Index

4-byte pages, 363, 364 mandatory, 684-685 32-byte memory, 363, 364 role-based, 683-684 50-percent rule, 359 access-control lists (ACLs), 552, 555, 826 64-bit computing, 383 accessed bits, 437 access mask, 849 A access matrix, 675-685 defined, 675 ABI (application binary interface), 78-79 implementation of, 679-682 aborting processes, 342 and mandatory access control, 684-685 absolute code, 352 and revocation of access rights, 682- 683 absolute path names, 546 and role-based access control, 683-684 abstract data type (ADT), 277-278 access rights, 534, 673, 680, 682-683 access, 539-541 accounting, 110, 659, 788 anonymous, 605 ACG (Arbitrary Code Guard), 827 controlling, 552-554 acknowledgment packet, 748 direct (relative), 539-541 ACLs, see access-control lists effective access time, 397-398 ACPI (advanced configuration and power kernel object, 884-885 interface), 516 lightweight directory-access protocol, activation record, 107 607, 884 active directory, 607, 884 memory, 15, 18, 19, 418-419, 498-500 acyclic graphs, 547 process migration for, 753 acyclic-graph directories, 547-549 and protection, 551 additional-reference-bits algorithm, random-access devices, 502 409-410 random-accessCOPYRIGHTED time, 450 MATERIALadditional sense code, 512 read, 292 additional sense-code qualifier, 512 relative, 539-540 address(es): Remote Access Tool, 625 defined, 496 remote file, 764-767 linear, 380, 382 security access tokens, 662 logical, 353, 379 sequential, 539, 541 MAC, 745 wireless access points, 736 physical, 354, 379 write, 292 trusted, 638 access control: virtual, 354 discretionary, 684 address binding, 352-353 in Linux, 816-818 address mapping, 456-457 MAC address, 745 address resolution protocol (ARP), 745

901 902 Index

address space: process hierarchy, 122-123 logical vs. physical, 353-355 protection domain, 675 virtual, 390, 391, 799-800 RPC, 151-153 address-space identifiers (ASIDs), 366 thread pools, 178 address-space layout randomization TrustZone, 670, 671 (ASLR), 656, 827 anomaly detection, 656 Address Window Extension (AWE) anonymous access, 605 memory, 894-895 anonymous memory, 399, 469 admission-control algorithms, 230 anonymous pipes, 141-145 ADT (abstract data type), 277-278 AOT (ahead-of-time) compilation, 89, 90 advanced configuration and power APCs (asynchronous procedure calls), interface (ACPI), 516 189-190, 846 advanced encryption standard (AES), 640 APFS (Apple File System), 592 advanced local procedure call (ALPC), API (application program interface), 138, 834 63-66. See also specific types advanced technology attachment (ATA) appending files, 551 buses, 456 Apple File System (APFS), 592 advisory file-locking mechanisms, 535 application binary interface (ABI), 78-79 AES (advanced encryption standard), 640 application component, 151-152 affinity, processor, 225-226 Application Container, 868 age, page, 800 application containment, 703, 718-719 aging, 213 application frameworks layer (macOS ahead-of-time (AOT) compilation, 89, 90 and iOS), 87 alertable threads, 846 application interface (I/O systems), allocation: 500-508 buddy-system, 427, 428 block and character devices, 503-504 committing, 852 clocks and timers, 505-506 contiguous, 356-360, 570-573 network devices, 504-505 equal, 414 nonblocking and asynchronous I/O, frame, 413-419 506-507 free frames before and after, 364 application layer (OSI model), 742 global, 415-418 application programs (apps), 4, 75, 823 indexed, 575-577 compatibility of, 830-831 kernel memory, 426-430 disinfection of, 658 linked, 573-575 packaged, 859 local, 415-418 security of, 624 over-, 401 specificity of, 77-79 proportional, 414-415 system services, 75 resource, 57 user IDs for, 675 of secondary storage, 570-578 application program interface (API), slab, 427-430, 797-798 63-66. See also specific types Allocation (data structure), 335, 336, 339 application proxy firewalls, 660 allocation problem, 358, 540, 571 application state, 378 ALPC (advanced local procedure call), Aqua interface, 59, 87 138, 834 Arbitrary Code Guard (ACG), 827 altitudes, 863 architecture(s), 15-21 AMD64 architecture, 382 AMD64, 382 Amdahl’s Law, 164 ARMv8, 383-384, 671, 672 AMD virtualization technology big.LITTLE, 226-227 (AMD-V), 710-711 clustered systems, 19-21 amplification, write, 462 IA-32, 379-382 analytic evaluation, 245 IA-64, 382 Andrew file system (OpenAFS), 759 multiprocessing, 124 Android operating system, 89-91 multiprocessor systems, 16-19 Index 903

