GENERAL I ARTICLE Operating Systems 2. Functions, Protection and Security Mechanisms

M Suresh Babu

The objectives and stages of operating systems introduced in Part 1 are continued here. Four major components - process management, input-output (I/O) device manage­ ment, memory management, file management and protec­ tion are discussed.

M Suresh Babu is Introduction currently a fourth year undergraduate student in The process concept and concurrency are at the heart of modern the Department of operating systems (OS). A process is the unit of work in a Computer Science and Engineering, Narayana computer system. A process must be in main memory during Engineering College, execution. To improve the utilization of central processing unit Nellore, Andhra Pradesh. (CPU) as well as the speed of its response to its users, the He would like to work in computer must keep several processes in memory. Many differ­ operating systems, computer networks and ent memory-management schemes are discussed. also in Internet security concepts. The role of the OS in a computer I/O subsystem is to provide the simplest interface possible to the rest of the system. Protection is an internal problem. Security must consider both the com­ puter system and the environment within which the system is used. Both the above concepts are also discussed.

Process Management Part 1. Objectives and Evolution, Resonance, VoL7, A process can be thought of as a program in execution. A process No.3, pp .18-24, 2002. will need a number of resources such as CPU time, memory, files and I/O devices to accomplish its tasks. These resources are allocated to the process either when it is created or while it is executing. The OS is responsible for the following activities in process management: the creation and deletion of both users' Keywords Memory management, process and system processes; the scheduling of processes; and the management, I/O device man­ provision of mechanisms for synchronization, communication agement, file management. and deadlock handling for processes.

-60------~~-------E-S-O-N-A-N--E--I-A-p-ri-I-2-0-0-2 GENERAL I ARTICLE

New: The process is being created. Running: Instructions are being executed. Waiting: The process is waiting for some event to occur. Ready: The process is waiting to be assigned to a processor. Terminated: The process has finished execution.

Present-day computer systems allow multiple programs to Figure 1. be loaded into memory and to be executed concurrently. This evolution requires firmer control and more compart­ mentalization of the programs. This has led to the notion of a process which is more than the program code.

We emphasize that a program itself is not a process; a program is a passive (static) entity, such as the contents of a file stored on disk, whereas a process is an active (dy­ namic) entity, with a program counter specifying the next instruction to execute and a set of associated resources. As a process executes, it changes state. The state of a process is defined in part by the current activity of that process as shown in Figure 1.

The objective of time sharing is to allow fast interaction of users with their respective programs by rapidly switching their processes running in the CPU. Whenever the CPU becomes idle, the OS must select one of the processes in the Whenever the CPU ready queue to be executed. This selection process is becomes idle, the OS carried out by CPU scheduler by implementing scheduling must select one of the algorithms like First Come-First Serve, Shortest-Job-First, processes in the ready Priority, Round-Robin, Multilevel Queue Scheduling de­ queue to be executed. pending on the objective and the system. A cooperating CPU scheduler carries process is one that can affect or be affected by the other out this selection processes executing in the system. Cooperating .processes process.

-R-ES-O-N-A-N--CE--I--AP-r-il--2-00-?------~------61 GENERAL I ARTICLE

The role of the as may either directly share a logical address space, or be allowed to in computer I/O share data only through files. The former case is achieved subsystem is to through threads or lightweight processes and later by using provide the synchronization techniques like Bounded-Buffer, Readers and simplest interface Writer, Dining Philosopher Problems. (See [1]). possible to the rest INPUT/OUTPUT Device Management of the system. Perhaps the messiest aspect of OS design is input/output [I/O]. The devices attached to a computer vary in multiple dimen­ sions. Devices transfer a character or a block of characters at a time. They can be accessed sequentially or randomly. They transfer data synchronously or asynchronously. They are dedi­ cated or shared. They can be read-only or read-write. They also vary greatly in speed.

Because of all these device variations, the OS needs to provide a wide range of functionality to applications, to allow them to control all aspects of the devices. The role of the OS in computer I/O is to manage and controlI/O operations and I/O devices. One key goal of an OS's I/O subsystem is to provide the simplest interface possible to the rest of the system. Because devices are a performance bottleneck, another key is to optimize I/O for maximum concurrency.

The basic hardware elements involved in I/O are buses, device controllers and the devices themselves. The work of moving data between devices and main memory is performed by CPU as programmed I/O, or is offloaded to a DMA controller. The kernel's I/O subsystem provides numerous services. Among these are I/O scheduling, buffering, spooling, error handling and device reservation.

Another service is name translation, to make the connection between hardware devices and the symbolic file names used by applications. It involves several levels of mapping that translate from a character string name to a specific device driver and device address, and then to physical addresses of I/O ports or bus controllers. This mapping may occur within the file-system

------~------62 RESONANCE I April 2002 GENERAL I ARTICLE name space, as it does in , or in a separate device name . Effective memory space, as it does in MS-DOS. management is vital in a Memory Management multi programmed In a uniprogramming system, main memory is divided into two system. If only a parts: one part for the (resident monitor, few processes are kernel) and the other for the program currently being executed. in memory, then In a multiprogrammed system, the 'user' part of memory must for much of the be further sub-divided to accommodate multiple processes. The time all the task of sub-dividing is carried out dynamically by the OS and is processes will be known as memory management. v waiting for I/O and the processor will Effective memory management is vital in a multiprogrammed be idle. system. If only a few processes are in memory, then for much of the time all the processes will be waiting for I/O and the proces­ sor will be idle. Thus, memory needs to be allocated efficiently to pack as many processes into memory as possible. While surveying the various mechanisms and policies associated with memory management, it is good to keep in mind the require­ ment that memory management is intended to satisfy. The five requirements are: relocation, protection, sharing, logical orga­ nization and physical organization.

