Final Examination CS 111, Fall 2016 UCLA. Name:

Similar documents
CS 111. Operating Systems Peter Reiher

CS-537: Midterm Exam (Fall 2008) Hard Questions, Simple Answers

(a) Which of these two conditions (high or low) is considered more serious? Justify your answer.

FILE SYSTEMS. CS124 Operating Systems Winter , Lecture 23

CS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring Lecture 18: Naming, Directories, and File Caching

CS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring Lecture 18: Naming, Directories, and File Caching

FILE SYSTEMS, PART 2. CS124 Operating Systems Fall , Lecture 24

Embedded Systems Dr. Santanu Chaudhury Department of Electrical Engineering Indian Institute of Technology, Delhi

Database Management System Prof. D. Janakiram Department of Computer Science & Engineering Indian Institute of Technology, Madras Lecture No.

CS 537 Fall 2017 Review Session

Database Management System Prof. D. Janakiram Department of Computer Science & Engineering Indian Institute of Technology, Madras Lecture No.

Outline Key Management CS 239 Computer Security February 9, 2004

EECS 482 Introduction to Operating Systems

CPS 310 first midterm exam, 10/6/2014

Wednesday, May 3, Several RAID "levels" have been defined. Some are more commercially viable than others.

I/O and file systems. Dealing with device heterogeneity

19 File Structure, Disk Scheduling

22 File Structure, Disk Scheduling

Midterm Exam #3 Solutions November 30, 2016 CS162 Operating Systems

Computer Science 161

16 Sharing Main Memory Segmentation and Paging

Virtual Memory. Chapter 8

OPERATING SYSTEM. Chapter 12: File System Implementation

CS Final Exam. Stanford University Computer Science Department. June 5, 2012 !!!!! SKIP 15 POINTS WORTH OF QUESTIONS.!!!!!

Midterm Exam Solutions March 7, 2001 CS162 Operating Systems

Upgrading Your Geant4 Release

File Management. Chapter 12

CS-736 Midterm: Beyond Compare (Spring 2008)

CS 167 Final Exam Solutions

Midterm Exam Solutions Amy Murphy 28 February 2001

COS 318: Operating Systems. NSF, Snapshot, Dedup and Review

EI 338: Computer Systems Engineering (Operating Systems & Computer Architecture)

JOURNALING FILE SYSTEMS. CS124 Operating Systems Winter , Lecture 26

Midterm Exam #2 Solutions October 25, 2016 CS162 Operating Systems

The Google File System

Chapter 10: Case Studies. So what happens in a real operating system?

INTERNAL REPRESENTATION OF FILES:

2. Which of the following resources is not one which can result in deadlocking processes? a. a disk file b. a semaphore c. the central processor (CPU)

CS 550 Operating Systems Spring File System

CS162 Operating Systems and Systems Programming Lecture 12. Address Translation. Page 1

CS-537: Midterm Exam (Spring 2009) The Future of Processors, Operating Systems, and You

The What, Why and How of the Pure Storage Enterprise Flash Array. Ethan L. Miller (and a cast of dozens at Pure Storage)

MicroSurvey Users: How to Report a Bug

Operating Systems. Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring Paul Krzyzanowski. Rutgers University.

File Systems. CSE 2431: Introduction to Operating Systems Reading: Chap. 11, , 18.7, [OSC]

XP: Backup Your Important Files for Safety

Mid-term Roll no: Scheduler Activations: Effective Kernel Support for the User-Level Management of Parallelism

CS 416: Operating Systems Design April 22, 2015

Operating System Principles: Memory Management Swapping, Paging, and Virtual Memory CS 111. Operating Systems Peter Reiher

Operating Systems. Operating Systems Professor Sina Meraji U of T

Chapter 11: Implementing File Systems

Name: uteid: 1. CS439H: Fall 2011 Final Exam

Outline. Operating System Security CS 239 Computer Security February 23, Introduction. Server Machines Vs. General Purpose Machines

CMPS 111 Spring 2013 Prof. Scott A. Brandt Midterm Examination May 6, Name: ID:

Chapter 3 - Memory Management

The Art and Science of Memory Allocation

CS 450 Fall xxxx Final exam solutions. 2) a. Multiprogramming is allowing the computer to run several programs simultaneously.

Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003

What is version control? (discuss) Who has used version control? Favorite VCS? Uses of version control (read)

Information Security II Prof. Kamakoti Department of Computer Science and Engineering Indian Institute of Technology, Madras

Operating Systems. Week 9 Recitation: Exam 2 Preview Review of Exam 2, Spring Paul Krzyzanowski. Rutgers University.

(b) External fragmentation can happen in a virtual memory paging system.

Midterm Exam Amy Murphy 19 March 2003

PROCESS SYNCHRONIZATION

Chapter 12 File-System Implementation

File. File System Implementation. File Metadata. File System Implementation. Direct Memory Access Cont. Hardware background: Direct Memory Access

CSE 120 PRACTICE FINAL EXAM, WINTER 2013

File System Implementation

Example File Systems Using Replication CS 188 Distributed Systems February 10, 2015

Lecture 2: September 9

PROCESS VIRTUAL MEMORY. CS124 Operating Systems Winter , Lecture 18

Chapter 11: File System Implementation. Objectives

CS5460: Operating Systems Lecture 20: File System Reliability

Problem Max Points Score Total 100

Chapter 6 - Deadlocks

Input/Output Management

Introduction to Operating Systems

File Systems. ECE 650 Systems Programming & Engineering Duke University, Spring 2018

Understanding Recursion

Crash Consistency: FSCK and Journaling. Dongkun Shin, SKKU

File System Implementation. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

CHAPTER 11: IMPLEMENTING FILE SYSTEMS (COMPACT) By I-Chen Lin Textbook: Operating System Concepts 9th Ed.

Chapter 12: File System Implementation

CS5412 CLOUD COMPUTING: PRELIM EXAM Open book, open notes. 90 minutes plus 45 minutes grace period, hence 2h 15m maximum working time.

CMU-ITC ITC File System Goals. 12 September File System Group

Cache Coherence Tutorial

Midterm 1. Administrivia. Virtualizing Resources. CS162 Operating Systems and Systems Programming Lecture 12. Address Translation

CS 161 Computer Security. Design Patterns for Building Secure Systems

Chapter 12: File System Implementation

Concurrent & Distributed Systems Supervision Exercises

Midterm #2 Exam Solutions April 26, 2006 CS162 Operating Systems

Name: 1. CS372H: Spring 2009 Final Exam

Outline. V Computer Systems Organization II (Honors) (Introductory Operating Systems) Language-based Protection: Solution

Stanford University Computer Science Department CS 240 Sample Quiz 2 Answers Winter February 25, 2005

Operating Systems Design Exam 2 Review: Fall 2010

Chapter 10: File System Implementation

Changelog. Virtual Memory (2) exercise: 64-bit system. exercise: 64-bit system

Lecture 21: Reliable, High Performance Storage. CSC 469H1F Fall 2006 Angela Demke Brown

Page 1. Recap: File System Goals" Recap: Linked Allocation"

Design Choices 2 / 29

Transcription:

Final Examination CS 111, Fall 2016 UCLA Name: This is an open book, open note test. You may use electronic devices to take the test, but may not access the network during the test. You have three hours to complete it. Please remember to put your name on all sheets of your answers. There are 3 questions on the test, each on a separate page. You must answer all of them. Each problem you answer is worth 33% of the total points on the test. You get 1% for putting your name on the test. You must answer every part of every problem. Read each question CAREFULLY, make sure you understand EXACTLY what question is being asked and what type of answer is expected, and make sure that your answer clearly and directly responds to the asked question. I am looking for depth of understanding and the ability to solve real problems. I want to see specific answers. Vague generalities will receive little or no credit (e.g., zero credit for an answer like no, due to the relocation problem. ). Superficial answers will not be sufficient on this exam. Organize your thoughts before writing out the answer. If the correct part of your answer is buried under a mountain of words, I may have trouble finding it.