NFS, 614 and encryption, 641-644 single-processor systems, 15-16 in Linux, 816 von Neumann, 12 multifactor, 653 x86-64, 382 two-factor, 652 Arduino, 70 user, 648-653 argument vector, 787 automatic working-set trimming, 438 armored viruses, 634 automount feature, 763 ARMv8 architecture, 383-384, 671, 672 autoprobes, 785 ARP (address resolution protocol), 745 availability, breach of, 622 arrays: Available (data structure), 334, 336, 338 redundant, see RAID [redundant arrays AWE memory, 894-895 of inexpensive disks] storage, 472-473, 481 B ASICs, 46 ASIDs (address-space identifiers), 366 back door, 503, 626, 627, 638 ASLR (address-space layout background class, 186 randomization), 656, 827 background processes, 74-75, 115, 123, assignment edge, 323 215, 241 asymmetric clustering, 19 backing store, 376 asymmetric encryption, 641, 645 back-pointers, 682 asymmetric encryption algorithm, 641 backups, 588-589 asymmetric multiprocessing, 220 bad blocks, 466-467 asymmetry, in addressing, 129 bad-cluster file, 877 asynchronous cancellation, 190 bad page, 856 asynchronous devices, 502, 506-507 balance, in multicore programming, 163 asynchronous message passing, 130 balanced binary search trees, 38 asynchronous procedure calls (APCs), balloon memory manager, 721 189-190, 846 bandwidth, 457 asynchronous threading, 169 banker’s algorithm, 333-337 asynchronous writes, 585 barriers, memory, 265-266 ATA buses, 456 based sections, 852 "at most once" functionality, 150 base file record, 876 atomic instructions, 266, 269 base register, 351-352 atomic safe-save, 592 bash (bourne-again shell), 58, 783 atomic variables, 269-270 basic file systems, 564, 565 attacks, 622 Bayes’ theorem, 657 buffer-overflow, 628-631 BCC (BPF Compiler Collection), 98-100 code-injection, 628-631 Belady’s anomaly, 406 code reuse, 827 best-fit strategy, 358, 359 denial-of-service, 622, 636 BGP (Border Gateway Protocol), 745 information leak, 827 big cores, 226-227 man-in-the-middle, 623, 635, 645 big data, 22 replay, 622 big-endian, 150 with tunneling, 659-660 big.LITTLE architecture, 226-227 zero-day, 656 binary format, 785 attackers, 622 binary general tree, 38 attack surface, 624 binary search trees, 38, 39 attributes, 551, 826, 875-876 binary semaphore, 273 attribute-definition table, 877 binary translation, 708-710 auditing, 659 binary trees, 38, 39 audit trail, 669 binders, 151 augmented-reality applications, 42 binding, 352 authentication: biometrics, 652-653 breaching of, 622 Bionic standard, 90 904 Index

BIOS, 94 booting, 86, 94-95, 863-864, 872-874 bit(s): boot loaders, see bootstrap programs accessed, 437 boot partition, 465 additional-reference-bits algorithm, boot sector, 466 409-410 bootstrap port, 136 contiguous, 432-433 bootstrap programs (boot loaders, defined, 12 bootstrap loaders), 11, 70, 94, 465, mode, 24 601 modify (dirty), 402 bootstrap server, 136 reference, 409 boot viruses, 632, 633 setuid, 674-675 Border Gateway Protocol (BGP), 745 64-bit computing, 383 bottlenecks, 95 valid-invalid, 368-369 bottom half (interrupt service routines), bit-level striping, 475 793-794 BitLocker, 863 bounded buffer, 126 bitmaps (bit vectors), 38-39, 579, 877 bounded-buffer problem, 290, 304 BKL, running on, 794 bounded capacity (of queue), 131-132 blade servers, 18-19 bounded waiting, 261 block(s), 186 bourne-again shell (bash), 58, 783 bad, 466-467 BPF Compiler Collection (BCC), 98-100 boot, 94, 464-466, 566 breach of availability, 622 boot control, 566 breach of confidentiality, 622 defined, 564 breach of integrity, 622 direct, 576 bridging, 723 disk, 40 broadcasting, 745 file-control, 565, 567 brokers, 837 index, 575-577 browser process, 124 indirect, 576, 577 BSD UNIX, 49-50 logical, 456 bss (block started by symbol) field, 108 process control, 109-110 B+ tree (NTFS), 876 thread building, 186-188 buddies, 427 thread environment, 889-890 buddy heap (Linux), 796 TRIMing unused, 581-582 buddy system (Linux), 796 virtual address control, 865 buddy-system allocation, 427, 428 volume control, 566 buffers: block ciphers, 639 bounded and unbounded, 126 block devices, 502-504, 810-811 bounded-buffer problem, 290, 304 block device interface, 503 circular, 587, 716-717 block groups, 806 defined, 509 blocking, indefinite, 213 translation look-aside, 365-368, 376, 384, blocking I/O, 506 855 blocking (synchronous) message passing, buffer cache, 583-585 130 buffering, 131-132, 412, 499, 509-510 block-interleaved distributed parity, buffer-overflow attacks, 628-631 477-478 bugs, 66 block-level striping, 475 bug bounty programs, 826 block number, relative, 540 bus(es), 7, 456 block started by symbol (bss) field, 108 advanced technology attachment, 456 block synchronization, 305 defined, 490-491 body (value), 187 eSATA, 456 boot block, 94, 465-466, 566 expansion, 490 boot control block, 566 fibre channel, 456 boot disk (system disk), 465 I/O, 456 boot file, 877 PCIe, 490 Index 905

