Week 6: Capabilities Advanced Operating Systems ( L)
|
|
- Albert Arnold
- 5 years ago
- Views:
Transcription
1 Week 6: Capabilities Advanced Operating Systems ( L) Timothy Roscoe Herbstsemester Systems Group Department of Computer Science ETH Zürich 1
2 Milestone 5: A memory manager Barrelfish uses capabilities to refer to memory regions You ve seen them in milestone 4 Today: Capabilities in general Memory management using capabilities The Barrelfish capability system 2
3 Overview for today Access control Access control lists vs. capabilities Capabilities and the Confused Deputy Implementation options Tagged capabilities Sparse capabilities Partitioned capabilities Memory management Capabilities in Barrelfish 3
4 Access control matrix Representation/definition of permissible operations in a system Objects Subjects user 1 user 2 user 3 file 1 file 2 user 1 Send msg RW R user 2 Send msg RW user 3 Set passwd Set passwd Set passwd R Subjects: users, processes, groups, etc. Objects: other users/processes, files, memory objects, etc. Privileges/rights: depends on object for file: read, write, execute, etc. 4
5 Access control matrix properties Dynamic data structure, frequent changes Very sparse with many repeated entries Impractical to store explicitly Most common discretionary mechanisms: Access control list: stores a column (who can access this) Capabilities: store a row (what this can access) 5
6 Issues for discretionary access control Propagation: Can a subject grant access to another? Restriction: Can a subject propagate a subset of its own rights? Revocation: Can access, once granted, be revoked? Amplification: Can an unprivileged subject perform restricted operations? Determination of object accessibility: Which subjects have access to a particular object? Is an object accessible by any subject? (garbage collection) Determination of subject s protection domain: Which objects are accessible to a particular subject? 6
7 Access control lists Implemented by most commodity systems ACL associated with object Propagation: meta right (eg. owner may chmod) Restriction: meta right Revocation: meta right Amplification: protected invocation right (eg. setuid) Accessibility: explicit in ACL Protection domain: hard (if not impossible) to determine Usually condensed via groups / classes Can have negative rights Sometimes implicit (eg. UNIX process hierarchy) 7
8 UNIX ACLs Despite modern terminology, classic UNIX privileges are a (restricted) ACL representation ACL rights subject (owner) subject (group) object Permissions for other are an implicit group of subjects 8
9 Capabilities Capability list associated with subject Each capability confers a certain right to its holder Propagation: copy/transfer capabilities between subjects Restriction: requires creation of new (derived) caps Revocation: requires invalidation of caps from all subjects (may be difficult) Amplification: special invocation capability Accessibility: requires inspection of all capability lists (hard if not impossible to determine) Protection domain: explicit in capability list 9
10 (Partial) history of capability systems 1961 Burroughs B Dennis and Van Horn s supervisor 1967 MIT PDP 1 Timesharing System Chicago Magic Number Machine 1968 Berkeley CAL TSS 1972 Plessey System Cambridge CAP Computer 1974 CMU Hydra; then StarOS Gnosis, KeyKOS, Eros, Coyotos 1980 present 1981 Intel iapx Linn Rekursiv 2005 present 2009 present IBM System/38, AS/400, iseries, System i, sel4 Capsicum (BSD) 10
11 Capabilities Main advantage of capabilities is fine grained access control Easy to provide access to specific subjects Easy to delegate permissions to others A cap presents prima facie evidence of right to access Think of it as a key Any representation must protect capabilities against forgery Consists of object identifier and a set of access rights Implies object naming Solves the confused deputy problem 11
12 The Confused Deputy Source file Compiler Compiler has authority to write accounting file User supplies object filename, authorized to write Accounting file System volume Object file User directory 12
13 The Confused Deputy Regular command line: cc o ~/program program.c But what about:? Oh dear cc o /var/spool/accounts program.c 13
14 The Confused Deputy Compiler has two masters: User System accounting Acquires blanket authority from both Compiler Compiler has authority to write accounting file User supplies object filename, authorized to write Accounting file System volume Object file User directory 14
15 Solution using capabilities Source file + Output file Capability: File Compiler Compiler has authority to write accounting file Accounting file User supplies object filename, authorized to write Accounting file System volume Object file User directory 15
16 How are capabilities implemented and protected? 1. Tagged: protected by hardware 2. Sparse: protected by sparsity (probabilistically secure, like encryption 3. Partitioned: protected by software 16
17 Tagged capabilities AKA hardware capabilities Extra tag bit with every memory word (or group thereof) Tag identifies capabilities Capabilities may be used and copied like normal pointers Hardware checks permissions when dereferencing capability Modifications turn the tag off (reverting caps to plain data) Only the kernel can turn a tag bit on Propagation easy Restriction requires kernel to create new (weaker) capability Revocation virtually impossible (requires memory scan) Accessibility virtually impossible to determine 17
