Slide 1

CS444/CS544 Operating Systems File Systems & Protection 4/20/2007 Prof. Searleman jets@clarkson.edu

Slide 2

Outline Secondary Storage Disk Scheduling SSTF, SCAN, C-SCAN, LOOK, C-LOOK Disk Management formatting, partitioning, booting, swap-space Storage Area Network Stable Storage Intro to Security & Protection File Protection Read: Disk scheduling: Chapter 12, sections 12.1 12.4 Chapters 14 & 15

Slide 3

12.3 Silberschatz, Galvin and Gagne 2005 Operating System Concepts SCAN The disk arm starts at one end of the disk, and moves toward the other end, servicing requests until it gets to the other end of the disk, where the head movement is reversed and servicing continues. Sometimes called the elevator algorithm. Illustration shows total head movement of 208 cylinders.

Slide 4

12.4 Silberschatz, Galvin and Gagne 2005 Operating System Concepts SCAN (Cont.)

Slide 5

12.5 Silberschatz, Galvin and Gagne 2005 Operating System Concepts C-SCAN Provides a more uniform wait time than SCAN. The head moves from one end of the disk to the other. servicing requests as it goes. When it reaches the other end, however, it immediately returns to the beginning of the disk, without servicing any requests on the return trip. Treats the cylinders as a circular list that wraps around from the last cylinder to the first one.

Slide 6

12.6 Silberschatz, Galvin and Gagne 2005 Operating System Concepts C-SCAN (Cont.)

Slide 7

12.7 Silberschatz, Galvin and Gagne 2005 Operating System Concepts C-LOOK Version of C-SCAN Arm only goes as far as the last request in each direction, then reverses direction immediately, without first going all the way to the end of the disk.

Slide 8

12.8 Silberschatz, Galvin and Gagne 2005 Operating System Concepts C-LOOK (Cont.)

Slide 9

12.9 Silberschatz, Galvin and Gagne 2005 Operating System Concepts Selecting a Disk-Scheduling Algorithm SSTF is common and has a natural appeal SCAN and C-SCAN perform better for systems that place a heavy load on the disk. Performance depends on the number and types of requests. Requests for disk service can be influenced by the file-allocation method. The disk-scheduling algorithm should be written as a separate module of the operating system, allowing it to be replaced with a different algorithm if necessary. Either SSTF or LOOK is a reasonable choice for the default algorithm.

Slide 10

12.10 Silberschatz, Galvin and Gagne 2005 Operating System Concepts Disk Management Low-level formatting, or physical formatting Dividing a disk into sectors that the disk controller can read and write. To use a disk to hold files, the operating system still needs to record its own data structures on the disk. Partition the disk into one or more groups of cylinders. Logical formatting or making a file system. Boot block initializes system. The bootstrap is stored in ROM. Bootstrap loader program. Methods such as sector sparing used to handle bad blocks.

Slide 11

12.11 Silberschatz, Galvin and Gagne 2005 Operating System Concepts Swap-Space Management Swap-space Virtual memory uses disk space as an extension of main memory. Swap-space can be carved out of the normal file system,or, more commonly, it can be in a separate disk partition. Swap-space management 4.3BSD allocates swap space when process starts; holds text segment (the program) and data segment. Kernel uses swap maps to track swap-space use. Solaris 2 allocates swap space only when a page is forced out of physical memory, not when the virtual memory page is first created.

Slide 12

12.12 Silberschatz, Galvin and Gagne 2005 Operating System Concepts Network-Attached Storage Network-attached storage (NAS) is storage made available over a network rather than over a local connection (such as a bus) NFS and CIFS are common protocols Implemented via remote procedure calls (RPCs) between host and storage New iSCSI protocol uses IP network to carry the SCSI protocol

Slide 13

12.13 Silberschatz, Galvin and Gagne 2005 Operating System Concepts Storage Area Network Common in large storage environments (and becoming more common) Multiple hosts attached to multiple storage arrays - flexible

Slide 14

12.14 Silberschatz, Galvin and Gagne 2005 Operating System Concepts RAID Structure RAID multiple disk drives provides reliability via redundancy. RAID is arranged into six different levels. Several improvements in disk-use techniques involve the use of multiple disks working cooperatively. Disk striping uses a group of disks as one storage unit. RAID schemes improve performance and improve the reliability of the storage system by storing redundant data. Mirroring or shadowing keeps duplicate of each disk. Block interleaved parity uses much less redundancy.

