+ All Categories
Home > Documents > CS444/CS544 Operating Systems File Systems & Protection 4/20/2007 Prof. Searleman [email protected].

CS444/CS544 Operating Systems File Systems & Protection 4/20/2007 Prof. Searleman [email protected].

Date post: 20-Dec-2015
Category:
View: 222 times
Download: 0 times
Share this document with a friend
Popular Tags:
50
CS444/CS544 Operating Systems File Systems & Protection 4/20/2007 Prof. Searleman [email protected]
Transcript

CS444/CS544Operating Systems

File Systems & Protection

4/20/2007

Prof. Searleman

[email protected]

Outline Secondary Storage

Disk Scheduling SSTF, SCAN, C-SCAN, LOOK, C-LOOK

Disk Management formatting, partitioning, booting, swap-space

Storage Area Network Stable Storage Intro to Security & Protection

File Protection

Read: Disk scheduling: Chapter 12, sections 12.1 – 12.4 Chapters 14 & 15

12.3 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

SCANSCAN

The disk arm starts at one end of the disk, and moves toward the other end, servicing requests until it gets to the other end of the disk, where the head movement is reversed and servicing continues.

Sometimes called the elevator algorithm.

Illustration shows total head movement of 208 cylinders.

12.4 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

SCAN (Cont.)SCAN (Cont.)

12.5 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

C-SCANC-SCAN

Provides a more uniform wait time than SCAN.

The head moves from one end of the disk to the other. servicing requests as it goes. When it reaches the other end, however, it immediately returns to the beginning of the disk, without servicing any requests on the return trip.

Treats the cylinders as a circular list that wraps around from the last cylinder to the first one.

12.6 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

C-SCAN (Cont.)C-SCAN (Cont.)

12.7 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

C-LOOKC-LOOK

Version of C-SCAN

Arm only goes as far as the last request in each direction, then reverses direction immediately, without first going all the way to the end of the disk.

12.8 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

C-LOOK (Cont.)C-LOOK (Cont.)

12.9 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

Selecting a Disk-Scheduling AlgorithmSelecting a Disk-Scheduling Algorithm

SSTF is common and has a natural appeal

SCAN and C-SCAN perform better for systems that place a heavy load on the disk.

Performance depends on the number and types of requests.

Requests for disk service can be influenced by the file-allocation method.

The disk-scheduling algorithm should be written as a separate module of the operating system, allowing it to be replaced with a different algorithm if necessary.

Either SSTF or LOOK is a reasonable choice for the default algorithm.

12.10 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

Disk ManagementDisk Management

Low-level formatting, or physical formatting — Dividing a disk into sectors that the disk controller can read and write.

To use a disk to hold files, the operating system still needs to record its own data structures on the disk. Partition the disk into one or more groups of cylinders. Logical formatting or “making a file system”.

Boot block initializes system. The bootstrap is stored in ROM. Bootstrap loader program.

Methods such as sector sparing used to handle bad blocks.

12.11 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

Swap-Space ManagementSwap-Space Management

Swap-space — Virtual memory uses disk space as an extension of main memory.

Swap-space can be carved out of the normal file system,or, more commonly, it can be in a separate disk partition.

Swap-space management 4.3BSD allocates swap space when process starts;

holds text segment (the program) and data segment. Kernel uses swap maps to track swap-space use. Solaris 2 allocates swap space only when a page is

forced out of physical memory, not when the virtual memory page is first created.

12.12 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

Network-Attached StorageNetwork-Attached Storage

Network-attached storage (NAS) is storage made available over a network rather than over a local connection (such as a bus)

NFS and CIFS are common protocols Implemented via remote procedure calls (RPCs) between host

and storage New iSCSI protocol uses IP network to carry the SCSI protocol

12.13 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

Storage Area NetworkStorage Area Network

Common in large storage environments (and becoming more common)

Multiple hosts attached to multiple storage arrays - flexible

12.14 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

RAID StructureRAID Structure

RAID – multiple disk drives provides reliability via redundancy.

RAID is arranged into six different levels.

Several improvements in disk-use techniques involve the use of multiple disks working cooperatively.

