C191: Operating Systems for Programmers

Secure

Protects the integrity of a system. A system whose resources are used and accessed as intended under all circumstances.

Cracker

Someone attempting to breach security.

Threat

The potential for a security violation.

Attack

An attempt to break security.

Denial-of-Service (DoS)

An attack that attempts to disrupt or prevent legitimate use of a system.

Trojan Horse

A code segment that tries to misuse its environment.

Virus

A malicious fragment of code embedded in a legitimate program.

Worm

Similar to a virus, but self replicates throughout a network.

Domain

Specifies resources a process may access. Specifies a set of objects and the operations that may be invoked on those objects. Set of access rights.

Protection

A mechanism for controlling the access of programs, processes, or users to the resources defined by a computer system.

Security

Requires not only an adequate protection of system, but also consideration of the external environment within which the system operates (i.e., threats and attacks).

Breach of Confidentiality

Gaining access to information, credit card numbers, personal information, etc.

Breach of Integrity

Modified data.

Breach of Availability

Destruction of data.

Theft of Service

Unauthorized use of resources such as using a server as a personal file server.

Trap Door

A hole purposely left in a software program that only the programmer is capable of using.

UNIX Domain Association

A UNIX domain is associated with a user.

Masquerading

The most common method used by an attacker.

Principle of Least Privilege

Where just enough privilege is given to perform a task.

Need-to-Know Principle

Where a process is only given access to resources it currently needs.

Copy and Owner Rights

Rights needed to change entries in a column of an access matrix.

Control Rights

Rights needed to change entries in a row of an access matrix.

Role-Based Access Control

A type of control where privileges and programs are assigned roles, and users are assigned roles based on passwords.

Compiler-Based Enforcement

A type of enforcement where protection needs are declared rather than programmed.

Kernel-Based Enforcement

Enforcement provided by the subsystem designer.

The 4 Levels of Security

Physical - site must be secured.
Human - only appropriate users have access.
OS - system must be able to protect itself.
Network - network must be secured.

Logic Bomb

A security incident initiated when certain logical conditions are met.

Stack and Buffer Overflow

A tactic used to gain access to a system by writing into the stack so that a return address will specify malicious code to be run.

Symmetric Encryption

A type of encryption where the same key is used to encrypt and decrypt.

Asymmetric Encryption

A type of encryption where 2 different keys are used to encrypt and decrypt.

Encryption

Places constraints on the receivers.

Authentication

Places constraints on the senders.

SSL

Allows two computers to communicate securely.

Passwords

The most common authentication mechanism.

Digital Certificate

A public key that has been digitally signed by a certificate authority.

Paired Passwords

One is provided by the system and the other is provided by the user.

Two-Factor Authentication

Authentication using something you know and something you have.

Intrusion Detection System (IDS)

Detects attempted or successful intrusions into a system or network.

Intrusion Prevention System (IPS)

Detects and attempts to prevent an intrusion into a system or network.

Port

A connection point via which an OS communicates with a device.

PCI Bus

The common system bus connecting the process-memory subsystem to fast devices.

Interrupt

The hardware mechanism that enables a device to notify the CPU.

Buffer

A memory area that stores data being transferred between two devices or between a device and an application.

Cache

A region of fast memory that holds copies of data.

Platter

A circular, metal disk used for the magnetic storage of data within a hard-disk drive.

iSCSI

A network-attached storage protocol, utilizing the IP network protocol to carry the SCSI protocol, instead of using SCSI cables.

Logical Formatting

The creation of a file system.

Network Attached Storage (NAS)

A special-purpose storage system that is accessed remotely over a data network.

Solid State Disk (SSD)

Utilizes non-volatile memory (DRAM) to behave like a traditional disk drive but utilizes no moving parts. Has no latency or seek times.

File

A logical storage unit as defined by the OS.

Text File

A sequence of characters organized into lines, possibly pages.

Source File

A sequence of functions, further organized as declarations followed by an executable statement.

Executable File

A series of code sections that the loader can bring into memory and execute.

Name

A file attribute defining the symbolic file name in human-readable format.

Identifier

A unique tag which identifies a file within the file system in non-human-readable format.