serial ATA, 456 change journal (Windows 10), 879 serial-attached SCSI, 456, 490 character devices (Linux), 810-812 universal serial, 456 character-stream devices, 502, 504 busy waiting, 272, 493-494 character-stream interface, 504 byte, 11 checksums, 462, 746 bytecode, 727 children, 38, 111 byte stream, 748 chip multithreading (CMT), 222, 223 chipsets, 835 C Chrome, 124 CIFS (common Internet file system), 607, caches, 583-586 880 buffer, 583-584 ciphers, 639, 640 defined, 510 circular buffers, 587, 716-717 in Linux, 797, 798 circularly linked lists, 37, 38 location of, 765-766 circular SCAN (C-SCAN) scheduling as memory buffer, 350 algorithm, 460 page, 583, 798 circular-wait condition (deadlocks), 321, and performance improvement, 583-586 328-330 policy for updating, 766-767 claim edge, 333 slabs in, 427, 428 classes (Java), 694 unified buffer, 583-585 class loader, 727 cache coherency, 32 cleanup handler, 191 cache-consistency problem, 765 clearing interrupts, 9, 494 cache management, 30-31 CLI (command-line interface), 56 cache manager (Windows 10), 864-866 C library, see libc caching, 30-31, 510-511 client(s), 73 basic scheme, 764-765 in client-server model, 606 client-side, 883 defined, 757 double, 584 diskless, 762 write-back, 766 in distributed systems, 734 cancellation, thread, 190-192 thin, 40 cancellation points, 191 client-initiated approach to verifying Canonical, 779 cached data, 767 capability(-ies), 680, 682-683, 685-686, 697 client interface, 757 capability-based protection systems, client-server DFS model, 758-759 685-687 client-server distributed system, 734 capability lists, 680-681 client-server model, 606, 758-759, 861-862 capability systems, 826 client-server systems, 42-43, 734 capacity, of queue, 131-132 client-side caching (CSC), 883 cascading termination, 121 client systems, 42 catching interrupts, 9, 494 clocks, 505-506 CAV (constant angular velocity), 457 clock algorithm, 410-411 cd command, 751 clock owner, 837 central processing units, 18, 318. See also clones, 591, 705 entries beginning CPU clone() system call, 195-196 Ceph, 484 closed-source operating systems, 46 certificate authorities, 644 closures, 174, 186 CET (Control-flow Enforcement cloud computing, 44-45, 706 Technology), 828 cloud storage, 471, 751 CFG (Control-Flow Guard), 827 clusters, 19-21, 464, 574, 875 CFQ scheduler, 461, 811 cluster-based DFS model, 758-760 CFS, see Completely Fair Scheduler clustered file system (CFS), 768 CFS (clustered file system), 768 clustered page tables, 374 challenging passwords, 652 clustered systems, 19-21 906 Index

clustering, 19, 20, 438 compaction, 360, 572 CLV (constant linear velocity), 456-457 compare and swap() instruction, 267-269 CMT (chip multithreading), 222, 223 compartmentalization, 669 coarse-grained multithreading, 222 compiler-based enforcement, 691-693 coaxial cables, 736 compile time, 352 Cocoa framework, 87 Completely Fair Queuing (CFQ) Cocoa Touch, 87 scheduler, 461, 811 code: Completely Fair Scheduler (CFS), 236, absolute, 352 237, 790 additional sense, 512 complex messages, 136 byte-, 727 Component Object Model (COM), 882 error-correction, 462-463 compression, 425-426, 757, 858, 878-879 injection of, 628-631 compression ratio, 426 kernel, 261 compression units, 878 message-authentication, 643 computational kernels, 833 position-independent, 803 computation migration, 752 reentrant (pure), 370 computation speedup, 123, 735, 753 relocatable, 353 computer programs, see application code-injection attack, 628-631 programs code integrity module (Windows 10), 828 computer system(s): code reuse attacks, 827 architecture of, 15-21 code review, 627, 628 clustered systems, 19-21 code signing, 644, 690 multiprocessor systems, 16-19 codewords, 697 single-processor systems, 15-16 COM (Component Object Model), 882 distributed systems, 35-36 com (top-level domain), 739 firewalling to protect, 659-660 combined scheme index block, 576 I/O structure in, 14-15 command interpreter, 58-59 operating system viewed by, 5 command-line interface (CLI), 56 organization, 7-15 committing allocations, 852 interrupts, 8-11 Common Criteria, 869 I/O structure, 14-15 common Internet file system (CIFS), 607, storage structure, 11-14 880 process management in, 27-28 common name, 647 protection in, 33-34 communication(s): real-time embedded systems, 45-46 direct, 128 secure, 622 indirect, 129 security in, 33-34 inter-computer, 522 storage in, 11-14 interprocess, see interprocess storage management in, 30, 32 communication [IPC] threats to, 634-637 network, 738-749 compute-servers system, 42-43 communication protocols, 741-745 computing: and naming/name resolution, 738-741 64-bit, 383 TCP/IP example, 745-746 cloud, 44-45, 706 UDP and TCP transport protocols, high-performance, 20 746-749 mobile, 41-42 as operating system service, 57 peer-to-peer, 43-44 secure, with symmetric encryption, 639, safe, 658 640 thin-client, 874-875 systems programs for, 74 traditional, 40-41 communication links, 128 computing environments, 40-46 communication ports, 138 client-server computing, 42-43 communication protocols, 741-745 cloud computing, 44-45 communication system calls, 72-73 mobile computing, 41-42 Index 907

