Operating

Systems:
Internals Unit I
and Design
Principles Operating System
Overview
Seventh Edition
By William Stallings
 Operating System
A program that controls the execution of
application programs
 An interface between applications and hardware
Main objectives of an OS:

• Convenience
• Efficiency
• Ability to evolve
 Program development
 Program execution
 Access I/O devices
 Controlled access to files
 System access
 Error detection and response
 Accounting
 Key Interfaces

 Instruction set architecture (ISA)

 Application binary interface (ABI)
 Application programming interface (API)
A computer is a set of resources for the
movement, storage, and processing of
data
 TheOS is responsible for managing
these resources
 Functionsin the same way as ordinary
computer software
 Program, or suite of programs, executed
by the processor
 Frequentlyrelinquishes control and must
depend on the processor to allow it to
regain control
Evolution of Operating
Systems
 A major OS will evolve over time for a
number of reasons:
Hardware upgrades

New types of hardware

New services

Fixes
 Evolution of
Operating Systems
 Stages include:

Time
Sharing
Multiprogrammed Systems
Batch Systems
Simple Batch
Systems
Serial
Processing
 Serial Processing
Earliest Computers: Problems:
 Scheduling:
 No operating system
 most installations used a
 programmers interacted
hardcopy sign-up sheet to
directly with the computer
reserve computer time
hardware
 time allocations could
 Computers ran from a console run short or long,
with display lights, toggle resulting in wasted
switches, some form of input computer time
device, and a printer
 Setup time
 Users have access to the
computer in “series”  a considerable amount of
time was spent just on setting
up the program to run
 Simple Batch Systems

 Early computers were very expensive

 important to maximize processor utilization

 Monitor
 user no longer has direct access to processor
 job is submitted to computer operator who batches them
together and places them on an input device
 program branches back to the monitor when finished
 Monitor controls the sequence
of events
 Resident Monitor is software
always in memory
 Monitor reads in job and gives
control
 Job returns control to monitor
 Processor executes instruction from the memory
containing the monitor
 Executes the instructions in the user program until it
encounters an ending or error condition
 “control is passed to a job” means processor is fetching and
executing instructions in a user program
 “control is returned to the monitor” means that the processor
is fetching and executing instructions from the monitor
program
Memory protection for monitor

• while the user program is executing, it must not alter the memory area
containing the monitor

Timer

• prevents a job from monopolizing the system

Privileged instructions

• can only be executed by the monitor

Interrupts

• gives OS more flexibility in controlling user programs

 Modes of Operation

User Mode Kernel Mode

• user program executes in
user mode
• certain areas of memory are
protected from user access
• certain instructions may not
be executed
• monitor executes in kernel
mode
• privileged instructions may
be executed
• protected areas of memory
may be accessed
 Simple Batch System
Overhead
 Processor time alternates between execution of user
programs and execution of the monitor
 Sacrifices:
 some main memory is now given over to the monitor
 some processor time is consumed by the monitor

 Despite overhead, the simple batch system improves

utilization of the computer
Multiprogrammed
Batch Systems
 Processor is
often idle
 even with
automatic
job
sequencing
 I/O devices
are slow
compared to
processor
 The processor spends a certain amount of
time executing, until it reaches an I/O
instruction; it must then wait until that I/O
instruction concludes before proceeding
 There must be enough memory to hold the OS (resident monitor)
and one user program
 When one job needs to wait for I/O, the processor can switch to
the other job, which is likely not waiting for I/O
 Multiprogramming
 also known as multitasking
 memory is expanded to hold three, four, or more programs
and switch among all of them
 Can be used to handle multiple interactive jobs
 Processor time is shared among multiple users
 Multiple users simultaneously access the
system through terminals, with the OS
interleaving the execution of each user
program in a short burst or quantum of
computation
 Operating
Systems are among the most
complex pieces of software ever developed
Major advances in
development include:
• Processes
• Memory management
• Information protection and
security
• Scheduling and resource
management
• System structure
 Fundamental to the structure of operating systems

