Features and structure of
contemporary operating systems
An operating system is a program that acts
as the interface between the users and the hardware. The operating system’s job
is to manage the operation of all tasks on a computer system. The operating
system manages storage, security, memory and the various processes needed for
the computer system to operate effectively.
The operating system manages storage by
allocating space depending on the needs of the system. It manages files on
different types of physical media: hard disks, optical disks, etc. As
well, the operating system manages the
cache memory of the system which temporarily holds information and instructions
to be executed. Security is managed by controlling which areas of the computer
systems and files can be access by users and by other system processes. The
operating system manages memory allocation as well as keeps track of how memory
is being used and by whom. It also decides which processes are using the memory
at a given time. System processes are managed by controlling which process is
active and for how long as a way to fairly and efficiently manage the computer
system. The operating creates and deletes processes, suspends processes and
also schedules processes as part of the management the system’s resources.
Threads
and process synchronization
A process is a part of a program or code
that is actively being executed that also has the information needed to execute
the next part of the program or code. There are five process states which are
used to track the current state of the activity being executed: New, running, waiting, ready and terminated. In
the new stage, this is where a process is created. During the running stage,
the instructions for the process are actively being executed. The waiting stage
happens when the process is waiting for an event to occur. Waiting also happens
during the ready stage, but not for an event – the process has been loaded into
main memory and is waiting in the queue for execution by the CPU. Finally, the
terminated stage is where the process execution has been completed. The process
control block (PCB) is used to keep track of all processes that are being
executed or waiting to be executed. The PCB knows the state of each process,
the location in the queue of each process, which CPU register is being used by
each process in case of an interrupt and also the memory management information
needed. The PCB also tracks information related to the process such as the time
the process took to execute, the process numbers, I/O devices and open files.
Single and multi-threaded execution
relates to the number of processes being executed on the system. Both types of
threads can be executed by the user/programmer or by the kernel of the
operating system. On a singled threaded system, only one task is performed at a
time. On a multi-threaded process, multiple parts of the program are executed
simultaneously. Multithreaded processes share resources and doesn’t stop a
program from running while one process is running.
A
critical-section is a segment of code of a process. This segment of code can
only have one process being executed on it at a time. The critical-section
problem is how to write a program that allows processes to run while
identifying the critical-section and only allowing one process to execute on
that section. One way to understand the critical-section is when multiple
people try to make changes to a document at a time. Depending on how the
document is being accessed, only one person can make changes why other people
can only read the content. Once the first person has completed their changes,
only then can another person make changes.
Memory
management
The purpose of memory management in
operating systems is to administer the allocation of memory resources for the
efficient running of the operating system. To
accomplish this, it is responsible for knowing which blocks of memory
are being used by which processes and which are free to be allocated to another
process. Memory management handles the swapping of processes between the main
memory (RAM) and the hard disk as necessary. It also prevents usage of memory
by processes not allowed to access it thereby preventing cross-contamination if
there were errors.
The physical address space is the array of
addresses that are located in each memory unit while the virtual address space
is a generated array of addresses that points to the location of data or the
physical address of the data. Memory can be mapped by paging or by
segmentation. With segmentation, blocks of memory that are not necessarily the
same size and can have varying are used to temporarily house data. They are
identified by their start and end addresses. With paging, the blocks of memory
are the same size.
File
systems, mass storage and I/O
The objective of file system management is
to govern how files are stored and accessed in an operating system. Finder on
the Apple operating system and Windows Explorer on the Windows operating system
are two well-known and widely used file
management systems. Both operating systems are used to control the following
operations:
• Creating
files (naming conventions, types, attributes, etc.)
• Editing
files
• Reading
files
• Deleting
files
• Truncating
files
• Repositioning
within a file
File managements systems also function as
the holder of the keys to the files contained on the system. It is used to
manage the access methods to the files, the file structure that can be used,
support for various I/O devices, file sharing, access rights, and file
protection from accidental deletions.
With all file management systems, there
are various ways to structure the file directory. In a single-level directory,
there is one master directory within which all files exist. This type of
structure has a limitation in that file names must be unique and when the
number of files grows, it becomes difficult to keep track of file names and
avoid duplication. In contrast, a two-level directory has a master directory
for each user, and a separate directory within the master directory that
contains each user’s files. The disadvantage for this type of structure is that
one the files are not easily shared by multiple users.
There are also tree-structured directories
where there is a root directory with pointers to sub-directories.
Sub-directories in turn could contain files or contain other sub-directories
which can also contain files or sub-directories. Locating files in a tree-structured
directory requires knowing the absolute or relative path to the file. Acyclic-Graph
Directories are similar to tree-structured directories however the
differentiate where the sub-directories or files could be lined to multiple
parent directories. A general graph directory, which is similar to the
Acyclic-Graph Directory, is a file structure where the sub-directories have
pointers back to the parent directories. A disadvantage to this approach
is creating an infinite loop when
searching for files.
In order to interface with the operating
system, various I/O devices are used. These I/O devices include hardware that
is external to the system such as keyboards, mice, disk drives, printers,
monitors, etc. As well, there is hardware internal to the system such as device
controllers. The operating system uses software in the kernel called device
drivers to communicate with the hardware. In terms of access to disks, a
memory-mapped interface can be used to speed up disk access and also space.
Security
and protection
The goal of protection in general is to
ensure the security of physical devices, people, systems and networks. Specifically,
the goal of domain- and language-based protection is to use programming
languages to specify a high-level explanation of the rules for the use of the
system and its resources. The principle of this protection is to provide the
least amount of privileges that users and systems need to perform a given task.
Language-based protection at the software level ensures that only entitled
operations can access parts of a program to which they are entitled.
Domain-based protection ensures that only specific resources can be used by a
process and defines which objects can be access and how.
An access matrix is used to specify what type
of access a process has on a system resource by mapping objects to permissions.
One example of an access matrix is an ACL:
|
|
Object 1
|
Object 2
|
Object 3
|
|
User 1
|
Read-Write
|
Read-Only
|
|
|
User 2
|
Read-Only
|
|
Read-Write
|
|
System 3
|
|
Read-Write
|
Read-Only
|
Security is used to protect programs,
systems, and networks from internal as well as external threats by ensuring
that only those who should have access has access. Various types of monitoring can
be used to identify threats and attacks to the system in order to prevent them from
happening or minimize their effects. The operating system can usually protect
itself, however a weakness in the physical protection of the system can make
the operating system susceptible to attacks. Cryptography is a way of securing
systems and information through the use of encryption. It is one of the methods
used to deny access to systems and resources. Another option is to implement
user authentication to ensure that only specific users have access to the
system and its resources. Network firewall also prevent unwanted access into a
network.
Future
considerations
A lot was learned throughout this course
in terms of how the operating system works and ways in which it should be
protected. These concepts will help me in my current role as Senior Application
Analyst in terms of considering security and file structure when I make
recommendations for applications and processes to be implemented in our
environment. I am now cognizant of how processes should be considered in the
hierarchy of design to ensure that ample resources are provided for the system
to operate efficiently. I look forward to incorporating what I have learned.
Post a Comment