peer-to-peer computing, 43-44 host, 456 real-time embedded systems, 45-46 control partitions, 714 traditional, 40-41 control programs, 5 virtualization, 34-35 control register, 492 concurrency, 163 convenience, 1 Concurrency Runtime (ConcRT), 241-242, convoy effect, 207 890 cooperating processes, 123, 257 concurrent dispatch queue, 185 cooperative scheduling, 202 conditional-wait construct, 281 coordination, among processes, 260 condition variables, 278, 279, 302-303, copy-on-write technique, 399-401, 853 309-311, 889 copy rights, access matrix with, 677 confidentiality, breach of, 622 copy semantics, 510 confinement problem, 678 core(s), 15-16, 18 conflict phase (of dispatch latency), 229 big and little, 226-227 conflict-resolution mechanism (Linux), dual-core design, 17, 18 784, 785 multicore processors, 221-224 congestion control, 749 multicore programming, 162-166 Connected Standby, 837 multicore systems, 16-18 connectionless protocols, 747 scheduling processes to run on, 199 connectionless (UDP) sockets, 147 core dump, 95-96 connection-oriented protocols, 748 core frameworks (macOS and iOS), 87 connection-oriented (TCP) sockets, 147 CoreUI, 825 connection ports, 138 counts, 533, 534 consistency, of distributed file systems, counters, 96-97 767 LRU page replacement with, 408 consistency checker, 586-587 program, 27, 106, 109 consistency checking, 586-587 timestamp, 845 consistency semantics, 608-609 counting, 580 consolidation, 706 counting-based page replacement constant angular velocity (CAV), 457 algorithm, 411-412 constant linear velocity (CLV), 456-457 counting semaphore, 273 consumer process, 126-127, 290, 291, C program, memory layout in, 108 559-560 CPUs (central processing units), 18, 318 containers, 592, 718, 719 CPU-bound processes, 112 container objects (Windows 10), 664 CPU burst, 201 containment, application, 703, 718-719 CPU-I/O burst cycle, 201 contaminants, 344 CPU registers, 110 contended locks, 271 CPU scheduler, 113-114, 201 content-addressable storage, 484 CPU scheduling, 24, 199-251 contention scope, 217-218 about, 201 context (of process), 114 algorithms for, 205-217 context (of thread), 194 evaluation of, 244-249 context switches, 114-115, 204 first-come, first-served scheduling of, contiguous allocation, 356-360, 570-573 206-207 contiguous bit, 432-433 multilevel feedback-queue scheduling Control-flow Enforcement Technology of, 216-217 (CET), 828 multilevel queue scheduling of, Control-Flow Guard (CFG), 827 214-216 controlled access, 552-554 priority scheduling of, 211-214 controller(s), 456 round-robin scheduling of, 209-211 defined, 491 shortest-job-first scheduling of, device, 456 207-209 direct-memory-access, 498 criteria, 204-205 fibre channel bus, 491 dispatcher, role of, 203-204 908 Index

and I/O-CPU burst cycle, 201 current directory, 546 multi-processor scheduling, 220-227 current-file-position pointer, 532 approaches to, 220-221 cycle stealing, 499 heterogeneous multiprocessing, cyclic redundancy checks (CRCs), 462 226-227 cylinder (hard disk drive), 450 and load balancing, 224-225 cylinder groups, 806 and multicore processors, 221-224 and processor affinity, 225-226 D operating-system examples, 234-244 Linux scheduling, 234-239 Solaris scheduling, 242-244 d (page offset), 360 Windows scheduling, 239-242 DAC (discretionary access control), 684 preemptive vs. nonpreemptive daemons, 22, 781 scheduling, 202-203 daemon processes, 690 real-time, 227-234 daisy chain, 490 earliest-deadline-first scheduling, DAM (Desktop Activity Moderator), 837 232-233 dark web, 634 and minimizing latency, 227-229 Darwin operating system, 85, 88, 687-688 POSIX real-time scheduling, 233-234 data attributes, 875 priority-based scheduling, 229-230 databases, 341, 842, 856 proportional share scheduling, 233 data dependency, 164 rate-monotonic scheduling, 230-232 data-encryption standard (DES), 639 thread scheduling, 217-219 Data Execution Prevention (DEP), 827 virtual machines, 720 datagrams, 743 CPU-scheduling information (PCBs), 110 data-in register, 492 CPU utilization, 204 data-link layer, 742 crashes, 96 data-link layer protocol, 645 crash dumps, 96 data loss, mean time of, 474 CRCs (cyclic redundancy checks), 462 data migration, 751-752 creation: data-out register, 492 of files, 532, 542 data parallelism, 165, 166 of processes, 116-121 data passing, between processes, 813 credentials, 787 data section (of process), 106 critical sections, 260 data splitting, 164 critical-section object, 297, 888 data striping, 475 critical-section problem, 260-270 data view attribute, 862 Peterson’s solution to, 262-265 DCOM, 882 and semaphores, 272-276 DDoS attacks, 636 and synchronization hardware, 265-270 deadline scheduler, 460, 461 cryptography, 637-648 deadlock(s), 283-284, 317-343 defined, 638 avoidance of, 326, 330-337 and encryption, 638-645 with banker’s algorithm, 333-337 asymmetric encryption, 641 with resource-allocation-graph authentication, 641-644 algorithm, 333 key distribution, 644-645 with safe-state algorithm, 331-333 symmetric encryption, 639-640 characterization, 321-326 implementation of, 645-646 defined, 317 TLS example of, 646-648 detection of, 337-341 CSC (client-side caching), 883 methods for handling, 326-327 C-SCAN scheduling, 460 in multithreaded applications, 319-321 C-SCAN scheduling algorithm, 460 necessary conditions for, 321-323 C shell, 58 prevention of, 326-330 ctfs (file system), 598 recovery from, 341-343 cumulative ACK, 748 system model for, 318-319 Index 909