Slide 15

12.15 Silberschatz, Galvin and Gagne 2005 Operating System Concepts RAID Levels RAID (0 + 1) and (1 + 0)

Slide 16

12.16 Silberschatz, Galvin and Gagne 2005 Operating System Concepts Stable-Storage Implementation Write-ahead log scheme requires stable storage. To implement stable storage: Replicate information on more than one nonvolatile storage media with independent failure modes. Update information in a controlled manner to ensure that we can recover the stable data after any failure during data transfer or recovery.

Slide 17

12.17 Silberschatz, Galvin and Gagne 2005 Operating System Concepts Tertiary Storage Devices Low cost is the defining characteristic of tertiary storage. Generally, tertiary storage is built using removable media Common examples of removable media are floppy disks and CD-ROMs; other types are available.

Slide 18

12.18 Silberschatz, Galvin and Gagne 2005 Operating System Concepts WORM Disks The data on read-write disks can be modified over and over. WORM (Write Once, Read Many Times) disks can be written only once. Thin aluminum film sandwiched between two glass or plastic platters. To write a bit, the drive uses a laser light to burn a small hole through the aluminum; information can be destroyed by not altered. Very durable and reliable. Read Only disks, such ad CD-ROM and DVD, come from the factory with the data pre-recorded.

Slide 19

12.19 Silberschatz, Galvin and Gagne 2005 Operating System Concepts Tapes Compared to a disk, a tape is less expensive and holds more data, but random access is much slower. Tape is an economical medium for purposes that do not require fast random access, e.g., backup copies of disk data, holding huge volumes of data. Large tape installations typically use robotic tape changers that move tapes between tape drives and storage slots in a tape library. stacker library that holds a few tapes silo library that holds thousands of tapes A disk-resident file can be archived to tape for low cost storage; the computer can stage it back into disk storage for active use.

Slide 20

12.20 Silberschatz, Galvin and Gagne 2005 Operating System Concepts Operating System Issues Major OS jobs are to manage physical devices and to present a virtual machine abstraction to applications For hard disks, the OS provides two abstraction: Raw device an array of data blocks. File system the OS queues and schedules the interleaved requests from several applications.

Slide 21

12.21 Silberschatz, Galvin and Gagne 2005 Operating System Concepts Application Interface Most OSs handle removable disks almost exactly like fixed disks a new cartridge is formatted and an empty file system is generated on the disk. Tapes are presented as a raw storage medium, i.e., and application does not not open a file on the tape, it opens the whole tape drive as a raw device. Usually the tape drive is reserved for the exclusive use of that application. Since the OS does not provide file system services, the application must decide how to use the array of blocks. Since every application makes up its own rules for how to organize a tape, a tape full of data can generally only be used by the program that created it.

Slide 22

12.22 Silberschatz, Galvin and Gagne 2005 Operating System Concepts File Naming The issue of naming files on removable media is especially difficult when we want to write data on a removable cartridge on one computer, and then use the cartridge in another computer. Contemporary OSs generally leave the name space problem unsolved for removable media, and depend on applications and users to figure out how to access and interpret the data. Some kinds of removable media (e.g., CDs) are so well standardized that all computers use them the same way.

Slide 23

12.23 Silberschatz, Galvin and Gagne 2005 Operating System Concepts Hierarchical Storage Management (HSM) A hierarchical storage system extends the storage hierarchy beyond primary memory and secondary storage to incorporate tertiary storage usually implemented as a jukebox of tapes or removable disks. Usually incorporate tertiary storage by extending the file system. Small and frequently used files remain on disk. Large, old, inactive files are archived to the jukebox. HSM is usually found in supercomputing centers and other large installations that have enormous volumes of data.

