DM510
Week 21 | DM510

Weekly Notes for Week 21

In Week 21 we will briefly recap Chapter 18 (Virtualization), I will briefly discuss (important) parts of the non-mandatory Chapter 19 (Networks and Distributed Systems).

Tutorial Session Week 21

Please prepare for week 21 the following exercises:

Chapter 15

  1. (repetition) Explain how the VFS layer allows an operating system to support multiple types of file systems easily.

  2. Why have more than one file system type on a given system?

  3. On a Unix or Linux system that implements the procfs file system, determine how to use the procfs interface to explore the process name space. What aspects of processes can be viewed via this interface? How would the same information be gathered on a system lacking the procfs file system?

  4. Why do some systems integrate mounted file systems into the root file system naming structure, while others use a separate naming method for mounted file systems?

  5. Given a remote file access facility such as ftp, why were remote file systems like NFS created?

  6. (important, specifically (b)) Given a mounted file system with write operations underway, and a system crash or power loss, what must be done before the file system is remounted if: (a) The file system is not log-structured? (b) The file system is log-structured?

  7. Why do operating systems mount the root file system automatically at boot time?

  8. (important) Why do operating systems require file systems other than root to be mounted?

Chapter 16

  1. (important) Buffer-overflow attacks can be avoided by adopting a better programming methodology or by using special hardware support. Discuss these

  2. (important) What is the purpose of using a “salt” along with a user-provided password? Where should the salt be stored, and how should it be used? Answer:

  3. (important) An experimental addition to UNIX allows a user to connect a watchdog program to a file. The watchdog is invoked whenever a program requests access to the file. The watchdog then either grants or denies access to the file. Discuss two pros and two cons of using watchdogs for security.

  4. Make a list of six security concerns for a bank’s computer system. For each item on your list, state whether this concern relates to physical, human, or operating-system security.

  5. What commonly used computer programs are prone to man-in-themiddle attacks? Discuss solutions for preventing this form of attack.

  6. (important) Why doesn’t $D_{kd,N} (E_{ke,N} (m))$ provide authentication of the sender? To what uses can such an encryption be put?

  7. (important) Mobile operating systems such as iOS and Android place the user data and the system files into two separate partitions. Aside from security, what is an advantage of that separation?

Chapter 17

  1. (very important) What are the main differences between capability lists and access lists?

  2. A Burroughs B7000/B6000 MCP file can be tagged as sensitive data. When such a file is deleted, its storage area is overwritten by some random bits. For what purpose would such a scheme be useful?

  3. (important, repetition)In a ring-protection system, level 0 has the greatest access to objects, and level n (where n > 0) has fewer access rights. The access rights of a program at a particular level in the ring structure are considered a set of capabilities. What is the relationship between the capabilities of a domain at level j and a domain at level i to an object (for j > i)?

  4. The RC 4000 system, among others, has defined a tree of processes (called a process tree) such that all the descendants of a process can be given resources (objects) and access rights by their ancestors only. Thus, a descendant can never have the ability to do anything that its ancestors cannot do. The root of the tree is the operating system, which has the ability to do anything. Assume that the set of access rights is represented by an access matrix, A. A(x,y) defines the access rights of process x to object y. If x is a descendant of z, what is the relationship between A(x,y) and A(z,y) for an arbitrary object y?

  5. What protection problems may arise if a shared stack is used for parameter passing?

  6. Consider a computing environment where a unique number is associated with each process and each object in the system. Suppose that we allow a process with number n to access an object with number m only if n > m. What type of protection structure do we have?

  7. Consider a computing environment where a process is given the privilege of accessing an object only n times. Suggest a scheme for implementing this policy.

  8. If all the access rights to an object are deleted, the object can no longer be accessed. At this point, the object should also be deleted, and the space it occupies should be returned to the system. Suggest an efficient implementation of this scheme.

  9. (important) Why is it difficult to protect a system in which users are allowed to do their own I/O?