COS 318: Operating Systems. File Systems. Topics. Evolved Data Center Storage Hierarchy. Traditional Data Center Storage Hierarchy

Similar documents
Storage and File System

Storage and File Hierarchy

COS 318: Operating Systems

File System Internals. Jo, Heeseung

(a) Which of these two conditions (high or low) is considered more serious? Justify your answer.

Segmentation with Paging. Review. Segmentation with Page (MULTICS) Segmentation with Page (MULTICS) Segmentation with Page (MULTICS)

Filesystem. Disclaimer: some slides are adopted from book authors slides with permission 1

Computer Systems Laboratory Sungkyunkwan University

File System Internals. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

Last Class: Memory management. Per-process Replacement

Typical File Extensions File Structure

Preview. COSC350 System Software, Fall

CS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring Lecture 18: Naming, Directories, and File Caching

CS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring Lecture 18: Naming, Directories, and File Caching

File System Internals. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

CS4500/5500 Operating Systems File Systems and Implementations

File System. Preview. File Name. File Structure. File Types. File Structure. Three essential requirements for long term information storage

Chapter 11: File System Implementation. Objectives

File Systems. Todays Plan

Chapter 10: Mass-Storage Systems

Chapter 10: Mass-Storage Systems. Operating System Concepts 9 th Edition

ECE 550D Fundamentals of Computer Systems and Engineering. Fall 2017

File Systems: Fundamentals

File Systems. Todays Plan. Vera Goebel Thomas Plagemann. Department of Informatics University of Oslo

16 Sharing Main Memory Segmentation and Paging

Chapter 11: File-System Interface

File Systems: Fundamentals

Announcements/Reminders

Filesystem. Disclaimer: some slides are adopted from book authors slides with permission 1

File Systems. What do we need to know?

COMP 530: Operating Systems File Systems: Fundamentals

File Systems Management and Examples

CS370 Operating Systems

OS Structure. Kevin Webb Swarthmore College January 25, Relevant xkcd:

Chapter 6: File Systems

ESE 333 Real-Time Operating Systems 163 Review Deadlocks (Cont.) ffl Methods for handling deadlocks 3. Deadlock prevention Negating one of four condit

File systems CS 241. May 2, University of Illinois

A file system is a clearly-defined method that the computer's operating system uses to store, catalog, and retrieve files.

File System Case Studies. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

CS140 Operating Systems and Systems Programming Final Exam

Long-term Information Storage Must store large amounts of data Information stored must survive the termination of the process using it Multiple proces

File Layout and Directories

File Systems. CS 4410 Operating Systems

File Systems. CSE 2431: Introduction to Operating Systems Reading: Chap. 11, , 18.7, [OSC]

File Systems. OS Overview I/O. Swap. Management. Operations CPU. Hard Drive. Management. Memory. Hard Drive. CSI3131 Topics. Structure.

15 Sharing Main Memory Segmentation and Paging

Veeam Cloud Connect. Version 8.0. Administrator Guide

Administrative Details. CS 140 Final Review Session. Pre-Midterm. Plan For Today. Disks + I/O. Pre-Midterm, cont.

File. File System Implementation. File Metadata. File System Implementation. Direct Memory Access Cont. Hardware background: Direct Memory Access

Topics. Operating System. What is an Operating System? Let s Get Started! What is an Operating System? Where in the Book are we?

CHAPTER 11: IMPLEMENTING FILE SYSTEMS (COMPACT) By I-Chen Lin Textbook: Operating System Concepts 9th Ed.

ELEC 377 Operating Systems. Week 1 Class 2

Topics. Operating System I. What is an Operating System? Let s Get Started! What is an Operating System? OS History.

Operating systems and security - Overview

Operating systems and security - Overview

What is a file system

Today: File System Functionality. File System Abstraction

FILE SYSTEMS. CS124 Operating Systems Winter , Lecture 23

CS3600 SYSTEMS AND NETWORKS

File System Case Studies. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

SMD149 - Operating Systems - File systems

OPERATING SYSTEM. PREPARED BY : DHAVAL R. PATEL Page 1. Q.1 Explain Memory

Motivation. Operating Systems. File Systems. Outline. Files: The User s Point of View. File System Concepts. Solution? Files!

File System: Interface and Implmentation

Keys and Passwords. Steven M. Bellovin October 17,

Distributed File Systems

Topics. File Buffer Cache for Performance. What to Cache? COS 318: Operating Systems. File Performance and Reliability

Chapter 11: Implementing File Systems

412 Notes: Filesystem

Lecture S3: File system data layout, naming

Operating Systems. Lecture File system implementation. Master of Computer Science PUF - Hồ Chí Minh 2016/2017

Operating Systems. Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring Paul Krzyzanowski. Rutgers University.