Slide 24

12.24 Silberschatz, Galvin and Gagne 2005 Operating System Concepts Reliability A fixed disk drive is likely to be more reliable than a removable disk or tape drive. An optical cartridge is likely to be more reliable than a magnetic disk or tape. A head crash in a fixed hard disk generally destroys the data, whereas the failure of a tape drive or optical disk drive often leaves the data cartridge unharmed.

Slide 25

12.25 Silberschatz, Galvin and Gagne 2005 Operating System Concepts Cost Main memory is much more expensive than disk storage The cost per megabyte of hard disk storage is competitive with magnetic tape if only one tape is used per drive. The cheapest tape drives and the cheapest disk drives have had about the same storage capacity over the years. Tertiary storage gives a cost savings only when the number of cartridges is considerably larger than the number of drives.

Slide 26

12.26 Silberschatz, Galvin and Gagne 2005 Operating System Concepts Price per Megabyte of DRAM, From 1981 to 2004

Slide 27

12.27 Silberschatz, Galvin and Gagne 2005 Operating System Concepts Price per Megabyte of Magnetic Hard Disk, From 1981 to 2004

Slide 28

12.28 Silberschatz, Galvin and Gagne 2005 Operating System Concepts Price per Megabyte of a Tape Drive, From 1984-2000

Slide 29

Disk Performance Model /Trends Capacity + 100%/year (2X / 1.0 yrs) Transfer rate (BW) + 40%/year (2X / 2.0 yrs) Rotation + Seek time 8%/year (1/2 in 10 yrs) MB/$ > 100%/year (2X /

Fallacy: Use Data Sheet Average Seek Time Manufacturers needed standard for fair comparison (benchmark) Calculate all seeks from all tracks, divide by number of seeks => average Real average would be based on how data laid out on disk, where seek in real applications, then measure performance Usually, tend to seek to tracks nearby, not to random track Rule of Thumb: observed average seek time is typically about 1/4 to 1/3 of quoted seek time (i.e., 3X-4X faster) UltraStar 73 avg. seek: 4.9 ms 1.6 ms

Slide 33

Fallacy: Use Data Sheet Transfer Rate Manufacturers quote the speed of the data rate off the surface of the disk Sectors contain an error detection and correction field (can be 20% of sector size) plus sector number as well as data There are gaps between sectors on track Rule of Thumb: disks deliver about 3/4 of internal media rate (1.3X slower) for data For example, UlstraStar 73 quotes 49 to 87 MB/s internal media rate Expect 37 to 65 MB/s user data rate

Slide 34

Disk Performance Example One More Time Calculate time to read 1 sector for UltraStar 72 again, this time using 1/3 quoted seek time, 3/4 of internal outer track bandwidth; (8.0 ms before) Disk latency = average seek time + average rotational delay + transfer time + controller overhead = (0.33 * 4.9 ms) + 0.5 * 1/(10000 RPM) + 0.5 KB / (0.75 * 87 MB/s) + 0.1 ms = 1.62 ms + 0.5 /(10000 RPM/(60000ms/M)) + 0.5 KB / (65 KB/ms) + 0.1 ms = 1.62 + 3.0 + 0.0077 + 0.1 ms = 4.73 ms

Slide 35

Security & Protection

Slide 36

Security overall problem of ensuring that resources (files, cpus, memory, etc.) are accessed only by authorized users e.g. PC in lecture room was stolen Protection OS mechanisms to provide security for the enforcement of policies governing use e.g. What is the policy regarding e-mail?

Slide 37

Protection Protecting processes/users from each other is one of the core OS responsibilities Control access of processes or users to resources of the computer system (both HW and SW) Ensure resources are operated on by only those processes that have gained proper authorization Enforcing resource limits

Slide 38

Cross-cutting issue CPU Scheduling Protection by timer interrupts and OS scheduling policy Process Management Protection by access control and enforcement of resource limits (most OS?) Virtual Memory Protection by inability to name other processes memory space File System User defined access controls per file/directory Note: Synchronization more voluntary protection by observing rules within a set of processes/threads that share data (Monitors maybe protection?)