system resource-allocation graphs for development kernels (Linux), 777 describing, 321-323 device controllers, 456. See also I/O Debian, 779 device directory, see directory(-ies) debuggers, 66 device drivers, 7, 490, 785 debugging, 95-100, 165 Device Guard, 828 dedicated devices, 502 device-management system calls, 71-72 deduplication, 757 device objects, 863 default access rights, 680 device reservation, 511 default heap, 893 device stacks, 862 default signal handlers, 189 device-status table, 508-509 defense in depth, 653, 669 DFSs, see distributed file systems deferred cancellation, 190 digital certificates, 644 deferred procedure calls (DPCs), 841, 847 digital signatures, 643, 828 degree of multiprogramming, 112 digital-signature algorithm, 643 delayed revocation, 682 dining-philosophers problem, 293-295 delayed-write policy, 766 dir command, 751 deleting files, 532, 542, 551 direct access (files), 539-541 demand paging, 392-399, 430-436 direct blocks, 576 basic mechanism, 393-396 direct communication, 128 defined, 393 Direct-Compute, 825 free-frame list, 396-397 direct I/O, 504 with inverted page tables, 433 direct memory access (DMA), 15, 498-500 and I/O interlock, 434-436 direct-memory-access (DMA) controller, and page size, 431-432 498 and performance, 397-399 directory(-ies), 541-550 and prepaging, 430-431 active, 607, 884 and program structure, 433-434 acyclic-graph, 547-549 pure, 395 current, 546 and TLB reach, 432-433 fast sizing of, 592 demand-zero memory, 799 file-system interface, 541-550 demilitarized zone (DMZ), 659 general graph, 549-550 denial-of-service (DOS) attacks, 622, 636 implementation of, 568-570 dentry objects, 605, 804, 805 lightweight directory-access protocol, DEP (Data Execution Prevention), 827 607 DES (data-encryption standard), 639 listing, 542 design of operating systems, 79-80 master file, 543 distributed systems, 753-757 page, 381, 853 Linux, 780-783 protecting, 554 Windows 10, 826-838 root, 877 application compatibility, 830-831 single-level, 542-543 dynamic device support, 837-838 tree-structured, 545-547 energy efficiency, 836-837 two-level, 543-545 extensibility, 833-834 user file, 543 international support, 835-836 directory object, 850 performance, 831-833 direct virtual memory access (DVMA), portability, 838-839 500 reliability, 828-829 dirty bits (modify bits), 402 security, 826-828 discretionary access control (DAC), 684 desktop, 59 disinfection, program, 658 Desktop Activity Moderator (DAM), 837 disk(s). See also mass-storage structure; Desktop Window Manager (DWM), 825 RAID (redundant arrays of detection-algorithm usage (deadlock), inexpensive disks) 340-341 boot (system), 465 deterministic modeling, 245-247 mini-, 704 910 Index