Disk striping uses a group of disks as one storage unit.

RAID schemes improve performance and improve the reliability of the storage system by storing redundant data. Mirroring or shadowing keeps duplicate of each disk.

Block interleaved parity uses much less redundancy.

12.15 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

RAID LevelsRAID Levels

RAID (0 + 1) and (1 + 0)RAID (0 + 1) and (1 + 0)

12.16 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

Stable-Storage ImplementationStable-Storage Implementation

Write-ahead log scheme requires stable storage.

To implement stable storage: Replicate information on more than one

nonvolatile storage media with independent failure modes.

Update information in a controlled manner to ensure that we can recover the stable data after any failure during data transfer or recovery.

12.17 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

Tertiary Storage DevicesTertiary Storage Devices

Low cost is the defining characteristic of tertiary storage.

Generally, tertiary storage is built using removable media

Common examples of removable media are floppy disks and CD-ROMs; other types are available.

12.18 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

WORM DisksWORM Disks

The data on read-write disks can be modified over and over.

WORM (“Write Once, Read Many Times”) disks can be written only once.

Thin aluminum film sandwiched between two glass or plastic platters.

To write a bit, the drive uses a laser light to burn a small hole through the aluminum; information can be destroyed by not altered.

Very durable and reliable. Read Only disks, such ad CD-ROM and DVD, come

from the factory with the data pre-recorded.

12.19 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

TapesTapes

Compared to a disk, a tape is less expensive and holds more data, but random access is much slower.

Tape is an economical medium for purposes that do not require fast random access, e.g., backup copies of disk data, holding huge volumes of data.

Large tape installations typically use robotic tape changers that move tapes between tape drives and storage slots in a tape library. stacker – library that holds a few tapes silo – library that holds thousands of tapes

A disk-resident file can be archived to tape for low cost storage; the computer can stage it back into disk storage for active use.

12.20 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

Operating System IssuesOperating System Issues

Major OS jobs are to manage physical devices and to present a virtual machine abstraction to applications

For hard disks, the OS provides two abstraction: Raw device – an array of data blocks.

File system – the OS queues and schedules the interleaved requests from several applications.

12.21 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

Application InterfaceApplication Interface

Most OSs handle removable disks almost exactly like fixed disks — a new cartridge is formatted and an empty file system is generated on the disk.

Tapes are presented as a raw storage medium, i.e., and application does not not open a file on the tape, it opens the whole tape drive as a raw device.

Usually the tape drive is reserved for the exclusive use of that application.

Since the OS does not provide file system services, the application must decide how to use the array of blocks.

Since every application makes up its own rules for how to organize a tape, a tape full of data can generally only be used by the program that created it.

12.22 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

File NamingFile Naming

The issue of naming files on removable media is especially difficult when we want to write data on a removable cartridge on one computer, and then use the cartridge in another computer.

Contemporary OSs generally leave the name space problem unsolved for removable media, and depend on applications and users to figure out how to access and interpret the data.

Some kinds of removable media (e.g., CDs) are so well standardized that all computers use them the same way.

12.23 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

Hierarchical Storage Management (HSM)Hierarchical Storage Management (HSM)

A hierarchical storage system extends the storage hierarchy beyond primary memory and secondary storage to incorporate tertiary storage — usually implemented as a jukebox of tapes or removable disks.

Usually incorporate tertiary storage by extending the file system. Small and frequently used files remain on disk. Large, old, inactive files are archived to the jukebox.

HSM is usually found in supercomputing centers and other large installations that have enormous volumes of data.

12.24 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

ReliabilityReliability

A fixed disk drive is likely to be more reliable than a removable disk or tape drive.

An optical cartridge is likely to be more reliable than a magnetic disk or tape.

A head crash in a fixed hard disk generally destroys the data, whereas the failure of a tape drive or optical disk drive often leaves the data cartridge unharmed.

12.25 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

CostCost

Main memory is much more expensive than disk storage

The cost per megabyte of hard disk storage is competitive with magnetic tape if only one tape is used per drive.

The cheapest tape drives and the cheapest disk drives have had about the same storage capacity over the years.