Slide 39

How to do protection? From that brief survey of OS topics it is clear that protection can be accomplished in many ways Protection can be based on the design of the system which makes access impossible (cant even name things you shouldnt access) e.g. VM Protection can be controllable by an OS wide policy (OS controls resource allocation) e.g. timer interrupts Protection can be controlled by user definable access controls e.g. User can set FS access controls Implies ability to deny authorized access! Ability to enforce the policy!

Slide 40

Principles Generally the more restrictive the system the more protection Need to know principle says only grant those rights absolutely necessary to accomplish a task Start out granting none and see where it breaks, add the smallest new privileges as possible Ex. If a process only needs to read/write one specific file then dont give it access to all the users files Ex. Dont give full root privileges just because need to open a port < 1024

Slide 41

Policy vs Mechanism Mechanism says what types of access are possible and defines the means for identifying authorized vs unauthorized access Policy says which processes/users should have which kinds of access When building system best to make mechanism match the problem domain rather than a particular desired policy More flexible if separate mechanism from policy! Example: if your mechanism does not distinguish between read and execute rights then impossible to hand out one without the other; if mechanism does distinguish then policy may never choose to hand out one without the other but it could

Slide 42

Types of access The possible types of access depend on the resource CPUs can be executed upon File can be read/written/executed Directories can be read/inserted into/deleted from/traversed without displaying all Tape drives can be read/written/rewound Begin by thinking about all the possible actions you might want to allow/disallow on an object

Slide 43

Example: File Sharing & Protection File Sharing Sharing of files on multi-user systems is desirable Sharing may be done through a protection scheme On distributed systems, files may be shared across a network Network File System (NFS) is a common distributed file-sharing method

Slide 44

10.44 Silberschatz, Galvin and Gagne 2005 Operating System Concepts File Sharing Remote File Systems Uses networking to allow file system access between systems Manually via programs like FTP Automatically, seamlessly using distributed file systems Semi automatically via the world wide web Client-server model allows clients to mount remote file systems from servers Server can serve multiple clients Client and user-on-client identification is insecure or complicated NFS is standard UNIX client-server file sharing protocol CIFS is standard Windows protocol Standard operating system file calls are translated into remote calls Distributed Information Systems (distributed naming services) such as LDAP, DNS, NIS, Active Directory implement unified access to information needed for remote computing

Slide 45

10.45 Silberschatz, Galvin and Gagne 2005 Operating System Concepts File Sharing Consistency Semantics Consistency semantics specify how multiple users are to access a shared file simultaneously Similar to Ch 7 process synchronization algorithms Tend to be less complex due to disk I/O and network latency (for remote file systems Andrew File System (AFS) implemented complex remote file sharing semantics Unix file system (UFS) implements: Writes to an open file visible immediately to other users of the same open file Sharing file pointer to allow multiple users to read and write concurrently AFS has session semantics Writes only visible to sessions starting after the file is closed

Slide 46

10.46 Silberschatz, Galvin and Gagne 2005 Operating System Concepts File Protection File owner/creator should be able to control: what can be done by whom Types of access Read Write Execute Append Delete List

Slide 47

10.47 Silberschatz, Galvin and Gagne 2005 Operating System Concepts Access Lists and Groups Mode of access: read, write, execute Three classes of users RWX a) owner access 7 1 1 1 RWX b) group access 6 1 1 0 RWX c) public access1 0 0 1 Ask manager to create a group (unique name), say G, and add some users to the group. For a particular file (say game) or subdirectory, define an appropriate access. owner grouppublic chmod 761game Attach a group to a file chgrp G game

Slide 48

10.48 Silberschatz, Galvin and Gagne 2005 Operating System Concepts Windows XP Access-control List Management

Slide 49

10.49 Silberschatz, Galvin and Gagne 2005 Operating System Concepts A Sample UNIX Directory Listing

Slide 50

Andrew File System - ACL