Open-File Table

An OS table containing information about all open files.

Sequential Access

An access method where the information in the file is processed in order, one record after another.

Direct Access

An access method allowing programs to read and write records rapidly in no particular order.

Sector

A subdivision of a track, usually 512 bytes.

Track

A circular path on the surface of a disk, broken up into sectors.

Cluster

Multiple blocks grouped together.

Block

A sector or group of sectors that the operating system can address. The smallest unit of transfer.

Common File Attributes

Name, identifier, type, location, size, protection, time, date, and user information.

Control Register

Can be written to by the host to start a command or to change the mode of an I/O device.

Status Register

Contains bits that can be read by the host to convey the status of I/O devices.

Data-Out Register

Written by the host to send output to I/O devices.

Data-In Register

Read by the host to get input from I/O devices.

Constant Linear Velocity (CLV)

Where the density of bits per track is uniform and the speed changes.

Constant Angular Velocity (CAV)

The density of bits decreases from inner tracks to outer tracks to keep the data rate constant.

Low-Level Formatting (Physical Formatting)

Divides and fills the disk with a special data structure for each sector. Must be done before a disk can store data.

PCI Express (PCIe)

Has a throughput of up to 16 GB per second.

HyperTransport

Has a throughput of up to 25 GB per second.

Interrupt-Controller Hardware Features

The ability to defer interrupt handling during critical processing.

An efficient way to dispatch to the proper interrupt handler for a device without first polling all the devices to see which one raised the interrupt.

Multilevel interrupts, so that the operating system can distinguish between high- and low-priority interrupts and can respond with the appropriate degree of urgency.

Direct Memory Access (DMA) Controller

A special processor that avoids programmed I/O by writing a command block into memory. This block contains a pointer to the source of a transfer, a pointer to the destination of the transfer, and a count of the number of bytes to be transferred. The CPU writes the address of this command block to the controller.

Block-Device Interface

Captures all the aspects necessary for accessing disk drives and other block-oriented devices.

Character-Stream Interface

A set of basic system calls that an application can use to get() or put() one character.

Raw

I/O accesses a block device as a simple array of blocks, bypasses all file system services.

Contiguous Allocation

File occupies a set of contiguous blocks on the disk and can be accessed using sequential or direct access.

Blocking System Call

Wherein the execution of the application is suspended.

Spool

A buffer that holds output for a device that cannot accept interleaved data streams.

Sense Key

Identifies the general nature for a failure in a SCSI device.

Additional Sense Code

States the category of failure, such as a bad command parameter or a self-test failure.

Additional Sense Code Qualifier

Gives even more detail, such as which command parameter was in error or which hardware subsystem failed its self-test.

Terminal Concentrator

A front-end processor that multiplexes the traffic from hundreds of remote terminals into one port on a large computer.

Local I/O Ports

Where host-attached storage is accessed.

I/O Processing Improvement

Can be done by moving processing primitives into hardware.

Swap Space Management

The main goal for the design and implementation of swap space is to provide the best throughput for the virtual memory system.

RAID 5

The most common RAID level.

First-Come-First-Serve (FCFS) Disk Head Scheduling Algorithm

A disk head scheduling algorithms that does not take into account the current position of the disk head.

Linked Allocation

The file-allocation table (FAT) used in MS-DOS is an example of this.

Immutable File Key Properties

Its name may not be reused and its contents may not be altered.

Mount Point

The location within the file structure where the file system is to be attached.

Write-Anywhere File Layout (WAFL)

Used exclusively on networked file servers where clones are similar to snapshots and part of the caching uses non-volatile RAM (NVRAM).

Storage Area Network (SAN)

A private network connecting servers and storage units.

Unified Buffer Cache

Contains the same pages for memory-mapped I/O as well as ordinary I/O.

Double Caching

Where the contents of the file in the buffer cache are copied into the page cache. Wastes memory and significant CPU and I/O cycles.

DMA Controller Port Location

000-00F.

Interrupt Controller Port Location

020-021.

Game Controller Port Location

200-20F.

Serial Port (Secondary) Port Location

2F8-2FF.