1. Many file systems end up storing the same bit patterns over and over again for many different files, effectively wasting a lot of disk space storing redundant data. Some file system deal with this issue by using deduplication, a technique that tries to ensure that any bit pattern occurring more than once anywhere in the file system is only stored on disk one time. Other files containing the same bit pattern do not store unique copies of the data, but instead point to (in some fashion), the single copy. Of course, one must choose some granularity (in terms of length of bit patterns) at which one deduplicates. There would be no benefit in deduplicating all occurrences of the bit pattern 0, for example. (Note: if you propose some technique other than deduplication for dealing with this problem and do not address the points below concerning deduplication, you will get 0 on this question. Don t do that.) a. What granularity would you suggest deduplicating at? Why? b. What algorithms and data structures will you use to detect duplicates? c. Should deduplication be applied to directories or just to regular files? Why? d. Does the use of deduplication cause any new security problems? Why? e. Describe how you would alter the FFS to allow it to perform some useful form of deduplication. Describe the changes to metadata structures that your alteration would require. How would the following file operations change (in their underlying OS implementation) in your design: create(), open(), read(), write(), unlink()? f. Will deduplication improve, degrade, or not alter file system consistency concerns? Explain. g. Will deduplication perform better when the underlying storage medium is a hard disk drive or a flash drive, or will it have the same performance for both? Why? a. (5 points) Deduplication at high granularity won t find much to work with. For instance, file deduplication will only help for totally identical files. Deduplication at a low granularity (such as a few bytes) won t scale, since you will need to keep too many indices for different patterns. If one is going with a fixed size, a disk block/io cache block size is reasonable. It has the advantage of fitting in easily with other file system elements. Probably doing a variable sized granularity not aligned on a particular boundary would provide the most bang for the buck, but adds much complexity. b. (7 points) Dedupping by comparing full patterns will be an immense loser. You will be best off dedupping by comparing the outputs of a hash algorithm applied to the bit patterns. Avoiding collisions is vital, and you don t want the hash to be too long, both because you ll be storing the hash and you will be doing lots of comparisons on it. A cryptographic hash is a good choice. In terms of data structures, you need a general data structure shared by the entire file system that keeps track of the hashes you ve already seen. It needs to scale well and not be a performance

bottleneck, particularly on file reads. Either a database or perhaps a hash table (of the hashes themselves) might be a good choice. In addition to a pointer to the actual data with that hash, it should contain a reference count of how many places in the file system use that block, since once all such references are either deleted or altered to have different contents, the data pointed to by the entry should be freed. Other data structures designed to handle fast pattern lookups, like tries, might also work well. The key to getting full points is a complete description of how you will use the data structure. c. (2 points) There will be little value in dedupping directories. They usually contain only directory names and inode pointers. Both are too short to benefit from dedupping. The chance that there will be identical names and inodes spanning more than one entry in two directories is low. d. (2 points) Other than introducing more code that might contain security flaws, dedupping a file system should not cause security problems. It does not grant users access to anything they do not already have the right to access. They only get access to a dedupped block in a file they can t read if they already have a copy of that dedupped block in a file they can access. It would be better to hide the deduplication from users, since if they know that a particular block of their own file is duplicated in some other file, there is a minor privacy leak. e. (12 points: 7 for general discussion, 1 each for proper description of the operations) Assuming we are working at the block level, each pointer to a block in an inode might point either to a block or to a dedup entry in the dedup database/table. The latter point to a single instance of the duplicated block. Dedupping can happen as files are written, on close after a write, when a written block is flushed from the block cache to the disk, or at some point in the background. Any (or some reasonable combination) are acceptable. Dedupping as writes occur is probably not a good idea, though, as it may require multiple hashes and table lookups when a program performs multiple writes to a single block. There are small details of how this approach would impact the FFS inode layout, such as how are you going to keep the information about whether a block pointer is a true block pointer or a pointer to a dedup entry. There is currently no room in either the pointer or the inode for that. You didn t need to address such issues. Pointing to a data block without being concerned about whether it is a dedup block or not is possible, but it leads to further issues that must be addressed if the answer goes in this direction. These include how do you make sure when you write a block that you re only writing your own block, and how do you determine when you can garbage collect a block. For the operation descriptions, details may vary depending on how the student has suggested the system be designed.