CS140 Operating Systems Final December 12, 2007 OPEN BOOK, OPEN NOTES

CS 416: Operating Systems Design April 22, 2015

COMP091 Operating Systems 1. File Systems

File Systems. Information Server 1. Content. Motivation. Motivation. File Systems. File Systems. Files

Advanced Operating Systems

Introduction. Secondary Storage. File concept. File attributes

Memory Management. Disclaimer: some slides are adopted from book authors slides with permission 1

Memory Management. Dr. Yingwu Zhu

OPERATING SYSTEMS CS136

COS 318: Operating Systems. NSF, Snapshot, Dedup and Review

CIS Operating Systems Memory Management Cache. Professor Qiang Zeng Fall 2017

Simple idea 1: load-time linking. Our main questions. Some terminology. Simple idea 2: base + bound register. Protection mechanics.

CSE 565 Computer Security Fall 2018

CS370 Operating Systems

COS 318: Operating Systems. Virtual Memory and Address Translation

UNIX File Systems. How UNIX Organizes and Accesses Files on Disk

<Insert Picture Here> Filesystem Features and Performance

File Systems. CS 4410 Operating Systems. [R. Agarwal, L. Alvisi, A. Bracy, M. George, E. Sirer, R. Van Renesse]

Chapter 10: Mass-Storage Systems

CS720 - Operating Systems

Chapter 1: Introduction

CS 318 Principles of Operating Systems

We ve seen: Protection: ACLs, Capabilities, and More. Access control. Principle of Least Privilege. ? Resource. What makes it hard?

Example Implementations of File Systems

CS 134: Operating Systems

CIS Operating Systems Memory Management Cache and Demand Paging. Professor Qiang Zeng Spring 2018

CS 471 Operating Systems. Yue Cheng. George Mason University Fall 2017

OPERATING SYSTEM. Chapter 12: File System Implementation

Transcription:

Topics COS 318: Operating Systems File Systems hierarchy File system abstraction File system operations File system protection 2 Traditional Data Center Hierarchy Evolved Data Center Hierarchy Clients Networ k Server SAN mirror Clients Networ k Network Attached (NAS) w/ snapshots to protect data mirror Onsite Offsite backup Onsite Offsite backup 3 4 1

Modern Data Center Hierarchy Why Files? Can t we just use main memory? Can t we use a mechanism like swapping to disk? Clients Networ k Network Attached (NAS) Onsite w/ snapshots to protect data Deduplication Capacity and bandwidth optimization WAN mirror Need to store large amounts of information Need the information to survive process termination Need the information to be share-able by processes 5 6 Recall Some High-level Abstractions File System Layers and Abstractions Processes are an abstraction for processors Virtual memory is an abstraction for memory File systems are an abstraction for disk (disk blocks) Network file system maps a network file system protocol to local file systems NFS, CIFS, DAFS, etc Local file system implements a file system on blocks in volumes Local disks or network of disks Volume manager maps logical volume to physical disks Provide logical unit RAID and reconstruction Disk management manages physical disks Sometimes part of volume manager Drivers, scheduling, etc Network File System Local File System Volume Manager Disk Management 7 8 2

Volume Manager Block vs. Files What and why? Group multiple disk partitions into a logical disk volume No need to deal with physical disk, sector numbers To read a block: read( vol#, block#, buf, n ); Volume can include RAID, tolerating disk failures No need to know about parity disk in RAID-5, for example No need to know about reconstruction Volume can provide error detections at disk block level Some products use a checksum block for 8 blocks of data Volume can grow or shrink without affecting existing data Volume can have remote volumes for disaster recovery mirrors can be split or merged for backups How to implement? OS kernel: Veritas (for SUN and NT), Linux Disk subsystem: EMC, Hitachi, IBM How many lines of code are there for a volume manager? Disk abstraction Block oriented Block numbers No protection among users of the system Data might be corrupted if machine crashes File abstraction Byte oriented Named files Users protected from each other Robust to machine failures 9 10 File Structure Alternatives Byte sequence Read or write a number of bytes Unstructured or linear Unix, Windows Record sequence Fixed or variable length Read or write a number of records Not used: punch card days Tree Records with keys Read, insert, delete a record (typically using B-tree, sorted on key) Used in mainframes for commercial data processing 11 File Types ASCII Binary data Record Tree An Unix executable file header: magic number, sizes, entry point, flags text data relocation bits symbol table Devices Everything else in the system 12 3