raw, 413, 464, 601 dockers, 719 disk arm, 450 document(s): disk blocks, 40 File System Hierarchy Standard, 778-779 disk image, 723-724 living, 653 diskless clients, 762 domains: Disk Management tool, 465 capability lists for, 680-681 disk-scheduling algorithms, 460-461 protection, 671-675, 711 dispatched process, 112 public domain software, 779-780 dispatchers, 203-204, 239, 840-841 scheduling, 238 dispatcher database, 842 security, 659 dispatcher objects, 297, 845-846 Windows 10, 884 dispatching interrupts, 9, 494 domain-name system (DNS), 607, 739-740 dispatch latency, 203, 228, 229 domain switching, 673, 674 dispatch queue, 185 DOS attacks, 622, 636 distinguished name, 647 double buffering, 499, 509 Distributed Denial-of-Service (DDoS) double caching, 584 attacks, 636 double indirect blocks, 576 distributed file systems (DFSs), 605, doubly linked lists, 37 757-768 down time, 572 client-server model, 758-759 DPCs (deferred procedure calls), 841, 847 cluster-based model, 759-761 DRAM (dynamic random-access defined, 757 memory), 11 implementation techniques, 763-764 drive formatting, 463, 464 naming in, 761-764 drive mirroring, 476 remote file access in, 764-767 driver end (STREAM), 519 trends in, 767-768 driver objects, 863 Windows 10, 883 driver-registration system (Linux), 784, distributed information systems 785 (distributed naming services), 607 Drive Writes Per Day (DWPD), 453 distributed lock manager (DLM), 21 dropped packets: distributed operating systems, 749-753 TCP transfer with, 748, 749 distributed systems, 35-36 UDP transfer with, 747-748 advantages of, 733-735 dual-booted systems, 601 defined, 733 dual-core design, 17, 18 design issues in, 753-757 dual-mode operation, 24-25 distributed file systems, 757-768 DVMA (direct virtual memory access), client-server model, 758-759 500 cluster-based model, 759-761 DWM (Desktop Window Manager), 825 defined, 757 DWPD (Drive Writes Per Day), 453 implementation techniques, 763-764 dynamically linked libraries (DLLs), 76, naming in, 761-764 355-356 remote file access in, 764-767 dynamic device support (Windows 10), trends in, 767-768 837-838 distributed operating systems, 749-753 dynamic linking, 803 distributions (GNU/Linux), 48 dynamic loading, 355 DLLs (dynamically linked libraries), 76, dynamic protection, 673 355-356 DLM (distributed lock manager), 21 dynamic random-access memory (DRAM), 11 DMA (direct memory access), 15, 498-500 DMA-acknowledge, 499 dynamic storage-allocation problem, 358, 571 DMA controller, 498 DMA-request, 499 dynamic tick, 836-837 DMZ (demilitarized zone), 659 DNS (domain-name system), 607, 739-740 E Index 911 earliest-deadline-first (EDF) scheduling, error-correcting organization, 476-477 232-233 error-correction code (ECC), 462-463 ease of use, 4, 822 error detection, 57, 462 easily remembered passwords, 651 error handling, 511-512 eBPF tracing tool, 99, 100 eSATA buses, 456 ec2, 44 escalate privileges, 34 ECC (error-correction code), 462-463 escape (operating systems), 503 economic benefits, of multithreaded Ethernet packets, 745-746 processes, 162 events, 297 EDF (earliest-deadline-first) scheduling, event latency, 227-228 232-233 event objects (Windows 10), 845 edu (top-level domain), 739 event tracing, 822 effective access time, 397-398 event-vector table, 11 effective capabilities, 685 eVM, 729 effective memory-access time, 367 "exactly once" functionality, 150 effective transfer rates, 451, 486 exceptions, 22, 497, 847-848 effective UID, 34 exception dispatcher, 847 efficiency, 1, 582-583, 692, 836-837 exclusive locks, 534 electrical storage systems, 14 exec() system call, 188, 786-789 elevator algorithm, see SCAN scheduling Executable and Linkable Format, see ELF algorithm executable files, 75, 107, 530 ELF (Executable and Linkable Format), executing files, 551 76-77, 801, 802 execution of user programs, 801-803 embedded computers, 5 execution time, 353 empty processes, 123 executive (Windows 10), 848-874 empty slabs, 429, 798 booting, 872-874 emulation, 34, 717-718 cache manager, 864-866 emulators, 703 facilities for client-server computing, encapsulation (Java), 696 861-862 encrypted viruses, 633 I/O manager, 862-864 encryption, 638-645 object manager, 849-851 asymmetric, 641, 645 plug-and-play manager, 869-870 authentication, 641-644 power manager, 870-871 defined, 638 process manager, 858-860 key distribution, 644-645 registry, 871-872 public-key, 641 security reference monitor, 866-869 symmetric, 639-640 virtual memory manager, 851-858 energy efficiency, 836-837 exit section, 260 enhanced second-chance exit() system call, 121-122 page-replacement algorithm, expansion bus, 490 410-411 exponential average, 208 entitlements (Darwin), 686-687 export list, 612 entry section, 260 ext2 (second extended file system), 805 entry set, 303, 304, 307 ext3 (third extended file system), 805-807 environment: ext4 (fourth extended file system), 805 computing, 40-46 extended file attributes, 531 kernel, 88 extended file system (extfs), 566, 805 operating system as, 4 extensibility, of Windows 10, 833-834 programming, 703, 717 extent (contiguous space), 572 run-time, 64-65 external data representation (XDR), 150 thread environment blocks, 889-890 external fragmentation, 359-360, 571-572 environment vector, 787 extfs (extended file system), 566, 805 equal allocation, 414 errors, 462-463, 467, 511-512 F 912 Index

failure(s), 473, 474, 754-756 file info window (macOS), 531 failure analysis, 95-96 file management, 74 failure modes (remote file systems), file-management system calls, 71 607-608 file mapping, 555, 557 fairness parameter, 307 file migration, 761-762 fair scheduling, 791 file modification, 74 false negatives, 656 file objects, 605, 804-805, 862 false positives, 656 file-open count, 534 fast directory sizing, 592 file-organization module, 565 fast I/O mechanism, 865-866 file pointers, 534 fast-user switching, 825, 874-875 file reference, 876 FAT (file-allocation table), 574-575 file replication, 761 fault, page, 394-395 file-server system, 43 fault tolerance, 19, 754 file sessions, 608 fault-tolerant systems, 754 file sharing, 602-603 FC (fiber channel), 470 file systems, 597-616 FCB (file-control block), 565, 567 Andrew, 759 FC buses, 456 Apple, 592 FC bus controller, 491 basic, 564, 565 FCFS scheduling, 458, 459 clustered, 768 FCFS scheduling algorithm, 206-207, 458 common Internet, 607, 880 fd (file descriptor), 568, 788 consistency semantics in, 608-609 fences, memory, 266 defined, 564 fibers, 241, 889-890 distributed, see distributed file systems fiber optic cables, 736 (DFSs) fibre channel (FC), 470 extended, 566, 805 fibre channel (FC) buses, 456 file sharing, 602-603 fibre channel (FC) bus controller, 491 Google, 759-761 fidelity, 704 Hadoop, 484 FIFO, 38 Linux, 803-810 FIFO page replacement algorithm, ext3 file system, 805-807 404-406 journaling, 808 50-percent rule, 359 /proc file system, 808-810 file(s), 29-30, 529-530. See also virtual, 804-805 directory(-ies); specific types log-based transaction-oriented, 587-588 appending, 551 logical, 565 attributes of, 530-531 mounting of, 598-602 defined, 255, 527, 529 network, 610-615 deleting, 532, 542, 551 network file, 610-615, 759 executing, 551 operations, 566-568 internal structure of, 537-539 parallel, 768 locking, 534-536 partitions in, 601-602 opening, 532 registration of, 785 operations on, 532-536 remote, 605-608 paging, 851 Solaris, 482-484, 597, 599 reading, 532, 551 special-purpose, 597-598 renaming, 542 structure, 564-566 searches for, 541, 542 traversing, 542 truncating, 532 traversing of, 542 writing, 532, 551 UNIX, 565-566, 598 file-allocation table (FAT), 574-575 usage, 568 file-control block (FCB), 565, 567 virtual, 603-605, 804-805 file descriptor (fd), 568, 788 Windows 10, 875-879 file handle, 568 write-anywhere file layout, 589-593 Index 913