(a) On create, nothing special must happen. So far, there is no data in the file, so there are no duplicates. Of course, the inode structure used to hold the file s pointers is allocated in a different format. (b) On open, no special action is required. The file s inode will not itself be deduplicated, and open will only reference the inode. (c) On read, the pointer for the requested block is followed either to a standard data block or to a dedup pointer, which in turn is followed to the duplicated data block. In either case, the actual data is returned to the user without indication of whether it went through a dedup pointer. (d) On write, there are several possibilities. A write to a brand new block should wait till the block is filled. Once filled, the block s data is hashed and checked against the dedup table. If a duplicate is found, the file s pointer for the block is set to the dedup table entry. On write to a block that is currently dedupped, a new copy of the block must be made and the final state of the block run through deduplication. It is unlikely to match the old hash (since some data was written), but it might match another. On a write to a block that is not currently deduplicated, we check for duplication at the usual moment, possibly replacing the pointer to a data block to a point to a dedup hash entry. (e) On unlink, we must check all the data blocks of the file to see which, if any, were deduplicated. If some were, we need to decrement the reference count of those blocks in the table of hash entries. Should any reference counts go to zero there as a result, we need to free the actual data block associated with it and free the entry in the table. f. (2 points) In many ways, dedupping will not affect consistency. It will have some minor costs. First, the update of a file s state is now potentially a bit more complex, since not only a file s inode and data block must be consistently written, but also the dedup table entry. Second, if there is corruption in one block of the disk, and that block is either in the dedup table or in one of the duplicated blocks, more files will be affected. On the up side, corruption in a duplicated block will be easy to detect, since the dedup table contains a hash of the proper contents of the block. g. (3 points) Dedup should perform very well on flash, but might run into some problems on hard disks. By its nature, it will be impossible to ensure that a duplicated block is located in close physical proximity to all files that share it. So for some files, some blocks will require long seeks to access them. But it doesn t really matter where the data is located for a file in the flash memory, since access times are constant for all of them. As a minor point, flash wear issues will likely be improved by dedup, since we can avoid writing multiple copies of a block when it is duplicated.

2. Each of the following three situations poses interesting allocation or locking problems (figuring out what or how to lock while avoiding deadlocks, hangs and bottlenecks). For each resource, (1) describe the best approach (2) justify why the situation demanded this approach, and (3) tell me specifically how you would apply that approach to the problem. (a) A cellular communications processor that controls calls, power-levels, and the movement of calls across adjacent cells supports millions of calls and hundreds of concurrent operations. To prevent conflicting updates, there are locks associated with each transceiver, call, and cellular sector. Some operations start by locking a single object (e.g., a call) but as they progress it becomes clear that it will also be necessary to lock other objects (e.g., one or more sectors). How can we prevent concurrent multi-object operations from deadlocking? In this situation, I would use total ordering (since sharing is not an option, all-up-front is precluded by the problem, and revocation is always nasty). I would define a relative ordering among the types of objects (e.g. transceivers, calls, sectors) and an ordering within each type of object, and then require processes that locked objects to always lock them in order. If a process holds a higher numbered mutex and needs to get a lower numbered one, it must release the higher numbered one, take the lower numbered one, and then re-take the higher numbered one (lock dancing). Note that when releasing a mutex for a lock dance, there is a possibility that someone else will get it, and therefore the resource must be in a completely consistent state when the mutex is released. Similarly, when it is reobtained, the program cannot assume that it was not changed in the interim. (b) Swap space on secondary storage. If there is not room on the swap device to swap out one of the in-memory processes, we will be unable to make room to swap in and run any of the processes that are currently swapped out. How can we prevent such a situation? Swap space is a commodity resource, and as such much easier to manage. I would avoid deadlocks by requiring reservations be obtained whenever a process is created or expands the size of its virtual address space. The banker's algorithm would work in this situation, but I would not allow any over-booking. I would only allow processes virtual addresses to be created/expanded as long as there was guaranteed swap-space for them... after which I would fail subsequent requests. (c) A network lock manager provides locking services for a very wide range of distributed resources that are shared by thousands of clients. The clients are a wide variety of applications running on many different operating systems, and not all of the resources they need are managed by the network lock manager. How can we ensure network locks will not contribute to deadlocks among the client applications?

Mutual exclusion is surely necessary, and since the applications are running on different operating systems and machines, we probably can't prevent them from blocking while holding network locks. Because the managed resources are arbitrary (and only some of them are owned by the lock manager), that probably makes ordering impractical. This leaves us with preemption. We should implement leases with lock breaking.