Tertiary storage gives a cost savings only when the number of cartridges is considerably larger than the number of drives.

12.26 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

Price per Megabyte of DRAM, From 1981 to 2004Price per Megabyte of DRAM, From 1981 to 2004

12.27 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

Price per Megabyte of Magnetic Hard Disk, From 1981 to 2004Price per Megabyte of Magnetic Hard Disk, From 1981 to 2004

12.28 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

Price per Megabyte of a Tape Drive, From 1984-2000Price per Megabyte of a Tape Drive, From 1984-2000

Disk Performance Model /Trends

Capacity+ 100%/year (2X / 1.0 yrs)

Transfer rate (BW)+ 40%/year (2X / 2.0 yrs)

Rotation + Seek time– 8%/year (1/2 in 10 yrs)

MB/$> 100%/year (2X / <1.5 yrs)

Fewer chips + areal density

Two random points Memory: 2 GB, DDR2 SDRAM, $170

$0.85/MB 800 Mb/s

Disk: 320 GB, Seagate Barracuda, $70 $0.0045/MB (less than ½ penny) SATA 3.0 Gb/s 8.5 ms average seek (what is average? Seek time increases

with number of tracks moved but not linearly) 4.16 ms average latency (1/2 rotation at 7200 RPM?) 10 ms average write

Disk/Memory Ratios Price: 1/18 Size: 60/1 Speed (Access time) Speed (Transfer rate)

Disk Performance Example - Revisited From an earlier slide:Disk latency = average seek time + average

rotational delay + transfer time + controller overhead

= 4.9 ms + 0.5 * 1/(10000 RPM) + 0.5 KB / (87 MB/s) + 0.1 ms

= 4.9 ms + 0.5 /(10000 RPM/(60000ms/M)) + 0.5 KB / (87 KB/ms) + 0.1 ms

= 4.9 + 3.0 + 0.0057 + 0.1 ms = 8.0 ms

Fallacy: Use Data Sheet “Average Seek” TimeManufacturers needed standard for fair

comparison (“benchmark”)Calculate all seeks from all tracks, divide by

number of seeks => “average”Real average would be based on how data laid

out on disk, where seek in real applications, then measure performance

Usually, tend to seek to tracks nearby, not to random track

Rule of Thumb: observed average seek time is typically about 1/4 to 1/3 of quoted seek time (i.e., 3X-4X faster)

UltraStar 73 avg. seek: 4.9 ms 1.6 ms

Fallacy: Use Data Sheet Transfer Rate

Manufacturers quote the speed of the data rate off the surface of the disk

Sectors contain an error detection and correction field (can be 20% of sector size) plus sector number as well as data

There are gaps between sectors on track Rule of Thumb: disks deliver about 3/4 of internal media

rate (1.3X slower) for data For example, UlstraStar 73 quotes

49 to 87 MB/s internal media rate Expect 37 to 65 MB/s user data rate

Disk Performance Example – One More Time

Calculate time to read 1 sector for UltraStar 72 again, this time using 1/3 quoted seek time, 3/4 of internal outer track bandwidth; (8.0 ms before)

Disk latency = average seek time + average rotational delay + transfer time + controller overhead

= (0.33 * 4.9 ms) + 0.5 * 1/(10000 RPM) + 0.5 KB / (0.75 * 87 MB/s) + 0.1 ms

= 1.62 ms + 0.5 /(10000 RPM/(60000ms/M)) + 0.5 KB / (65 KB/ms) + 0.1 ms

= 1.62 + 3.0 + 0.0077 + 0.1 ms = 4.73 ms

Security & Protection

Security & Protection

Security – overall problem of ensuring that resources (files, cpus, memory, etc.) are accessed only by authorized users e.g. PC in lecture room was stolen

Protection – OS mechanisms to provide security for the enforcement of policies governing use e.g. What is the policy regarding e-mail?