ZFS, 482-484, 581, 588, 598 flexibility, of compiler-based file-system context, 788 enforcement, 692 File System Hierarchy Standard FLIH (first-level interrupt handler), 496 document, 778-779 flow control, 519, 748, 749 file system implementation, 563-593 flushing, 366 allocation methods, 570-578 folder redirection, 883 contiguous allocation, 570-573 folders, 59 indexed allocation, 575-577 foreground priority separation boost, 843 linked allocation, 573-575 foreground processes, 115, 122, 215, 241 performance, 577-578 fork() and exec() process model (Linux), directory implementation, 568-570 786-789 efficiency, 582-583 fork-join model, 180-184 file-system operations, 566-568 fork()system call, 118-119, 188, 786-789 file-system structure, 564-566 formatting, 463, 464 free-space management, 578-582 forwarding, 466 performance, 583-586 forward-mapped page tables, 371 recovery, 586-589 4-byte pages, 363, 364 WAFL example, 589-593 four-layered model of security, 623-625 file-system interface, 529-560 fourth extended file system (ext4), 805 access methods, 539-541, 551-554 fragments, packet, 815 directory structure, 541-550 fragmentation, 359-360, 571-572 acyclic-graph directories, 547-549 frame(s), 360 general graph directory, 549-550 in data-link layer, 742 single-level directory, 542-543 free, 364, 396-397, 425-426 tree-structured directories, 545-547 minimum number of, 413-414 two-level directory, 543-545 page, 853 file attributes, 530-531 page faults vs., 404, 405 and file concept, 529-530 victim, 402 file operations, 532-536 frame allocation, 413-419 file structure, 537-539 allocation algorithms, 403, 414-415 file types, 536-537 equal, 414 memory-mapped files, 555-560 global vs. local, 415-418 protection, 550-555 file-system management, 29-30 minimum number of frames, 413-414 file-system manipulation (operating non-uniform memory access, 418-419 system service), 56-57 proportional, 414-415 file table, 788 frame-allocation algorithm, 403, 414-415 file transfer, 750-751 frame table, 365 file viruses, 632 free-behind technique, 585 filter drivers, 863 FreeBSD, 70, 71 filtering, system-call, 688 free frames, allocation and, 364 filter management, 863 free-frame list, 396-397, 425-426 fine-grained multithreading, 222 free page, 856 Finish (data structure), 335, 339 Free Software Foundation (FSF), 48 firewalls, 41, 659-660 free-space list, 578-579 firewall chains, 815 free-space management, 578-582 firewall management, 815 fresh value, 647 firmware, 11, 12 front-end processors, 522 first-come, first-served (FCFS) scheduling FSF (Free Software Foundation), 48 algorithm, 206-207, 458 fsgid property, 818 first-fit strategy, 358, 359 fsuid property, 818 first-level interrupt handler (FLIH), 496 FTL (flash translation layer), 453-454 first readers, 291 full backup, 589 flash translation layer (FTL), 453-454 full slabs, 429, 798 914 Index