The core task of any memory management system is to bring programs into main memory for execution by the processor. In almost all-modern multiprogrammed systems, this task involves a sophisticated scheme known as virtual memory. Virtual memory is in turn based on the use of one or both of two basic techniques: segmentation and paging.

There are several memory management techniques of OS pro­ vided for this concept (see Table 1 and [4]).

File Management

In most applications, the file is the central element. Whatever the objective of the application, it involves the generation and use of data files. The input to applications is a file, and in virtu-

-R-ES-O-N-A-N--CE--I-A-p-r-il--2-00-2------~------6-3 GENERAL I ARTICLE

Table 1. Comparison of memory management systems.

Technique Description Strength Weakness

Fixed partitioning. Main memory is divided into a Simple to Inefficient use of number of static partitions at implement; little memory due to system generation time. A OS overhead. internal process may be loaded into a fragmentation. partition site equal to or greater Numbers of active than the process site. processes are fixed.

Dynamic Partitions are created No internal Inefficient use of partitioning. dynamically, so that each fragmentation; processor due to process is loaded into a partition more efficient the need for of exactly the same size as that use of main compaction to process. memory. counter external fragmentation.

Simple paging Main memory is divided into a No external A small amount of number of equal size frames. fragmentation. internal Each process is divided into a fragmentation. number of equal size pages of the same length.

Simple Each process is divided into a No internal Need for segmentation. number of segments. A process fragmentation. compaction. is loaded by loading all of its segments into dynamic partitions that need not be contiguous.

Virtual memory As with simple paging, except No external Overhead of paging. that it is not necessary to load all fragmentation; complex memory processes in main memory. higher degree of management. Non-resident pages that are multiprogrammi needed are brought in later ng, large virtual automatically from disk. process space.

Virtual memory As with simple segmentation No internal Overhead of segmentation. except that it is not necessary to fragmentation, complex memory load all of the segments of a higher degree of management. process. Non-resident segments memory that are needed are brought in management; later automatically. large virtual address space, protection and s.haring support.

-64------~~------R-ES-O-N-A--N-C-E-I--A-p-ri-I-2-0-0-2 GENERAL I ARTICLE ally all applications, output is saved in a file for long-term Suggested Reading storage and for later access by the user and by other programs. [1] Silberschatz and Galvin, Files have a life outside of any individual application that uses Operating System Con­ cepts, Pearson Education, them for input and output. Users wish to access files, save them, India, Delhi, 2000. and maintain the integrity of their contents. To aid in these [2] D H Dhamdhere, System objectives, virtually all computer systems provide separate file­ Programming and Oper­ management systems. Typically, such a system consists of ating Systems, Tata McGraw Hill, 2000. system utility programs that run as privileged applications. [3] Andrew S Tanenbaum, File-management system needs special services from the as and Modem Operating Sys­ often the entire file management system is considered part of the tems, Prentice Hall ofIn­ as. dia, 2000. [4] William Stallings, Oper­ When discussing about files the four terms that are in common ating Systems, Prentice Hall of India, 2000. use are field, record, file, and database. Field is a basic element of data. A record is a collection of related fields. A file is a collection of similar records. A database is a collection of related files. A file management system is that set of system that provides services to users and applications related to the use of files. Typically, the only way that a user or application may access files is through file management system. The operations that are supported by file management system are: Retrieve_All, Retrieve_One, Retrieve_Next, Retrieve_Previous, Insert_One, Delete_One, Update_one, Retrieve_Few.

Protection and Security

Sharing of programs and data among users of a computer system necessitates strong emphasis on protection and security mea­ Encryption is the sures in an as. Both protection and security imply guarding fundamental against intrusion in an as. However, in keeping with the technique for convention followed in as literature, a distinction is made protecting between two types of intrusion. confidentiality of data. Hence it Protection: Guarding a user's data and programs against intru­ forms the basis of sion by internal entities of a system, e.g. other authorized users many protection of the system. and security Security: Guarding a user's data and programs against intru- mechanisms.

------~------RESONANCE I April 2002 65 GENERAL I ARTICLE

Encryption key (K) ~ Decryption Key (K~

, Plain Plain text ... Encryption Cipher text .... Decryption text ...... JIll' .... Algorithnl (E) Algorithm (D)

Figure 2. sion by entities external to a system, e.g. unauthorized persons.

The various authorization provisions in a computer system may not confer sufficient protection for highly sensitive data. In such cases, data may be encrypted. It is not possible for en­ crypted data to be read unless the reader knows how to decipher (decrypt) the encrypted data.

Encryption of Data

Encryption is the fundamental technique for protecting confi­ dentiality of data. Hence it forms the basis of many protection and security mechanisms. Encryption is the application of an algorithmic transformation to data.

The original form of data in plain text is encrypted by an Encryption Algorithm E by using Encryption Key K. The transformed form is called cipher text. The cipher text is transmitted to the destination where that form is to be de­ crypted using a Decryption Algorithm D with the same Key K to obtain its plain text form, (See Figure 2).

Conclusions

In this short article, we have explained various facilities pro­ Address for Correspondence vided in OS. These advances in OS have considerably improved M Suresh Babu the utilization of resources of a computer and eased their use. C/o N Sudhakar Reddy D. No. 16-3-1141F Acknowledgements: The author sincerely acknowledges Prof. E Pinaki Nagar V Prasad, Principal and K V Raghavendra Kumar, Head of the Haranathapuram IV line Nellore 524003 Computer Science and Engineering Department, Narayana En­ Andhra Pradesh, India. gineering College, Nellore for their timely directions and helpful Email:suresh_0529@ suggestions to increase the richness of the contents of this article. rediffmail. com

------~------66 RESONANCE I April 2002