18 Tagged capabilities outside RAM Disk has no tags AS/400 simulates them by restricting physical I/O to the low level OS Extra bit stored for every word on disk Page out page scanned and tags collected Page in tags are reconstructed Significant processing overhead on all disk I/O 18
19 Tagged capabilities: summary Secure through hardware protection Convenient for applications (appear as normal pointers) Checked by hardware fast validation Capability hardware is complex (hence slow) Separate mechanisms required for I/O and distribution 19
20 Sparse capabilities Basic idea similar to encryption: Add bit string to capability Makes valid capabilities a tiny subset of the capability space Secure by infeasibility of exhaustive search of cap space 20
21 Encrypted sparse capabilities Object ID rights Encrypt Object ID rights Signature Signature: bit string is encrypted object info Cap consists of object ID, rights, and signature Signature = object ID and rights encrypted with a private key Validated by checking signature 21
22 Password capabilities Capability: Object ID Password Global object table: OID Password Rights Password: bit string is random data Cap consists of object ID, and password Rights determined by looking up password in a global object table 22
23 Sparse capabilities: summary Sparse caps are regular user level objects Can be passed like other data Similar to tagged caps, but without hardware support Validated at invocation time (either explicitly or implicitly) Issues: Full mediation requires extra support See Mungi High amplification of leaked data Problem with covert channels 23
24 Partitioned capabilities System maintains capabilities for each process, eg. as a capability list (clist) User code uses only handles (indirect references) to caps System validates access when performing any privileged operation (eg. mapping a page) Validation is explicit at syscall time Propagation: system call to copy a cap between clients Restriction: invoke kernel to create new cap Revocation: invoke kernel to remove cap from clist Accessibility: requires scanning all clists Protection domain: explicitly represented in clist Used in Hydra, Mach, KeyKOS, EROS, sel4, Barrelfish, many others 24
25 Memory partitioning CNode capabilities: Storage for capability representations Divided into slots Unreadable from user space! Frame capabilities May be mapped into user virtual address space Multiple of page size There must never be an area of memory referred to by both a CNode cap and a Frame cap! 25
26 Partitioned capabilities: summary Secure through kernel protection Real caps live only in kernel space Validation at mapping/invocation time Apps use normal pointers Fast validation possible (for memory objects, validation is cached by MMU) Propagation requires kernel intervention Reference counting and revocation possible with kernel support No special hardware requirements 26
27 Allocation and management of physical memory Problem: Most kernels use dynamic allocation (malloc) for metadata What do you do when it runs out? sel4 model, extended in Barrelfish: All physical memory manipulated as partitioned capabilities Memory not used for bootstrap is initially untyped User controls allocation Retyping Splitting No dynamic allocation performed in kernel! 27
28 Barrelfish design decision Provide one general mechanism for tracking all OS resources Disadvantages: Mechanism must be fully general (more complex than point solutions) Potential performance hit for some operations (price of generality) Advantages: Solve this once, everything works Provides insight into the general problem for multicore hardware good from research perspective 28
29 Capabilities in Barrelfish All memory described using capabilities Along with some other system resources Capabilities are typed type of memory Memory can be retyped by its owner Subject to certain rules Memory regions can be split Result: 2 new capabilities, of the same type One for each half 29
30 Partitioned capabilities (CAP, sel4, KeyKOS, etc.) All memory regions referred to by typed capabilities CNode Frame cap. CNode cap. Dispatcher cap. Null cap. Mappable RAM Frame cap. Frame cap. Frame cap. Frame cap. Dispatcher control block 30
31 Capabilities in Barrelfish Partitioned capabilities are used CNode memory type holds capabilities Every domain has a set of capabilities The CSpace Represented as a guarded page table Root is held in the DCB Capabilities are named by a capref Address in this GPT. 31
32 Capabilities in Barrelfish Each type supports a set of operations: Think of them a bit like object references Most system calls actually capability operations Restrictions on operations enforce invariants E.g. It should be impossible to construct a bad page table from user space 32
33 (Almost) complete capability type system Frame PhysAddr DevFrame RAM Dispatcher CNode EndPoint FCNode Null VNode_x86_64_pml4 Kernel Notify Domain IRQTable IO VNode_x86_64_pdpt VNode_x86_64_pdir VNode_x86_64_ptable Retype operations VNode_x86_32_pdpt BMPEndPoint VNode_x86_32_pdir BMPTable VNode_x86_32_ptable VNode_ARM_l1 VNode_ARM_l2 33
34 Specifying capability types sel4 used a small, fixed number of capability types Hardcoded into kernel, key to the design Barrelfish uses types freely Goal: support heterogeneous architectures Different types for all page table pages, etc. How to manage complexity of type system? 34
