Pages

Monday, June 14, 2021

 

Operating System Features and Structures

            Computer systems consist of hardware controlled by an operating system (OS). The kernel is dedicated code that runs in protected memory at the top of the OS hierarchy. It is a computer program that controls all resources available to the computer it runs on. It is always resident in memory and manages all interactions between processes. Figure 1 shows typical interactions in an OS. At the highest level, there are two major functions of the operating system. One is the management of hardware and software (managing resources), and the other is to provide an interface to applications.

            Resource management consists of a set of services or functions inside the kernel. These services include device, storage, memory, information management, process control, communications, error detection, and protection and security of the operating system.

            Operating systems’ application interfaces are typically user-accessible but also exist in the kernel and must request service using system calls. Error detection is an example of a function that can take place in the software application, but some operating systems also handle error detection at the hardware level. File management is a kernel service, and it is also a user-side function.


Figure 1 Operating system theory concept map

Processes and Threads

            Figure 2 illustrates processes and threads in a processor. A process is a program in execution. Silberschatz et al. (2014) state, "A process is the unit of work in a modern time-sharing system" (p. 105). A program becomes a process when it is loaded into memory. As a program, it is a list of instructions, but it becomes more as a process. The instruction section of the process is called the text section. As the process executes, its progress is tracked by a program counter. It keeps a copy of the current contents of the processor registers, maintains a stack for local variables and a data section for global variables. The process often contains a heap of memory for its use and communication with other processes.

            There are five process states. A process is in the new state while loading into memory then changes to the ready state. During process execution, it can be in one of three states. It is running when a processor is available, ready when waiting for the processor, and waiting when it needs data from an event or I/O. The final state is terminated when the process is complete or no longer needed.

            Each process is represented by a process control block (PCB) containing its current state, a process identifier, the value of its program counter, copies of CPU registers, CPU scheduling information, a list of open files, and I/O devices, and accounting information to aid in scheduling decisions. The PCB is especially useful when a process is swapped in or out of the processor. It can also be extended to allow multithreading.

            Motivations for using multi-threaded processes include taking advantage of the multi-processor architecture, allowing an application to do several things at once, and reducing the overhead of creating multiple processes. The benefits of single-threading is application responsiveness, threads can share the process memory space, less allocation overhead, and it is scalable across multiple processors.

            Multithreading models involve the relationship between user threads and kernel threads. A many-to-one model maps multiple user threads to a single kernel thread. This model is rarely used because it cannot take advantage of multi-core processors, and blocking calls stop the entire process. It would seem a one-to-one model would be the better way to go, but each user thread must create a corresponding kernel thread. Kernel threads are resource expensive and can reduce the performance if too many are implemented. This is the most common model in use. The many-to-many model solves the problems of the other two models by multiplexing the relationships between user and kernel threads.

            Every process has a critical section of code that changes something other processes can access. If two processes run their critical-section code at the same time, there will be corrupted data. To prevent this critical-section problem, we must ensure mutual exclusion between the progress of and bounded waiting for processes. Silberschatz et al. (2014) call this "a protocol that the processes can use to cooperate" (p. 206). While hardware protocols exist, programmers ensure their applications' processes use locks, semaphores, and priority inversion to prevent deadlocks.

            Bounded Waiting acts like a stack by storing the number of times each processes' critical section (CS) runs. Brais (2015) provided an excellent explanation, "the number of times other processes enter their CSs must be limited." Bounded Waiting uses progress to guarantee all CSs will eventually run.


Figure 2 Process states and multi-threading

Memory Management

            An objective of memory management is to provide direct access to physical memory for the operating system (OS). The base block of memory holds the operating system instructions. The amount of memory not consumed by the OS is then allocated using base and limit registers to define the extent available for processes. Only the OS can load these registers, effectively protecting the kernel and physical memory from direct access by user programs (Silberschatz et al., 2014, p.327).

            While memory management schemes provide exclusive access to the processor, it also extends the usable area of memory, by mapping virtual (logical) memory to physical addresses. Refer to Figure 3 depicts the memory-management unit (MMU) using a relocation register. The value in the relocation register binds the logical address to the physical address. These bindings can occur at three different times according to how the programmers write the instructions, compile time, load time, or run time.