A process can be defined as:

a program in execution
an instance of a running program

the entity that can be assigned to, and executed on, a processor

a unit of activity characterized by a single sequential thread of execution, a

current state, and an associated set of system resources
 Development of the
Process
 Three major lines of computer system development
created problems in timing and synchronization that
contributed to the development:
multiprogramming batch operation
• processor is switched among the various programs residing in main
memory

time sharing
• be responsive to the individual user but be able to support many users
simultaneously

real-time transaction systems

• a number of users are entering queries or updates against a database
 Causes of Errors
 Improper
synchronization
 a program must wait until the
data are available in a buffer
 improper design of the
signaling mechanism can
result in loss or duplication
 Failed mutual exclusion
 more than one user or
program attempts to make
use of a shared resource at
the same time
 only one routine at at time
allowed to perform an
update against the file
 Nondeterminate
program operation
 program execution is
interleaved by the processor
when memory is shared
 the order in which programs
are scheduled may affect their
outcome
 Deadlocks
 it is possible for two or more
programs to be hung up
waiting for each other
 may depend on the chance
timing of resource allocation
and release
 A process contains
three components:
 an executable program
 the associated data
needed by the program
(variables, work space,
buffers, etc.)
 the execution context
(or “process state”) of
the program
 The execution context is
essential:
 it is the internal data by
which the OS is able to
supervise and control the
process
 includes the contents of the
various process registers
 includes information such as
the priority of the process and
whether the process is waiting
for the completion of a
particular I/O event
 The
OS has five principal storage
management responsibilities:

automatic
support of protection
process allocation long-term
modular and access
isolation and storage
programming control
management
A facility that allows programs to address
memory from a logical point of view, without
regard to the amount of main memory
physically available
 Conceived to meet the requirement of having
multiple user jobs reside in main memory
concurrently
 Allows processes to be comprised of a number of fixed-
size blocks, called pages
 Program references a word by means of a virtual address
 consists of a page number and an offset within the page
 each page may be located anywhere in main memory

 Provides for a dynamic mapping between the virtual

address used in the program and a real (or physical)
address in main memory
 The nature of the
threat that concerns
an organization will Main
vary greatly issues availability
depending on the
circumstances
authenticity confidentiality
 The problem involves
controlling access to data
computer systems integrity
and the information
stored in them
 Scheduling and
Resource Management
 Keyresponsibility of an OS is managing
resources
 Resource allocation policies must consider:

fairness
efficiency

differential
responsiveness
 Technique in which a process, executing an application, is
divided into threads that can run concurrently

Thread
• dispatchable unit of work
• includes a processor context and its own data area to enable subroutine
branching
• executes sequentially and is interruptible
Process
• a collection of one or more threads and associated system resources
• programmer has greater control over the modularity of the application and the
timing of application related events
 Symmetric Multiprocessor
OS Considerations
 A multiprocessor OS must provide all the functionality of a multiprogramming
system plus additional features to accommodate multiple processors

 Key design issues:

Simultaneous Scheduling Memory Reliability

concurrent Synchronization
management and fault
processes or tolerance
any
threads with multiple the reuse of
processor
may perform active processes physical
kernel routines having potential pages is the the OS
need to be scheduling,
which access to shared biggest should
reentrant to address spaces problem of provide
allow several complicates
the task of or shared I/O concern graceful
processors to resources, care degradation
execute the enforcing a
scheduling must be taken to in the face of
same kernel provide effective processor
code policy
synchronization failure
simultaneously
 Multicore OS
Considerations
 The design challenge for a
many-core multicore system is
to efficiently harness the hardware parallelism within
multicore processing power each core processor, known as
and intelligently manage the instruction level parallelism

substantial on-chip resources

efficiently potential for multiprogramming
and multithreaded execution
 Potential for parallelism exists within each processor
at three levels:
potential for a single application
to execute in concurrent
processes or threads across
multiple cores
 MS-DOS 1.0 released in 1981  Windows 2000
 4000 lines of assembly language so  included services and functions to s
urce code
upport distributed processing
 ran in 8 Kbytes of memory
 Active Directory
 used Intel 8086 microprocessor
 plug-and-play and power-managem
 Windows 3.0 shipped in 1990 ent facilities
 16-bit
 Windows XP released in 2001
 GUI interface
 goal was to replace the versions of
 implemented as a layer on top of
Windows based on MS-DOS with a
MS-DOS n OS based on NT
 Windows 95  Windows Vista shipped in 2007
 32-bit version
 led to the development of Windows
 Windows Server released in 2008
98 and Windows Me
 Windows 7 shipped in 2009, as well
 Windows NT (3.1) released in 1993 as Windows Server 2008 R2
 32-bit OS with the ability to support  Windows Azure
older DOS and Windows applicatio
ns as well as provide OS/2 suppor  targets cloud computing
t
 Windows
Architecture
Kernel-mode components
1) Executive: contains core
system services
2) kernel: controls CPUs:
scheduling, process
switching, interrupts, etc.
3) HAL
4) Device drivers
5) Windowing, graphics
 Process
 A process is a program in execution.

 The execution of a process must progress in a

sequential fashion.

 Definition of process is following.

“A process is defined as an entity which represents the

basic unit of work to be implemented in the system”
 Components of process
Component Description
Object
Code to be executed.
Program
Data
Data to be used for executing the program.
Resources
While executing the program, it may require some resources.

Verifies the status of the process execution. A process can run

to completion only when all requested resources have been
Status
allocated to the process. Two or more processes could be
executing the same program, each using their own data and
resources.
 Program
 A program by itself is not a process. It is a static entity made
up of program statement while process is a dynamic entity.

 Program contains the instructions to be executed by processor.

 A program takes a space at single place in main memory and

continues to stay there.

 A program does not perform any action by itself.

 Process States
 As a process executes, it changes state. The state of a
process is defined as the current activity of the
process.

 Process can have one of the following five states at a

time.
 Process States
State Description
New
The process is being created.

The process is waiting to be assigned to a processor. Ready

Ready
processes are waiting to have the processor allocated to
them by the operating system so that they can run.

Running Process instructions are being executed (i.e. The process

that is currently being executed).

Waiting The process is waiting for some event to occur (such as the
completion of an I/O operation).
Terminated
The process has finished execution.
Five State Process
Process Control Block, PCB
 Each process is represented in the operating system
by a process control block (PCB) also called a task
control block.

 PCB is the data structure used by the operating

system.

 Operating system groups all information that needs

about particular process.
Information Description

Pointer Pointer points to another process control block. Pointer is used for maintaining
the scheduling list.
Process State Process state may be new, ready, running, waiting and so on.

Program Counter indicates the address of the next instruction to be executed

Program Counter
for this process.

CPU registers include general purpose register, stack pointers, index registers
CPU registers and accumulators etc. number of register and type of register totally depends
upon the computer architecture.

This information may include the value of base and limit registers, the page
Memory
tables, or the segment tables depending on the memory system used by the
management
operating system. This information is useful for deallocating the memory when
information
the process terminates.

Accounting This information includes the amount of CPU and real time used, time limits,
information job or process numbers, account numbers etc.
Process Control Block
(PCB)
 Process control block includes CPU scheduling, I/O
resource management, file management information
etc..

 The PCB serves as the repository for any information

which can vary from process to process.

 Loader/linker sets flags and registers when a process

is created.
Process Control Block
(PCB)
 If that process get suspended, the contents of the
registers are saved on a stack and the pointer to the
particular stack frame is stored in the PCB.

 By this technique, the hardware state can be restored

so that the process can be scheduled to run again.
 Security Issues
 An OS associates a set of privileges with each
process
 Typically a process that executes on behalf of a user
has the privileges that the OS recognizes for that user
 Highest level of privilege is referred to as
adminstrator, supervisor, or root access
 A key security issue in the design of any OS is
to prevent, or at least detect, attempts by a user or
a malware from gaining
unauthorized privileges on the
system and from gaining root access
 System Access Threats
 Often referred to as a hacker or cracker

 Objective is to gain access to a system or to increase the range of

privileges accessible on a system

 Attempts to acquire information that should have been protected

 Intruders  Malicious Software

Classes:
Categories:
• Masquerader
• Misfeasor • those that need a host program (parasitic)
• Clandestine user • viruses, logic bombs, backdoors
• those that are independent
• worms, bots
 Countermeasures:
Intrusion Detection
 “A security service that monitors and analyzes system events for
the purpose of finding, and providing real-time or near real-time
warning of, attempts to access system resources in an
unauthorized manner” (RFC 2828)

 May be host or network based

 An intrusion detection system (IDS) comprises three logical

components:

user
sensors analyzers
interface

 IDSs are typically designed to detect human intruder behavior as

well as malicious software behavior
 Countermeasures:
Authentication
 “The process of verifying an identity claimed by or
for a system entity.” (RFC2828)

 An authentication process consists of two steps:

 Identification
 Verification

 Four general means of authenticating a user’s

identity:
 something
the
individual
knows
something
the
individual is
(static
biometrics)

something the something the

individual individual does
possesses (dynamic
biometrics)
 Countermeasures:
Access Control
 Implements a security policy that specifies who or
what may have access to each specific system
resource and the type of access that is permitted in
each instance

 Mediates between a user and system resources

 A security administrator maintains an authorization

database

 An auditing function monitors and keeps a record of

user accesses to system resources
 Countermeasures:
Firewalls

• interfaces with computers

A dedicated outside a network
• has special security
computer precautions built into it to
protect sensitive files on
that: computers within the network

• all traffic must pass through

Design the firewall
• only authorized traffic will be
goals of a allowed to pass
firewall: • immune to penetration