35 Hamlet cap Null is_never_copy { /* Null/invalid object type */ }; cap PhysAddr from_self { /* Physical address range (root of cap tree) */ }; Empty capability slot Any physical address region Retyping from self can be split into parts address genpaddr base; /* Base address of untyped region */ size_bits uint8 bits; /* Address bits that untyped region bears */ Can be retyped from PhysAddr /** The following caps are similar to the previous one **/ cap RAM from PhysAddr from_self { /* RAM memory object */ A physical address region containing RAM }; address genpaddr base; /* Base address of untyped region */ size_bits uint8 bits; /* Address bits that untyped region bears */ 35
36 Hamlet cap CNode from RAM { /* CNode table, stores further capabilities */ lpaddr cnode; /* Base address of CNode */ uint8 bits; /* Number of bits this CNode resolves */ caprights rightsmask; uint8 guard_size; /* Number of bits in guard */ caddr guard; /* Bitmask already resolved when reaching this rights CNode mask */ address { cnode }; size_bits { bits + cte_size }; Includes guarded page table information and }; cap Frame from RAM from_self { /* Mappable memory frame */ RAM caps cannot be mapped (why?) Frame caps can. }; address genpaddr base; /* Physical base address of frame */ size_bits uint8 bits; /* Address bits this frame bears */ 36
37 Hamlet /* ARM specific capabilities: */ cap VNode_ARM_l1 from RAM { /* L1 Page Table */ address genpaddr base; /* Base address of VNode */ size_bits { vnode_size }; }; Page table pages have their own types! cap VNode_ARM_l2 from RAM { /* L2 Page Table */ address genpaddr base; /* Base address of VNode */ size_bits { vnode_size }; }; 37
38 Hamlet cap Dispatcher from RAM { /** The Dispatcher is a special case that can be retyped several times to an end point **/ can_retype_multiple; }; "struct dcb" dcb; /* Pointer to kernel DCB */ address { mem_to_phys(dcb) }; size_bits { dispatcher_size }; Dispatcher control blocks are user allocated kernel objects cap EndPoint from Dispatcher { /* IDC endpoint */ "struct dcb" listener; /* Dispatcher listening on this endpoint */ lvaddr epoffset; /* Offset of endpoint buffer in disp frame */ }; uint32 epbuflen; /* Length of endpoint buffer in words */ address { mem_to_phys(listener) }; We ll see endpoints later: they allow communication with domains 38
39 Capability references Referring to capabilities from user space struct cnoderef { capaddr_t address; ///< Base address of CNode in CSpace uint8_t address_bits; ///< Number of valid bits in base address uint8_t size_bits; ///< Number of slots in the CNode as a power of 2 uint8_t guard_size; ///< Guard size of the CNode } attribute ((packed)); struct capref { struct cnoderef cnode; ///< CNode this cap resides in capaddr_t slot; ///< Slot number within CNode }; 39
40 Copying, retyping, and minting All operations must specify Source capability (in some CSpace slot) Destination slot (also in CSpace) Examples: Simple copy Retype (including split) Mint (changing rights) 40
41 A good design decision? Leads to a complex interface Overgenerality? Hard to do resource specific optimizations When it works, very sound basis User level resource management Solid security foundation Can t exhaust kernel resources Decide for yourself! 41
Chapter 13: Protection. Operating System Concepts Essentials 8 th Edition
Chapter 13: Protection Operating System Concepts Essentials 8 th Edition Silberschatz, Galvin and Gagne 2011 Chapter 13: Protection Goals of Protection Principles of Protection Domain of Protection Access
More informationChapter 14: Protection. Operating System Concepts 9 th Edition
Chapter 14: Protection Silberschatz, Galvin and Gagne 2013 Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection Access Matrix Implementation of Access Matrix Access
More informationChapter 17: System Protection
Chapter 17: System Protection Chapter 17: System Protection Goals of Protection Principles of Protection Domain of Protection Access Matrix Implementation of Access Matrix Access Control Revocation of
More information? Resource. Announcements. Access control. Access control in operating systems. References. u Homework Due today. Next assignment out next week
Announcements Access control John Mitchell u Homework Due today. Next assignment out next week u Graders If interested in working as grader, send email to Anupam u Projects Combine some of the project
More informationSilberschatz and Galvin Chapter 19
Silberschatz and Galvin Chapter 19 Protection CPSC 410--Richard Furuta 4/26/99 1 Protection Goals of protection schemes Domain of protection Mechanisms Ð access matrix implementation of access matrix revocation
More informationModule 19: Protection
Module 19: Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based Systems Language-Based Protection 19.1 Protection
More informationChapter 14: System Protection
Chapter 14: System Protection, Silberschatz, Galvin and Gagne 2009 Chapter 14: System Protection Goals of Protection Principles of Protection Domain of Protection Access Matrix Implementation of Access
More informationCOS 318: Operating Systems. File Systems. Topics. Evolved Data Center Storage Hierarchy. Traditional Data Center Storage Hierarchy
Topics COS 318: Operating Systems File Systems hierarchy File system abstraction File system operations File system protection 2 Traditional Data Center Hierarchy Evolved Data Center Hierarchy Clients
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 3.2: OS Security Access Control Endadul Hoque Slide Acknowledgment Contents are based on slides from Ninghui Li (Purdue), John Mitchell (Stanford), Bogdan Carbunar (FIU)