2. A company with around 500 employees in several offices around the globe wishes to provide its employees with a wide range of software services hosted at several company server machines. They expect to add, remove, and alter services regularly, and they expect to host hundreds of such services. They wish to maintain tight access control on the services, with much more specificity than merely enforcing that particular users are or are not allowed to use the service. Instead, for each service, the service designer must be allowed to specify particular elements of the service that are under access control. (For example, one service might want access control on whether the user is allowed to print results from the service, while another might want access control on whether a particular user is allowed to escalate a problem to a higher ranking employee, and a third service might use access control to permit only system administrators to determine how much of a server s CPU use a particular user is expending, while not allowing the administrators to see the specific tasks being performed.) Since the company doesn t know all services they will ultimately offer, they cannot specify all service elements that might need access control, but they know that not all services will need access control for all possible elements. The service designer should be able to specify which actions offered by his service are under access control. (For instance, service A might want access control on printing, while service B does not.) The access control mechanism is to be built into the operating system, to ensure trustworthiness, uniformity, and to protect from application bugs. Users will occasionally be added or deleted, and access permissions for particular users and services will change often. How would you design the operating system mechanism to provide this kind of access control? Consider the required scale, flexibility, performance, distributed nature of the problem, and security issues, at the minimum. It is vital to notice that we are asking for the OS to perform access control on arbitrary pieces of user code, which means that the OS must take over when those pieces of code are invoked. Thus, a good answer to this question requires that you describe how the operating system will become involved so that it can perform access control. One general approach is to register this code with the OS and add system calls to obtain access to it. Another approach is to use the distributed nature of the system to force actions through the OS, by requiring messaging to access the protected code. When the message is delivered, the OS will have a chance to perform access control before invoking the code. Other approaches are possible. Assuming the second approach, we should have a new set of system calls related to these types of access permission. Probably it would be best to specify that there are particular portions of a program that can only be accessed by remote users by going through the operating system first. The cost won t be that high, since the remote users are getting to the services by sending messages to the server, which already go through the OS. The messages can be delivered first to the OS component that performs the access control and, if allowed, then delivered to the application.

One set of system calls will require the applications to register a service as under access control. This might be something similar to setting up a socket, but with the understanding that access control has been applied to anything that comes through it. We will also need calls that change the particular access permissions associated with the socket or whatever it is. While one could limit such calls to being made from inside the program that provides the service, it would be easier to build such programs and manage the system if the access permissions could be changed by a system administrator. That implies some kind of persistent information about the access permissions for the service, since they need to be around even if the service is not running. An obvious choice would be to store them in a file that is only accessible by trusted administrators and the system itself. The tools would then read and write the files. From the scalability perspective, this would work reasonably well. Each service (or service element) being controlled would have one file with its access permissions, which would need to be stored on the server that runs the service. File systems handle scale well. Only access control files associated with active services would need to be opened and accessed, so the costs of the I/O would be low. Presumably services in high use would have their access permissions stored in the block I/O cache, limiting further the I/O required. In terms of performance, this approach would work well. There need not be any extra kernel boundary crossings, since the permissions would be checked when messages arrive, which are handled in the OS itself. The permission information would usually be cached in RAM. If the checking mechanism is designed to be cheap, in the manner of Unix file access permissions, the costs of the checks themselves would be low. Applications would not need to perform internal checks, since any requests for protected services that were delivered to the application had already been checked. Distribution issues are reasonable. Services are accessed by messages, and access control is applied to each incoming message. This would require some kind of common name space for remote users, which is reasonable in the environment in question. We can replicate services, as necessary for scaling and load management, since each server will handle its own access control. There would be issues of ensuring consistency of access permission across replicated servers, if we support them, but if we assume changes of access permissions are not common and can be handled with a consensus protocol, that can work. If each message is self-contained and comes with the necessary trusted identity information, we don t need to worry about failure or saving state. Security will depend on proper authentication. The method used is more or less orthogonal to the rest of the design, but something must be done. Presumably we will want some kind of primal authentication operation for users. This would generate credentials useful for ongoing authentication. We could use authentication servers. We could require each service to perform a login operation (perhaps to invoke a common one used by all services) that generates credentials that expire. We could require remote users to establish an authenticated session with each server, with ongoing crypto providing the

authentication after that point. Other approaches are possible. Any reasonable choice is sufficient. The student must also indicate that messages cannot be tampered with in transit, since that could lead to improper use of a controlled service. This sample answer contains a lot of detail, more than I would expect from any student. However, each issue that was mentioned in the question had to be discussed in at least a little detail to get full points. There are entirely different approaches to this problem, which are also OK, to the extent they are developed correctly and address the required issues.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback