COMP6015 - SecOS Flashcards

Question

What is a Race Condition?

Answer 1

A race condition is where two or more threads attempt to access the same memory location or resource at the same time.

Answer 2

A Mutex or Semaphore is required to prevent multiple threads from accessing a resource at the same time. The Mutex or Semaphore should be placed around a Critical Region. The Critical Region is the area of code where the resource is needed. The Mutex or Semaphore will cause the program to wait at the Critical Region until it is safe to proceed.

Answer 3

Mutexes are basic locking objects with two states (locked and unlocked). Semaphores are non-negative integer counters used when you have multiple identical copies of a resource available and any of them can be used.

Answer 4

An Access Control List (ACL) is a technique of managing permissions in the file system.

Answer 5

Constant Angular Velocity - constant RPM. Constant Linear Velocity - adjusted RPM based on radius position.

Answer 6

(Number of Bytes Transferred) / (Time)

Answer 7

- First Come, First Served (FCFS) - Shortest Seek Time First (SSTF) - SCAN - LOOK

Answer 8

Shortest Seek Time First (SSTF) will rotate clockwise and anticlockwise to minimise the movement time and maximise the read/write time. SCAN will rotate in only one direction. SSTF is more efficient in terms of read/write time, however some requests may hang for a significant and unfair amount of time (if there are many requests on the opposite side of the platter). SCAN will avoid this starvation issue.

Answer 9

SCAN will search from start to end, then end to start and repeat. C-SCAN or Circular SCAN will search from start to end and then repeat.

Answer 10

Variants of SCAN and C-SCAN (respectively) that only reach the position of the final request before resetting, rather than the end of the disk.

Answer 11

Redundant Array of Independent Disks. A method of combining small disks to provide redundancy in case of a failure.

Answer 12

RAID 0 uses disk stripping to improve performance and capacity, but no redundancy is used meaning that a single drive failure will result in data loss.

Answer 13

RAID 1 uses disk mirroring where data is directly copied across multiple drives.

Answer 14

Data stripping at the bit level and uses Hamming for error correction. Not used in practice as it is too difficult and expensive.

Answer 15

Data stripping at the byte level with a dedicated parity disk. Parity disk can be a bottleneck; not used in practice.

Answer 16

Data stripping at the block level with dedicated parity disk. Good read performance; parity disk can be a bottleneck; rarely used today.

Answer 17

Data stripping at the block level (like RAID 4) but with parity distributed across all disks rather than having a dedicated parity disk. + Fault tolerance, read speed. - write speed, disk rebuild speed. Used for file servers.

Answer 18

Combination of RAID 0 (Stripping) and RAID 1 (Mirroring). + high performance and fault tolerance, can sometimes recover from multiple disk failures. - expensive (requires at least 4 disks), only 50% of storage is usable.

Answer 19

Performance: RAID 0 or RAID 10. Redundancy: RAID1 or RAID 10. Capacity Efficiency + Redundancy: RAID 5.

Answer 20

Similar to RAID 5 but uses double distributed parity meaning it can handle multiple disk failures at the cost of much slower write time.

Answer 21

The Operating System doesn't want to know the details of the storage system hardware, so access is conducted through an interface. This means, for example, that a network drive behaves the same as a local drive.

Answer 22

Inodes (or index nodes) store metadata about files and directories. They store: - File Type - Permissions - Owner (UID) and Group (GID) - File Size - Timestamps - (and a few others) But notably they do not store: - Filename (stored in the directory structure) - File content

Answer 23

FAT32 (File Allocation Table 32-bit) Uses a table to track where on disk files are stored. Table records Chains of Clusters (of Blocks). Each entry points to the next Cluster of the file, or marks the end of the file.

Answer 24

Directories are special files that contain a list of filenames with their cluster locations, sizes and some other attributes.

Answer 25

Unused Clusters are marked as free. When a new file is created, the system looks for free clusters.

Answer 26

USB storage devices, SD cards, external storage devices. Sometimes full computer system storage. However it's quite dated and its main benefit today is cross-platform compatibility.

Answer 27

NTFS (New Technology File System) Has a Master File Table (MFT) to store metadata about every file and directory. Small files can be stored directly in the MFT ('resident' files) for performance. Disk is split into Clusters (of around 4KB). Files larger than 1 Cluster will have all locations listed in the MFT. Directories are structured as B (Balanced) Trees for quick traversal. Journaling / Transition Log is used (before modification to the file system takes place) so that changes can be undone or replayed in the event of a crash. Uses Access Control Lists (ACLs). Supports Encrypted File System (EFS). Supports Symbolic Links.

Answer 28

HFS+ (Hierarchical File System Plus) - Partition Map to keep track of different partitions on the disk. - Allocation File tracks block usage. - Catalog file holds B (Balanced) Tree of file directory

Answer 29

APFS (Apple File System)

Answer 30

NTFS optimised for Windows; HFS+ optimised for Mac OS. HTFS supports more sophisticated Journaling. HTFS supports more sophisticated Access Control Lists (ACL). HTFS supports Encrypted File System (EFS). HTFS is optimised for SSDs. HTFS deals better with disk fragmentation.

Answer 31

FAT32 -> ExFAT NTFS -> ReFS (Windows) HFS+ -> APFS (Mac OS) ExFAT replaced FAT32; APFS replaced HFS+; ReFS is a more optimised alternative to NTFS for Windows Server only. Journaling is not present in FAT32 or ExFAT. It is more advanced in ReFS and APFS. Compression is only available in NTFS and HFS+. Encryption is available in NTFS, HFS+ and APFS. Fragmentation is best handled in ReFS and APFS; handled well in ExFAT and NTFS; poorly in HFS+; very poorly in FAT32. FAT32 and ExFAT have no crash protection. NTFS achieves it with Transaction Logs. ReFS with Self-healing. HFS+ with Journaling. APFS with Atomic Transactions. FAT32 - Best for compatibility. ExFAT - More robust than FAT32 at a slight cost to compatibility. NTFS - Secure with large volume support. ReFS - Scalable with data integrity, but only for Windows Server. HFS+ - Best Mac OS support APFS - Fast secure and robust, but only for modern Apple devices.

Answer 32

Journaling is where when data is updated, the old data is not actually replaced, but rather new nodes are created in a linked-list-like structure and the relevant references are updated.

Answer 33

ISO 9660 (High Sierra) - non-rewritable disks. ISO 13346 - rewritable disks.

Answer 34

To avoid Race Conditions, processes need to lock down resources. If two processes both need access to the same two resources and one process has a lock on one resource and the other on the other, you have an infinite loop where neither process can progress and return the resource. This kind of locking infinite loop is called a deadlock, and can sometimes be invoked from large chains of processes.

Answer 35

Mutual Exclusion. Hold and Wait. No Preemption (resource cannot be taken from a holding process). Circular Wait.

Answer 36

Deadlock Avoidance algorithm by Dijkstra. - Maximum - Allocated - Required - Available - Total You have matrices for Maximum and Allocated which tell you how many of each Resource each Process needs, and already has. You also have a matrix for Required, which is Maximum - Allocated. You have the number of each Resource that is still Available for allocation. You can compute the Total number of each Resource by summing Allocated for each Process and the Available.

Answer 37

Given the Maximum and Allocated matrices along with the Available Resources, compute the Required and Total. For each process, if Required < Available the process can complete and Available increases by Allocated for the process. Repeat until all processes have been completed or a full loop has run without completing any processes. If there are incomplete Processes and no more can be completed, you have a deadlock.

Answer 38

Miniframes have more users, so the OS role of an Interface becomes more important.

Answer 39

- All Systems - Fairness - Policy - Balance - System-critical - Batch Systems - Throughput - Turnaround time - CPU Utilisation - Interactive Systems - Response time - Active Windows - Real-time Systems - Meeting deadlines - Predictability

Answer 40

Creation Termination Process State Models Process Description Process Control Block (PCB) Process Switching and Interrupts.

Answer 41

A turn-based system to solve Race Condition issues. Main problem is that when a process doesn't use its turn, it will not pass its turn on to other processes that may need it.

Answer 42

A system to solve Race Condition issues. One critical region ticket is available. Process must claim the ticket before entering the critical section. Only one process may have the ticket at once. If a process doesn't need it, it doesn't prevent the others (solves issue of Strict Alternation).

Answer 43

[Definition] An organised collection of files, usually in a hierarchical structure.

Answer 44

[Definition] A discrete part of a file. Records can be single bytes or more complex data structures.

Answer 45

[Definition] The smallest chunks of individually addressable storage.

Answer 46

Confidentiality Integrity Availability Non-repudiation

Answer 47

- Don't claim any of the required resources unless they're all available. - If a process is waiting for more than some small but random amount of time, drop all held resources, pause and then try again.

Answer 48

The mapping between virtual memory addresses (that we use in programming) and physical memory in the device.

Answer 49

Because the virtual memory space we want to use is often larger than the physical space. (check this).

Answer 50

When we try to lookup a page from the Page Table and it is absent. (check this).

Answer 51

Not Recently Used R bit -recently accessed flag M bit - recently modified flag 4 classes (each combination of R and M) (find more info).

Answer 52

? The same as Second Chance replacement but uses a circular queue instead of a regular queue

Answer 53

12-bit offset leaves 64-12=52 bits for paging on a 64-bit machine (32-12=20 bits on 32-bit). This gives us the capacity for ~4PB of RAM which is not very practical. Instead,we can make use of an optimisation technique(?) (more info)

Answer 54

- Symbol Table - Source Text - Constants - Parse Tree - Call Stack

Answer 55

- Arc Injection prevention. - DMA protection? (find more).

Answer 56

- Security - Speed (parallel instruction/data access) (more?)

Answer 57

- Cost - Device efficiency? (if one is at capacity it cant use extra space from the other) (more?)

Answer 58

Adress Space Layout Randomisation (more info)

Answer 59

Executable Space Protection. (more info; reference buffer overflow)

Answer 60

Protection is internally-facing. Security is externally-facing.

Answer 61

Role-based Access Control. Permissions are set for roles rather than individuals.

Answer 62

Access Control Lists. Used by RBACs to store the permissions for each role. Contain Access Control Entries (ACEs).

Answer 63

Abstraction of a systems protection domain. Row labels = users/processes Column labels = objects Cells = permission levels

Answer 64

Principle of least privilege Principle of privilege separation KISS Principle

Answer 65

Monolithic Microkernel Hybrid (What about Modular Kernel?)

Answer 66

Monolithic has everything in one place which is efficient but can become very complex. Microkernel separates things out and delegates different functions to different processes, offering flexibility and modularity at the cost of performance. Monolithic might be preferable for performance-critical systems like simulation clusters, or just where the requirement specification itself is fairly simple.

Answer 67

(todo; reference buffer overflow)