More informationModule 19: Protection
Module 19: Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based Systems Language-Based Protection Operating System
More informationRESOURCE MANAGEMENT MICHAEL ROITZSCH
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group RESOURCE MANAGEMENT MICHAEL ROITZSCH AGENDA done: time, drivers today: misc. resources architectures for resource
More informationRESOURCE MANAGEMENT MICHAEL ROITZSCH
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group RESOURCE MANAGEMENT MICHAEL ROITZSCH AGENDA done: time, drivers today: misc. resources architectures for resource
More informationStorage and File System
COS 318: Operating Systems Storage and File System Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall10/cos318/ Topics Storage hierarchy File
More informationAccess Control Mechanisms
Access Control Mechanisms Week 11 P&P: Ch 4.5, 5.2, 5.3 CNT-4403: 26.March.2015 1 In this lecture Access matrix model Access control lists versus Capabilities Role Based Access Control File Protection
More informationModule 4: Access Control
Module 4: Access Control Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University, Jackson, MS 39232 E-mail: natarajan.meghanathan@jsums.edu Access Control In general,
More informationWe ve seen: Protection: ACLs, Capabilities, and More. Access control. Principle of Least Privilege. ? Resource. What makes it hard?
We ve seen: Protection: ACLs, Capabilities, and More Some cryptographic techniques Encryption, hashing, types of keys,... Some kinds of attacks Viruses, worms, DoS,... And a distributed authorization and
More informationToday: Protection! Protection!
Today: Protection! Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based Systems Language-Based Protection Lecture 27, page
More informationProtection. CSE473 - Spring Professor Jaeger. CSE473 Operating Systems - Spring Professor Jaeger
Protection CSE473 - Spring 2008 Professor Jaeger www.cse.psu.edu/~tjaeger/cse473-s08/ Protection Protect yourself from untrustworthy users in a common space They may try to access your resources Or modify
More informationCSE543 - Introduction to Computer and Network Security. Module: Operating System Security
CSE543 - Introduction to Computer and Network Security Module: Operating System Security Professor Trent Jaeger 1 OS Security An secure OS should provide (at least) the following mechanisms Memory protection
More informationRicardo Rocha. Department of Computer Science Faculty of Sciences University of Porto
Ricardo Rocha Department of Computer Science Faculty of Sciences University of Porto Slides based on the book Operating System Concepts, 9th Edition, Abraham Silberschatz, Peter B. Galvin and Greg Gagne,
More informationStorage and File Hierarchy
COS 318: Operating Systems Storage and File Hierarchy Jaswinder Pal Singh Computer Science Department Princeton University (http://www.cs.princeton.edu/courses/cos318/) Topics Storage hierarchy File system
More informationChapter 12. File Management
Operating System Chapter 12. File Management Lynn Choi School of Electrical Engineering Files In most applications, files are key elements For most systems except some real-time systems, files are used
More informationCOS 318: Operating Systems
COS 318: Operating Systems File Systems: Abstractions and Protection Jaswinder Pal Singh Computer Science Department Princeton University (http://www.cs.princeton.edu/courses/cos318/) Topics What s behind
More informationToday: Protection. Sermons in Computer Science. Domain Structure. Protection
Sermons in Simplicity Performance Programming as Craft Information is Property Stay Broad Ack: Tom Anderson, U. Washington Today: Protection Goals of Protection Domain of Protection Access Matrix Implementation
More informationVirtual Memory. Patterson & Hennessey Chapter 5 ELEC 5200/6200 1
Virtual Memory Patterson & Hennessey Chapter 5 ELEC 5200/6200 1 Virtual Memory Use main memory as a cache for secondary (disk) storage Managed jointly by CPU hardware and the operating system (OS) Programs
More informationData Security and Privacy. Unix Discretionary Access Control
Data Security and Privacy Unix Discretionary Access Control 1 Readings for This Lecture Wikipedia Filesystem Permissions Other readings UNIX File and Directory Permissions and Modes http://www.hccfl.edu/pollock/aunix1/filepermissions.htm
More informationPROCESS VIRTUAL MEMORY. CS124 Operating Systems Winter , Lecture 18
PROCESS VIRTUAL MEMORY CS124 Operating Systems Winter 2015-2016, Lecture 18 2 Programs and Memory Programs perform many interactions with memory Accessing variables stored at specific memory locations
More informationOS Extensibility: SPIN and Exokernels. Robert Grimm New York University
OS Extensibility: SPIN and Exokernels Robert Grimm New York University The Three Questions What is the problem? What is new or different? What are the contributions and limitations? OS Abstraction Barrier
More informationToday: Protection. Protection
Today: Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based Systems Language-Based Protection 1 Protection Operating
More informationSecure Architecture Principles
CS 155 Spring 2016 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Acknowledgments: Lecture slides are from
More informationOperating Systems. Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring Paul Krzyzanowski. Rutgers University.