Protection

Protecting processes/users from each other is one of the core OS responsibilities

Control access of processes or users to resources of the computer system (both HW and SW) Ensure resources are operated on by only those

processes that have gained proper authorization Enforcing resource limits

Cross-cutting issue

CPU Scheduling Protection by timer interrupts and OS scheduling policy

Process Management Protection by access control and enforcement of resource

limits (most OS?) Virtual Memory

Protection by inability to name other processes memory space

File System User defined access controls per file/directory

Note: Synchronization more voluntary protection by observing rules within a set of processes/threads that share data (Monitors maybe protection?)

How to do protection?

From that brief survey of OS topics it is clear that protection can be accomplished in many ways Protection can be based on the design of the system which

makes access impossible (can’t even name things you shouldn’t access) e.g. VM

Protection can be controllable by an OS wide policy (OS controls resource allocation) e.g. timer interrupts

Protection can be controlled by user definable access controls e.g. User can set FS access controls

Implies ability to deny authorized access! Ability to enforce the policy!

Principles

Generally the more restrictive the system the more protection

“Need to know” principle says only grant those rights absolutely necessary to accomplish a task Start out granting none and see where it breaks, add the

smallest new privileges as possible Ex. If a process only needs to read/write one specific file

then don’t give it access to all the user’s files Ex. Don’t give full root privileges just because need to open

a port < 1024

Policy vs Mechanism Mechanism says “what types of access are possible” and

“defines the means for identifying authorized vs unauthorized access”

Policy says “which processes/users should have which kinds of access”

When building system best to make mechanism match the problem domain rather than a particular desired policy More flexible if separate mechanism from policy!

Example: if your mechanism does not distinguish between read and execute rights then impossible to hand out one without the other; if mechanism does distinguish then policy may never choose to hand out one without the other but it could

Types of access

The possible types of access depend on the resource CPUs can be executed upon File can be read/written/executed Directories can be read/inserted into/deleted

from/traversed without displaying all Tape drives can be read/written/rewound

Begin by thinking about all the possible actions you might want to allow/disallow on an object

Example: File Sharing & Protection

File Sharing Sharing of files on multi-user systems is desirable Sharing may be done through a protection

scheme On distributed systems, files may be shared

across a network Network File System (NFS) is a common

distributed file-sharing method

10.44 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

File Sharing – Remote File SystemsFile Sharing – Remote File Systems

Uses networking to allow file system access between systems Manually via programs like FTP Automatically, seamlessly using distributed file systems Semi automatically via the world wide web

Client-server model allows clients to mount remote file systems from servers Server can serve multiple clients Client and user-on-client identification is insecure or complicated NFS is standard UNIX client-server file sharing protocol CIFS is standard Windows protocol Standard operating system file calls are translated into remote calls

Distributed Information Systems (distributed naming services) such as LDAP, DNS, NIS, Active Directory implement unified access to information needed for remote computing

10.45 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

File Sharing – Consistency SemanticsFile Sharing – Consistency Semantics

Consistency semantics specify how multiple users are to access a shared file simultaneously

Similar to Ch 7 process synchronization algorithms Tend to be less complex due to disk I/O and network latency

(for remote file systems

Andrew File System (AFS) implemented complex remote file sharing semantics

Unix file system (UFS) implements: Writes to an open file visible immediately to other users of the

same open file Sharing file pointer to allow multiple users to read and write

concurrently

AFS has session semantics Writes only visible to sessions starting after the file is closed

10.46 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

File ProtectionFile Protection

File owner/creator should be able to control: what can be done

by whom

Types of access Read

Write

Execute

Append

Delete

List

10.47 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

Access Lists and GroupsAccess Lists and Groups Mode of access: read, write, execute Three classes of users

RWXa) owner access 7 1 1 1

RWXb) group access 6 1 1 0

RWXc) public access 1 0 0 1

Ask manager to create a group (unique name), say G, and add some users to the group.

For a particular file (say game) or subdirectory, define an appropriate access.

owner group public

chmod 761 game

Attach a group to a file chgrp G game

10.48 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

Windows XP Access-control List ManagementWindows XP Access-control List Management

10.49 Silberschatz, Galvin and Gagne ©2005Operating System Concepts

A Sample UNIX Directory ListingA Sample UNIX Directory Listing

Andrew File System - ACL


Recommended