Operating Systems & Networks Files and Security Perspectives on Computing COMP1200 Weifa Liang updated by Chris Johnson (Slides are adopted from Eric McCreath) The Australian National University Semester 1 2005
Overview Files What is a file? Information associated with files Directories File storage structures Security and protection Authentication
Files Information used by a computer system may be stored on a variety of storage mediums(magnetic disks, magnetic tapes, optical disks, etc). A file system provides a uniform logical view of this information. The operating system provides a mapping between the abstract logical units of storage, that is a file, and the physical storage device. Exam.doc quake
Files A file is a named collection of related information. file information is persistent: it lives longer than the process which creates or changes it files consist of a sequence of bits which can be interpreteted as bits, bytes, lines, or records. The type of information within a file is generally defined by its creator.
File Types There are numerous types of files. These include: text, source code, executable, binary, compressed, graphics images, data base, etc... A critical decision in the design of an operating system is to what extent does the operating system support typed files. If the OS does notprovide support, application programs must do their own interpretation MS DOS recognizes file extensions. Macintosh has file types like "text" or "pic"; and files have their creator program as part of their attributes. UNIX does not really support file types. However: files have a crude magic number at the beginning of the file giving an indication of their type.
File Attributes Typically the operating system will keep track of the following attributes for each file: type location size protection: owner and access controls temporal information (timestamps) about creation, accesses and changes. [~/comp1200] % ls -alsi total 216 327044 4 drwxr-xr-x 9 ericm users 4096 Mar 20 10:20. 768545 8 drwxrwxr-x 125 dcs users 8192 Mar 16 13:02.. 376100 4 drwxr-xr-x 2 ericm users 4096 Oct 29 2000 1999 : : : : : : : : : 327728 8 -rw-rw-r-- 1 ericm users 7462 Mar 4 18:10 test.eps 327724 8 -rw-r--r-- 1 ericm users 5059 Mar 20 10:19 tutes.html 327060 8 -rw-r--r-- 1 ericm users 5047 Mar 11 10:41 tutes.html~ 523285 4 drwxr-xr-x 2 ericm users 4096 Mar 20 10:18 tutorials
Accessing files Files can be accessed in one of two basic ways: Sequential access 1) Read 2) Read 3) Write Pointer Read/Write Direct (or random) access. 1) Read 2) Write 3) Read
Directories Directories provide a mechanism for locating and organizing the files within the file system. A directory contains a list of entries. Each entry contains a file name and a reference to the file associated with that file name. These entries may also refer to other directories. ref.doc index.html Wordprocessor
Directory Structures Different operating systems provide different directory structures. Single Level Root Directory Root Directory Tree Structure Root Directory General Graph
Storage Medium Memory provides a way of storing information that can be retrieved rapidly, however, it is generally volatile and limited in its capacity. Magnetic and optical technologies provide a storage medium that persists when the power is removed. They also have capacity that is an order of magnitude larger than main memory.
Magnetic Disk Logically a hard disk can be viewed as a large number of blocks. Blocks are often 512 bytes long. Each block is stored within a sector. Blocks are often joined together to form clusters. Track Read/Write Head Sector Platter
File Structures Logically a disk drive can be viewed as a large number of blocks. These blocks can be either completely read or completely written. The operating system must provide a mapping from these variable sized files to these fixed sized blocks. Files that are larger than one block must be broken up over a number of blocks. There are three major approaches: contiguous linked indexed
Contiguous Approach The contiguous allocation method places each file in a set of blocks which are next to each other on the disk. File1 File2
Indexed Approach Indexed allocation uses an index block which contains pointers that point directly to the blocks that make up the file. File1 File2
Linked Approach The linked approach uses a pointer in each block that points to the next block that makes up the file. File1 File2
FAT The File Allocation Table or FAT approach is used by MS DOS and Windows operating systems. It works in a similar way to the linked approach. However, the 'links'or block pointers are relocated to one section of the disk drive (The FAT). This improves performance when files are accessed randomly.
Security and Protection Operating system protection: how to provide control over access to programs and data in the computer system protect one process's memory from other processes Protection is strictly an OS internal issue a technical problem. OS security: how to control access from outside the system to the information inside: a management problem. Information stored in a system must be secured from: unauthorized access malicious destruction malicious alteration accidental introduction of inconsistency.
Authentication The authentication problem involves determining if the identity of a user is authentic. Authentication is based on one of three items: a user's possessions (such as a key card), a user's knowledge (such as a user id and password) a user's attributes (such as fingerprint, retina pattern). Currently the most common of these is the user's knowledge, in the form of an id and password.
Passwords Passwords authenticate users by having the user provide an (openly known) user id and corresponding (secret) password. If the password provided is correct for that user id then the system assumes that the user is legitimate. Passwords are extremely common as they are easy to use, understand, and require no additional hardware. However passwords can be vulnerable, as it can be difficult to keep a password secret. Passwords can be compromised by: being guessed, being exposed(shoulder surfing or sniffing), or being illegally transferred.
Encrypted Passwords It may be difficult to keep passwords secret on a computer system. To address this problem a process of encryption is often used to store passwords. A function f is used that is simple to compute but extremely difficult to invert. Given a password w, instead of storing each password w on the system, an encrypted version f(w) is stored. When a password p is checked it is also encrypted using f, and the result is checked against the stored value f(w). Only if f(p) = f(w) do we conclude that p=w i.e. that the password is correct. Hence, even if some BadGuy reads the files and knows the stored value of f(w), this does not help him to find w thus BadGuy cannot pretend to be the user of password w.
Reading and study questions OS.2 Brookshear has separated the material on files into different areas of the 8 th edition of the book. section 9.5: traditional file structures (note: indexed files described in this section are a more complex form of the direct access files in this lecture) Q3, Q4 section 9.7: social impact of database technology section 3.5: operating system security Q1, Q3