Operating Systems Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring 2014 Paul Krzyzanowski Rutgers University Spring 2015 April 22, 2015 2015 Paul Krzyzanowski 1 Question 1 A weakness of using
More informationCS 416: Operating Systems Design April 22, 2015
Question 1 A weakness of using NAND flash memory for use as a file system is: (a) Stored data wears out over time, requiring periodic refreshing. Operating Systems Week 13 Recitation: Exam 3 Preview Review
More informationFile Systems. What do we need to know?
File Systems Chapter 4 1 What do we need to know? How are files viewed on different OS s? What is a file system from the programmer s viewpoint? You mostly know this, but we ll review the main points.
More informationV. File System. SGG9: chapter 11. Files, directories, sharing FS layers, partitions, allocations, free space. TDIU11: Operating Systems
V. File System SGG9: chapter 11 Files, directories, sharing FS layers, partitions, allocations, free space TDIU11: Operating Systems Ahmed Rezine, Linköping University Copyright Notice: The lecture notes
More informationP1L5 Access Control. Controlling Accesses to Resources
P1L5 Access Control Controlling Accesses to Resources TCB sees a request for a resource, how does it decide whether it should be granted? Authentication establishes the source of a request Authorization
More informationOutline. V Computer Systems Organization II (Honors) (Introductory Operating Systems) Advantages of Multi-level Page Tables
Outline V22.0202-001 Computer Systems Organization II (Honors) (Introductory Operating Systems) Lecture 15 Memory Management (cont d) Virtual Memory March 30, 2005 Announcements Lab 4 due next Monday (April
More informationSecure Architecture Principles
Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Original slides were created by Prof. John Mitchel 1 Secure
More informationCS24: INTRODUCTION TO COMPUTING SYSTEMS. Spring 2018 Lecture 23
CS24: INTRODUCTION TO COMPUTING SYSTEMS Spring 208 Lecture 23 LAST TIME: VIRTUAL MEMORY Began to focus on how to virtualize memory Instead of directly addressing physical memory, introduce a level of indirection
More informationCS 61C: Great Ideas in Computer Architecture. Lecture 23: Virtual Memory
CS 61C: Great Ideas in Computer Architecture Lecture 23: Virtual Memory Krste Asanović & Randy H. Katz http://inst.eecs.berkeley.edu/~cs61c/fa17 1 Agenda Virtual Memory Paged Physical Memory Swap Space
More informationCS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring Lecture 18: Naming, Directories, and File Caching
CS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring 2004 Lecture 18: Naming, Directories, and File Caching 18.0 Main Points How do users name files? What is a name? Lookup:
More informationCS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring Lecture 18: Naming, Directories, and File Caching
CS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring 2002 Lecture 18: Naming, Directories, and File Caching 18.0 Main Points How do users name files? What is a name? Lookup:
More informationAdvanced Systems Security: Multics
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationChapter 5 (Part II) Large and Fast: Exploiting Memory Hierarchy. Baback Izadi Division of Engineering Programs
Chapter 5 (Part II) Baback Izadi Division of Engineering Programs bai@engr.newpaltz.edu Virtual Machines Host computer emulates guest operating system and machine resources Improved isolation of multiple
More information14 May 2012 Virtual Memory. Definition: A process is an instance of a running program
Virtual Memory (VM) Overview and motivation VM as tool for caching VM as tool for memory management VM as tool for memory protection Address translation 4 May 22 Virtual Memory Processes Definition: A
More informationThanks for the feedback! Chapter 8: Filesystem Implementation. File system operations. Acyclic-Graph Directories. General Graph Directory
ADRIAN PERRIG & TORSTEN HOEFLER ( 252-0062-00 ) Networks and Operating Systems Chapter 8: Filesystem Implementation Thanks for the feedback! Some answers: I ll provide references to books (I m not only
More informationProtection Goals of Protection Principles of Protection principle of least privilege Domain Structure need to know principle