File Operations Operations for sequence of bytes files Create: create a mapping from a name to bytes Delete: delete the mapping Open: authentication, bring key attributes, disk info into RAM Close: free up table space, force last block write Seek: jump to a particular location in a file Read: read some bytes from a file Write: write some bytes to a file Get attributes, Set attributes A few more on directories: talk about this later Implementation goal Operations should have as few disk accesses as possible and have minimal space overhead Access Patterns Sequential (the common pattern) File data processed sequentially Examples Editor writes out a new file Compiler reads a file Random access Address a block in file directly without passing through predecessors Examples: Data set for demand paging Read a message in an inbox file Databases Keyed access Search for a record with particular values Usually not provided by today s file systems Examples Database search and indexing 13 14 VM Page Table vs. File System Metadata File System vs. Virtual Memory Page table Manage the mappings of an address space Map virtual page # to physical page # Check access permission and illegal addressing TLB does all in one cycle File metadata Manage the mappings of files Map byte offset to disk block address Check access permission and illegal addressing All implement in software and may cause disk accesses Similarity Location transparency Oblivious to size Protection File system is easier than VM CPU time to do file system mappings is not a big deal Files are dense and mostly sequential Page tables deal with sparse address spaces and random accesses File system is harder than VM Each layer of translation causes potential disk accesses Memory space for caching is never enough Range very extreme: many < 10k, some > GB Implementation must be very reliable 15 16 4

Protection Policy vs. Mechanism Policy is about what and mechanism is about how A protection system is the mechanism to enforce a security policy Roughly the same set of choices, no matter what policy A security policy delineates what acceptable behavior and unacceptable behavior Example security policies: Each user can only allocate 40MB of disk No one but root can write to the password file You cannot read my mail Protection Mechanisms Authentication Make sure system knows whom it is talking to Unix: password Credit card companies: social security # + mom s name Bars: driver s license Authorization Determine if x is allowed to do y Need a simple database Access enforcement Enforce authorization decision Must make sure there are no loopholes This is difficult 17 18 Authentication Usually done with passwords This is usually a relatively weak form of authentication, since it s something that people have to remember Empirically is typically based on girlfriend/boyfriend/partner name Passwords should not be stored in a directly-readable form Use some sort of one-way-transformation (a secure hash ) and store that If you look in /etc/passwords will see a bunch of gibberish associated with each name. That is the password Problem: to prevent guessing ( dictionary attacks ) passwords should be long and obscure Unfortunately easily forgotten and usually written down What are the alternatives? 19 Protection Domain A set of (objects, rights) pairs Domain may correspond to single user, or more general Process runs in a domain at a given instant in time Once identity known, what is Bob allowed to do? More generally: must be able to determine what each principal is allowed to do with what Can be represented as an protection matrix with one row per domain, one column per resource What are the pros and cons of this approach? File A Printer B File C Domain 1 R W RW Domain 2 RW W Domain 3 R RW 20 5

Access Control Lists (ACLs) By column: For each object, indicate which users are allowed to perform which operations In most general form, each object has a list of <user,privileged> pairs Access control lists are simple, and are used in almost all file systems Owner, group, world Implementation Stores ACLs in each file Use login authentication to identify Kernel implements ACLs What are the issues? Capabilities By rows: For each user, indicate which files may be accessed and in what ways Store a lists of <object, privilege> pairs which each user. Called a Capability List Capabilities frequently do both naming and protection Can only see an object if you have a capability for it. Default is no access Implementation Capability lists Architecture support Stored in the kernel Stored in the user space but in encrypted format Checking is easy: no enumeration Issues with capabilities? 21 22 Access Enforcement Use a trusted party to Enforce access controls Protect authorization information Kernel is the trusted party This part of the system can do anything it wants If it has a bug, the entire system can be destroyed Want it to be as small & simple as possible Security is only as strong as the weakest link in the protection system Some Easy Attacks Abuse of valid privilege On Unix, super-user can do anything. Read your mail, send mail in your name, etc. If you delete the code for your COS318 project, your partner is not happy Spoiler/Denial of service (DoS) Use up all resources and make system crash Run shell script to: while(1) { mkdir foo; cd foo; } Run C program: while(1) { fork(); malloc(1000)[40] = 1; } Listener Passively watch network traffic. Will see anyone s password as they type it into telnet. Or just watch for file traffic: Will be transmitted in plaintext. 23 24 6

No Perfect Protection System Protection can only increase the effort needed to do something bad It cannot prevent bad things from happening Even assuming a technically perfect system, there are always ways to defeat burglary, bribery, blackmail, bludgeoning, etc. Every system has holes It just depends on what they look like Summary hierarchy is complex Reliability, security, performance and cost Many things are hidden, but the world is becoming tapeless Primary Network file system Local file system Volume manager Protection We basically live with access control list More protection is needed in the future 25 26 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback