Accounting, Protection, Security

andMore Fault Handling

Gotchas

May 26, 2000

Instructor: Gary

Kimura

204/18/23

Today’s Topics

• Accounting

• Protection and security

• Handling faults

304/18/23

Accounting Systems

• In large old computing centers accounting systems were very common. – Not that applicable in a PC environment. – But again useful in a network

• The task was not necessarily to restrict usage but to hold individual users accountable for their usage of the system

• Why?– Charge back to make money– Monitor system usage monitoring– When to buy a bigger system– Locate usage hogs

404/18/23

Things to measure

• We measure things that give us a metric for overall and specific system usage– CPU Usage– Main Memory Usage– Disk Usage– Paper Usage– Connect time usage

• How to do the measurement is mostly pretty obvious but not always…

504/18/23

Quotas

• A means of limiting resource usage by an individual or a group

• Typical quota items include– Disk usage– Memory usage– Open handle usage– Mail box usage

• Either the system prohibits a user’s usage from exceeding their quota or sounds a lot of bells and whistles when they do

604/18/23

Protection and Security

• “Don’t trust anyone”– Naïve user with dumb mistakes– Destructive malicious user

• DOD security levels (A – D)– D: least protected system (MS-DOS pass any tests)– C: discretionary protection and accountability with two

subgroups (C1 and C2)– B: mandatory protection (security levels)– A: highest level of security

704/18/23

Protection put on objects and users

– Access control lists– Identify either a group or a individual user– Indicates if access is allowed or denied

– Object reuse– Be sure to clear out memory and secondary storage

before reusing objects space

– Revocation– Each user/process has an ID and usually a list of access

rights– Some systems allow the system to revoke the access

rights to an existing process, some systems do not

804/18/23

More security issues

– Authentication– Password, etc

– Program threats– Trojan Horses– Trap doors

– System threats– Worms– Viruses

– Encryption– Denial of service attacks

904/18/23

Places where page faults occur

• User invoked faults– Code– Data– Both

• Kernel invoked faults– Code– Data– Both

1004/18/23

Double faults

• In some systems it is okay for a page fault handler to itself cause a fault

• There is somewhat a chicken and egg problem that needs to be addressed

• Eventually the last fault needs all of its data code to be resident in memory

• It is possible to pin down your code and data, however doing so usually takes more CPU cycles than it’s worth. So just make the code nonpaged to start with.

1104/18/23

Collided page faults

• When two processes both fault in the same page at the same time we can come up with a collided page fault.

• The same can happen if one process touches a page while the fault is almost through being handled

1204/18/23

Things to come

• Distributed Systems

• RPC

• Review

• Final exam day