Protection Discuss the goals and principles of protection in a modern computer system Explain how protection domains combined with an access matrix are used to specify the resources a process may access
More informationCS24: INTRODUCTION TO COMPUTING SYSTEMS. Spring 2015 Lecture 23
CS24: INTRODUCTION TO COMPUTING SYSTEMS Spring 205 Lecture 23 LAST TIME: VIRTUAL MEMORY! Began to focus on how to virtualize memory! Instead of directly addressing physical memory, introduce a level of
More informationECE 550D Fundamentals of Computer Systems and Engineering. Fall 2017
ECE 550D Fundamentals of Computer Systems and Engineering Fall 2017 The Operating System (OS) Prof. John Board Duke University Slides are derived from work by Profs. Tyler Bletsch and Andrew Hilton (Duke)
More informationJohn Wawrzynek & Nick Weaver
CS 61C: Great Ideas in Computer Architecture Lecture 23: Virtual Memory John Wawrzynek & Nick Weaver http://inst.eecs.berkeley.edu/~cs61c From Previous Lecture: Operating Systems Input / output (I/O) Memory
More informationMemory and multiprogramming
Memory and multiprogramming COMP342 27 Week 5 Dr Len Hamey Reading TW: Tanenbaum and Woodhull, Operating Systems, Third Edition, chapter 4. References (computer architecture): HP: Hennessy and Patterson
More informationFile System Implementation
File System Implementation Last modified: 16.05.2017 1 File-System Structure Virtual File System and FUSE Directory Implementation Allocation Methods Free-Space Management Efficiency and Performance. Buffering
More informationArvind Krishnamurthy Spring Implementing file system abstraction on top of raw disks
File Systems Arvind Krishnamurthy Spring 2004 File Systems Implementing file system abstraction on top of raw disks Issues: How to find the blocks of data corresponding to a given file? How to organize
More informationsel4 Reference Manual Version 2.0.0
NICTA Trustworthy Systems http://ssrg.nicta.com.au/projects/ts/ sel4 Reference Manual Version 2.0.0 Trustworthy Systems Team, NICTA ssrg@nicta.com.au 1 December 2015 c 2015 General Dynamics C4 Systems.
More informationFile System Internals. Jo, Heeseung
File System Internals Jo, Heeseung Today's Topics File system implementation File descriptor table, File table Virtual file system File system design issues Directory implementation: filename -> metadata
More informationCS3600 SYSTEMS AND NETWORKS
CS3600 SYSTEMS AND NETWORKS NORTHEASTERN UNIVERSITY Lecture 11: File System Implementation Prof. Alan Mislove (amislove@ccs.neu.edu) File-System Structure File structure Logical storage unit Collection
More informationBarrelfish Project ETH Zurich. Message Notifications
Barrelfish Project ETH Zurich Message Notifications Barrelfish Technical Note 9 Barrelfish project 16.06.2010 Systems Group Department of Computer Science ETH Zurich CAB F.79, Universitätstrasse 6, Zurich
More informationVirtual Memory. Chapter 8
Virtual Memory 1 Chapter 8 Characteristics of Paging and Segmentation Memory references are dynamically translated into physical addresses at run time E.g., process may be swapped in and out of main memory
More informationCS 392/681 - Computer Security. Module 5 Access Control: Concepts and Mechanisms
CS 392/681 - Computer Security Module 5 Access Control: Concepts and Mechanisms Course Policies and Logistics Midterm next Thursday!!! Read Chapter 2 and 15 of text 10/15/2002 Module 5 - Access Control
More informationCS510 Operating System Foundations. Jonathan Walpole
CS510 Operating System Foundations Jonathan Walpole File System Performance File System Performance Memory mapped files - Avoid system call overhead Buffer cache - Avoid disk I/O overhead Careful data
More informationExplicit Information Flow in the HiStar OS. Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, David Mazières
Explicit Information Flow in the HiStar OS Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, David Mazières Too much trusted software Untrustworthy code a huge problem Users willingly run malicious
More informationChapter 12: File System Implementation
Chapter 12: File System Implementation Silberschatz, Galvin and Gagne 2013 Chapter 12: File System Implementation File-System Structure File-System Implementation Allocation Methods Free-Space Management
More informationV. Primary & Secondary Memory!
V. Primary & Secondary Memory! Computer Architecture and Operating Systems & Operating Systems: 725G84 Ahmed Rezine 1 Memory Technology Static RAM (SRAM) 0.5ns 2.5ns, $2000 $5000 per GB Dynamic RAM (DRAM)
More informationCS 61C: Great Ideas in Computer Architecture. Lecture 23: Virtual Memory. Bernhard Boser & Randy Katz
CS 61C: Great Ideas in Computer Architecture Lecture 23: Virtual Memory Bernhard Boser & Randy Katz http://inst.eecs.berkeley.edu/~cs61c Agenda Virtual Memory Paged Physical Memory Swap Space Page Faults
More informationMemory Management! How the hardware and OS give application pgms:" The illusion of a large contiguous address space" Protection against each other"
Memory Management! Goals of this Lecture! Help you learn about:" The memory hierarchy" Spatial and temporal locality of reference" Caching, at multiple levels" Virtual memory" and thereby " How the hardware
More informationFalling in Love with EROS (Or Not) Robert Grimm New York University
Falling in Love with EROS (Or Not) Robert Grimm New York University The Three Questions What is the problem? What is new or different? What are the contributions and limitations? Basic Access Control Access
More informationCS252 S05. Main memory management. Memory hardware. The scale of things. Memory hardware (cont.) Bottleneck
Main memory management CMSC 411 Computer Systems Architecture Lecture 16 Memory Hierarchy 3 (Main Memory & Memory) Questions: How big should main memory be? How to handle reads and writes? How to find
More informationsel4 Reference Manual Version 8.0.0
Data61 Trustworthy Systems https://ts.data61.csiro.au/projects/ts/ sel4 Reference Manual Version 8.0.0 Trustworthy Systems Team, Data61 https://sel4.systems/contact/ 17 January 2018 c 2018 General Dynamics
More informationOperating Systems Security Access Control
Authorization and access control Operating Systems Security Access Control Ozalp Babaoglu From authentication to authorization Once subjects have been authenticated, the next problem to confront is authorization
More information(a) Which of these two conditions (high or low) is considered more serious? Justify your answer.
CS140 Winter 2006 Final Exam Solutions (1) In class we talked about the link count in the inode of the Unix file system being incorrect after a crash. The reference count can either be either too high
More informationHardware OS & OS- Application interface
CS 4410 Operating Systems Hardware OS & OS- Application interface Summer 2013 Cornell University 1 Today How my device becomes useful for the user? HW-OS interface Device controller Device driver Interrupts
More informationOperating Systems. Operating System Structure. Lecture 2 Michael O Boyle
Operating Systems Operating System Structure Lecture 2 Michael O Boyle 1 Overview Architecture impact User operating interaction User vs kernel Syscall Operating System structure Layers Examples 2 Lower-level
More informationPolicy vs. Mechanism. Example Reference Monitors. Reference Monitors. CSE 380 Computer Operating Systems
Policy vs. Mechanism CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms q Access control policy is a specification
More informationECE 598 Advanced Operating Systems Lecture 10
ECE 598 Advanced Operating Systems Lecture 10 Vince Weaver http://www.eece.maine.edu/~vweaver vincent.weaver@maine.edu 17 February 2015 Announcements Homework #1 and #2 grades, HW#3 Coming soon 1 Various
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationMemory Management. Goals of this Lecture. Motivation for Memory Hierarchy
Memory Management Goals of this Lecture Help you learn about: The memory hierarchy Spatial and temporal locality of reference Caching, at multiple levels Virtual memory and thereby How the hardware and
More informationSMD149 - Operating Systems - File systems
SMD149 - Operating Systems - File systems Roland Parviainen November 21, 2005 1 / 59 Outline Overview Files, directories Data integrity Transaction based file systems 2 / 59 Files Overview Named collection
More informationLabels and Information Flow
Labels and Information Flow Robert Soulé March 21, 2007 Problem Motivation and History The military cares about information flow Everyone can read Unclassified Few can read Top Secret Problem Motivation
More informationOPERATING SYSTEM. Chapter 12: File System Implementation
OPERATING SYSTEM Chapter 12: File System Implementation Chapter 12: File System Implementation File-System Structure File-System Implementation Directory Implementation Allocation Methods Free-Space Management
More informationCSE 380 Computer Operating Systems
CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms 1 Policy vs. Mechanism q Access control policy is a specification
More informationComputer Systems A Programmer s Perspective 1 (Beta Draft)
Computer Systems A Programmer s Perspective 1 (Beta Draft) Randal E. Bryant David R. O Hallaron August 1, 2001 1 Copyright c 2001, R. E. Bryant, D. R. O Hallaron. All rights reserved. 2 Contents Preface
More informationCOMP9242 Advanced Operating Systems S2/2012 Week 1: Introduction to sel4
COMP9242 Advanced Operating Systems S2/2012 Week 1: Introduction to sel4 Copyright Notice These slides are distributed under the Creative Commons Attribution 3.0 License You are free: to share to copy,
