to execute some service code.

Answer from the book: an interrupt is any event which must be handled by the operating system.

A trap is a synchronous, software generated signal (caused by a particular program instruction) to the processor to execute some operating system code. The trap may be requested (via a trap instruction) or the result of an error, such as an illegal memory access.

Interrupts, as defined in lecture, are used for external devices to signal the processor to execute some service code, such as transferring data. Traps are used both for controlled transfers between user code and the operating system, via system calls, and for error handling.

[10] 2.9: Give two reasons why caches are useful. What problems do they solve? What problems to they cause? If a cache can be made as large as the device for which caching (for instance, as large as a disk), why not make it that large and eliminate the device?

1. Caches allow faster access to data by storing data in a physically faster device (e.g. memory instead of disk).

2. Caches reduce the cost of finding data by requiring only a small number of items be searched.

3. Caches reduce the load on a slow physical devices, by handling most accesses to data on a faster, more capable device.

Caches solve the problem of slow data access, by keeping needed data in a cheap-to-access place.

Caches cause consistency problems, because the real data (for example, on disk) may be different than the cache.

Making a cache as large as the device may be useful if it can be made fast. However, the device is still needed to store data when power is turned off.

[5] 2.10: Writing an operating system that can operate without interference from malicious or undebugged user programs requires hardware assistance. Name three hardware aids for writing an operating system, and describe how they could be used to protect the operating system.

- Dual-mode bit: Allows hardware-level distinction between user and system modes and hence protects the OS from malicious or faulty user programs by restricting dangerous behavior to system mode operation.

- Memory protection (base and limit registers or page tables): Base and limit registers effectively define the legal address range of a program and as such, they allow the CPU to check that every address a program generates is legal, protecting operating system memory from malicious or wonton accesses.

- Fixed-rate clock and counter for interrupts: A clock and counter can be used to implement regular interrupts (and context switches to the OS) through which we can avoid the possibility of getting stuck in an infinite user-space loop.

[5] 3.7: What is the purpose of system calls?

System calls provide a defined point of entry to the operating system, so that it can limit what functions are called by user programs. System calls allow user programs to request operating system services.

[5] 3.11: What is the main advantage of the layered approach to system design?

The main advantage of the layered approach to system design is modularity, this makes development, maintenance, debugging, and verification easier.

[5] 3.12: What is the main advantage of the microkernel approach to system design?

The advantage of the microkernel approach to system design is that the kernel is small, so it is easy to deal with (e.g. modify, port, verify security). The microkernel approach is also beneficial in that it allows for easy, user-space extension of capability.

[5] 3.15: Why is the separation of policy and mechanism a desirable principle?

Separating policy and mechanism allows for greater flexibility, by leaving the policy decisions up to the administrator, user, or program. Changing policies, such as allowing users to share files or not, can be done easily without changing the mechanism (meaning code).