            Several methods of memory allocation permit programs that are larger than the installed memory on a system to run. Dynamic loading only loads portions of the program in use, calling the less frequently used portions only when needed. Dynamic linking operates much the same way and also allows sharing of common libraries. Swapping and page files allow processes to be moved out of fast-access memory when other processes require prompt attention.


Figure 3 Memory management

File Management

            Memory is essential to the processor for getting work done, but an operating system (OS) would soon run out of work if it could not permanently store the work product. Building on the memory management concepts above, file management must keep track of external storage in many forms. A file is a logical unit of related data written to secondary storage (Silberschatz et al., 2014, p. 478). The secondary storage can be any number of devices designed for fast and reliable access by the I/O. The OS determines the file system particulars, but secondary storage devices can generally work with any system. The file structure used results from design decisions when implementing an OS.

            Files have predictable patterns that allow OSs to manipulate them. As the amount of external storage increases, so does the size of the directory of files. Rather than consume memory space, directories are stored on the storage device. The directory allows searching, creating, deleting, listing, and renaming files. As types of directories increase in complexity, the OS also needs to traverse the file system to perform backups. Figure 4 outlines five file structures.

            The simplest directory is one level; all files must have unique names, and all users have access. It is easy to implement but is not scalable, and data isolation is not easy. The two-level directory allows the separation of files per user but does not allow sharing files between directories. A tree-structured directory extends the two-level concept beyond a tree height of two, allowing users to create subdirectories and organize their files in groups according to function or project.

            We still cannot share files. This is where the acyclic graph directory structure comes in. By allowing users to share one file through different directory paths, they can collaborate without copying files back and forth. The general graph directory structure is perhaps the most useful because it is more flexible by allowing cycles (Geeksforgeeks, 2021). It requires garbage collection routines to remove dangling pointers when files are deleted, which increases processing overhead.


Figure 4 Five examples of file structures

            As software and hardware standardization increased, so did the number of different types of I/O devices. An OS must have device drivers for uniform access to the myriad devices on the market (Silberschatz et al., 2014, p. 565). We typically think of keyboards and pointing devices when we think about I/O, but there are many others. Smartphones have cameras, GPS receivers, accelerometers, and of course, the ubiquitous multi-touch screen that performs double duty as input and output. These devices must participate on a common bus to work with different processing platforms and memory configurations.

Protection and Security

         Domain protection principles are based on the goals of secure, private, and reliable processing. Operating system protection design only protects data and processes as far as it is enforceable by built-in mechanisms. A computer system consists of processes and objects, and processes should only have access to resources it needs to complete its work (Silberschatz et al., 2014, section 13.3). To achieve secure systems, the additional factors of physical access and user interface can lead to accidental or malicious data corruption or theft. An access matrix limits access to objects to authorized access by users and processes. It also restricts cross access to enforce privacy. An object-to-authorized use relationship works on the principle of least privilege.

        Figure 5 outlines domains represented by concentric circles with increasing privileges nearer the kernel. The access list shows how a shared workstation might implement protection. The grey rectangle represents security.

        Language-based protection extends the responsibility of the designers of operating systems to the programmers of applications. Hardware designs provide various protection strategies for implementing at the language level, and the language offers additional protections using data isolation principles of object-oriented design (OOD).


Figure 5 Protection and security overview 

Conclusion

         The concepts shared here are my interpretations of the content I read, researched, and discussed with my classmates during the past five weeks. My increased understanding of operating systems and the many types of hardware they control whets my curiosity to learn more about customizing operating systems to specific uses. As I continue learning about cyber and data security, I will use this knowledge guide experiments with dedicated purpose machines to increase my effectiveness as a future cyber warrior.

References

Brais, H. (2015, October 29). What is progress and bounded waiting in critical section? Stackoverflow. https://stackoverflow.com/questions/33143779/what-is-progress-and-bounded-waiting-in-critical-section#33409854

Geeksforgeeks. (2021, February 3). Structures of directory in operating system. https://www.geeksforgeeks.org/structures-of-directory-in-operating-system/

Silberschatz, A., Galvin, P., & Gagne, G. (2014). Operating Systems Concepts Essentials: 2nd Edition. https://redshelf.com/

Singh, T. (2016) A comparative study of disk scheduling algorithms. IJCST. http://www.ijcstjournal.org/volume-4/issue-1/IJCST-V4I1P6.pdf