More informationAnnouncements. is due Monday April 1 needs to include a paragraph write-up about the results of using the two different scheduling algorithms
Announcements Reading Chapter 11 (11.1-11.5) Programming Project #3 is due Monday April 1 needs to include a paragraph write-up about the results of using the two different scheduling algorithms Midterm
More informationChapter 8: Filesystem Implementation
ADRIAN PERRIG & TORSTEN HOEFLER ( 252-0062-00 ) Networks and Operating Systems Chapter 8: Filesystem Implementation source: xkcd.com Access Control 1 Protection File owner/creator should be able to control:
More informationAdvanced Systems Security: Ordinary Operating Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More information18-447: Computer Architecture Lecture 18: Virtual Memory III. Yoongu Kim Carnegie Mellon University Spring 2013, 3/1
18-447: Computer Architecture Lecture 18: Virtual Memory III Yoongu Kim Carnegie Mellon University Spring 2013, 3/1 Upcoming Schedule Today: Lab 3 Due Today: Lecture/Recitation Monday (3/4): Lecture Q&A
More information16 Sharing Main Memory Segmentation and Paging
Operating Systems 64 16 Sharing Main Memory Segmentation and Paging Readings for this topic: Anderson/Dahlin Chapter 8 9; Siberschatz/Galvin Chapter 8 9 Simple uniprogramming with a single segment per
More informationCapsicum: Practical capabilities for UNIX. Anna Kornfeld Simpson & Venkatesh Srinivas
Capsicum: Practical capabilities for UNIX Anna Kornfeld Simpson & Venkatesh Srinivas Capsicum: Practical capabilities for UNIX And a little bit about Confused Deputies too... Anna Kornfeld Simpson & Venkatesh
More informationSecure Architecture Principles
CS 155 Spring 2017 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Secure Architecture Principles Isolation
More informationClassifying Information Stored in Memory! Memory Management in a Uniprogrammed System! Segments of a Process! Processing a User Program!
Memory Management in a Uniprogrammed System! A! gets a fixed segment of (usually highest )"! One process executes at a time in a single segment"! Process is always loaded at "! Compiler and linker generate
More informationSystems Programming and Computer Architecture ( ) Timothy Roscoe
Systems Group Department of Computer Science ETH Zürich Systems Programming and Computer Architecture (252-6-) Timothy Roscoe Herbstsemester 26 AS 26 Virtual Memory 8: Virtual Memory Computer Architecture
More informationVirtual Memory. CS61, Lecture 15. Prof. Stephen Chong October 20, 2011
Virtual Memory CS6, Lecture 5 Prof. Stephen Chong October 2, 2 Announcements Midterm review session: Monday Oct 24 5:3pm to 7pm, 6 Oxford St. room 33 Large and small group interaction 2 Wall of Flame Rob
More informationFile System Internals. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University
File System Internals Jin-Soo Kim (jinsookim@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu Today s Topics File system implementation File descriptor table, File table
More informationAdministrative Details. CS 140 Final Review Session. Pre-Midterm. Plan For Today. Disks + I/O. Pre-Midterm, cont.
Administrative Details CS 140 Final Review Session Final exam: 12:15-3:15pm, Thursday March 18, Skilling Aud (here) Questions about course material or the exam? Post to the newsgroup with Exam Question
More informationIntroduction to OS. File Management. MOS Ch. 4. Mahmoud El-Gayyar. Mahmoud El-Gayyar / Introduction to OS 1
Introduction to OS File Management MOS Ch. 4 Mahmoud El-Gayyar elgayyar@ci.suez.edu.eg Mahmoud El-Gayyar / Introduction to OS 1 File Management Objectives Provide I/O support for a variety of storage device
More informationCS24: INTRODUCTION TO COMPUTING SYSTEMS. Spring 2018 Lecture 24
CS24: INTRODUCTION TO COMPUTING SYSTEMS Spring 2018 Lecture 24 LAST TIME Extended virtual memory concept to be a cache of memory stored on disk DRAM becomes L4 cache of data stored on L5 disk Extend page
More informationAddress Translation. Tore Larsen Material developed by: Kai Li, Princeton University
Address Translation Tore Larsen Material developed by: Kai Li, Princeton University Topics Virtual memory Virtualization Protection Address translation Base and bound Segmentation Paging Translation look-ahead
More informationCS370 Operating Systems
CS370 Operating Systems Colorado State University Yashwant K Malaiya Spring 2018 Lecture 2 Slides based on Text by Silberschatz, Galvin, Gagne Various sources 1 1 2 What is an Operating System? What is
More informationObjectives and Functions Convenience. William Stallings Computer Organization and Architecture 7 th Edition. Efficiency
William Stallings Computer Organization and Architecture 7 th Edition Chapter 8 Operating System Support Objectives and Functions Convenience Making the computer easier to use Efficiency Allowing better
More informationCSC 553 Operating Systems
CSC 553 Operating Systems Lecture 12 - File Management Files Data collections created by users The File System is one of the most important parts of the OS to a user Desirable properties of files: Long-term
More information