functional programming languages, Hadoop, 22 313-314 Hadoop distributed file system (HDFS), 759, 760 G Hadoop file system (HDFS), 484 HAL (hardware-abstraction layer), 835, Galois field math, 478 840 Gantt chart, 206 handles, 849 garbage collection, 454, 549, 550, 727 handle tables, 849 GB (gigabyte), 11 handling, signal, 188-189 gcc (GNU C compiler), 778 handshake, three-way, 748 GCD (Grand Central Dispatch), 185-186 hard affinity, 225 GDT (global descriptor table), 379 hard-coding techniques, 129 general graph directories, 549-550 hard disk drives (HDDs), 13 general revocation, 682 components of, 450-451 gestures, 60 defined, 449 get command, 751 scheduling, 457-461 GFS (Google file system), 759-761 hard errors, 463, 467 gigabyte (GB), 11 hard limits, 438, 857 git, 50 hard links, 532, 549, 879 global allocation, 415-418 hard page faults, 416 global descriptor table (GDT), 379 hard real-time systems, 227 global dispatch queues, 185 hardware, 4 global replacement, 415-418 instructions, 266-269 global table, 679 I/O system, 490-500 GNOME desktop, 60 direct memory access, 498-500 GNU C compiler (gcc), 778 interrupts, 494-498 GNU General Public License (GPL), 48 polling, 493-494 GNU/Linux, 48 and main memory, 350-352 Google Android, 42 and memory management, 28 Google file system (GFS), 759-761 process migration and, 753 GPFS, 768 for relocation and limit registers, 357 GPL (GNU General Public License), 48 for storing page tables, 365-368 GPU (graphics processing unit), 735 synchronization, 265-270 graceful degradation, 19 transformation of requests to operations Grand Central Dispatch (GCD), 185-186 by, 516-519 granularity, minimum, 791 virtual machine, 710-713 graphs, acyclic, 547 hardware-abstraction layer (HAL), 835, graphical user interfaces (GUIs), 56, 59-61 840 graphics processing unit (GPU), 735 hardware objects, 672 green threads, 167 hardware threads, 222 group (user class), 551 hardware transactional memory (HTM), group identifiers, 33-34 312 grouping, 580 hard working-set limits, 438 group policies, 884 hash collision, 39 group rights (Linux), 817 hashed page tables, 373-374 GRUB, 94 hash functions, 38-39, 643 guard pages, 852 hash map, 39 guest (operating system), 34 hash tables, 570 guest processes, 702 hash value (message digest), 643 GUIs (graphical user interfaces), 56, 59-61 HBA (host bus adapter), 491 HDDs, see hard disk drives H HDFS (Hadoop distributed file system), 759, 760 hackers, 622 HDFS (Hadoop file system), 484 Index 915 head crash, 451 I heaps, 893-894 heap section (of process), 107 IA-32 architecture, 379-382 heartbeat procedure, 754-755 IA-64 architecture, 382 heterogeneous multiprocessing, 226-227 IaaS (infrastructure as a service), 44 hibernation, 870 IB (InfiniBand), 473 hierarchical paging, 371-373 icons, 59 high-availability service, 19 ideal processors, 242, 842 high contention, 271, 286 idempotent, 759 high memory, 795 identifiers: high-performance computing, 20 address-space, 366 high-performance event timer (HPET), file, 530 505 group, 33-34 high priority, 212 host names vs., 738 hijacking, session, 623 location-independent file, 764 hit ratio, 367, 432 process, 116 hives, 871 spoofed, 606 hold-and-wait condition (deadlocks), 321, user, 33 327-328 idle process, 872 holes, 358 idle threads, 239, 842 HoloLens, 874 IKE protocol, 646 honeypot, 655-656 image, disk, 723-724 horizontal scalability, 484 immediate revocation, 682 host(s): immutable shared files, 609 distributed system, 734 immutable-shared-file semantics, 609 operating system, 35, 177 imperative languages, 313 virtual machine, 702 impersonation, 867 host-attached storage, 470 implementation: host bus adapter (HBA), 491 CPU scheduling algorithm, 249 host controller, 456 cryptography, 645-646 host-id, 739 directory, 568-570 host name, 73, 738 file system, see file system hot spare (drive), 480 implementation hot-standby mode, 19, 20 monitor, 280-281 HPET (high-performance event timer), of naming techniques, 763-764 505 of operating systems, 80-81 HTM (hardware transactional memory), Pthread, 169, 170 312 of security defenses, 653-662 HTTP protocol, 881 and accounting, 659 huge pages, 363, 432 and auditing, 659 Hybrid Boot, 873-874 and firewalling, 659-660 hybrid cloud, 44 and intrusion prevention, 655-657 hybrid operating systems, 86-91 levels of defenses, 661-662 hypercalls, 717 and logging, 659 hypercall interface, 839 and security policy, 653 hyper-threading, 222, 832 and virus protection, 657-659 Hyper-V for Client, 831 and vulnerability assessment, 653-655 hyper-V hypervisor, 839 semaphore, 274-276 hypervisors, 670, 702 synchronization primitive, 845-846 separation, 729 virtual machine, 713-719 type 0, 702, 713-714 application containment, 718-719 type 1, 703, 714-715 emulation, 717-718 type 2, 703, 715-716 paravirtualization, 716-717 916 Index

programming-environment defined, 501 virtualization, 717 speeds of, 510 type 0 hypervisors, 713-714 interlock, I/O, 434-436 type 1 hypervisors, 714-715 intermachine interface, 757 type 2 hypervisors, 715-716 internal fragmentation, 359 and virtual machine life cycle, 713 international support (Windows 10), implicit threading, 176-188 835-836 fork join, 180-183 Internet, 737 Grand Central Dispatch, 185-186 Internet Key Exchange (IKE), 646 Intel thread building blocks, 186-188 Internet model, 742 OpenMP and, 183-185 Internet Protocol (IP), 743-746. See also thread pools and, 177-180 Transmission Control importance hierarchy (Android), 122 Protocol/Internet Protocol include file, 40 (TCP/IP) increase scheduling priority privilege, Internet Service Providers (ISPs), 737 887 interpreted languages, 717 incremental backup, 589 interprocess communication (IPC), indefinite blocking (starvation), 213, 343 123-153 independence, location, 762, 769 in client-server systems, 145-153 independent processes, 123 remote procedure calls, 149-153 indexes, 540, 542, 576 sockets, 146-149 index blocks, 575-577 in Linux, 777, 812-813 indexed allocation, 575-577 Mach example of, 135-138 index root, 876 in message-passing systems, 127-132 indirect blocks, 576, 577 pipes in, 139-145 indirect communication, 129 POSIX shared-memory example of, indirection, 683, 703 132-135 InfiniBand (IB), 473 in shared-memory systems, 125-127 information leak attacks, 827 Windows example of, 138-139 information-maintenance system calls, 72 interrupt(s), 8-11, 494-498 information sharing, 123 defined, 494 infrastructure as a service (IaaS), 44 in Linux, 794 inheritable capabilities, 685 maskable, 10, 495-496 init process, 117 nonmaskable, 10, 495 in-memory file-system structures, 568, 569 software (traps), 497 inode, 482, 565, 577 in Windows 10, 846-848 inode objects, 605, 804 interrupt chaining, 10, 496 input/output, see I/O interrupt-controller hardware, 9, 495 input/output operations per second interrupt-dispatch table (Windows 10), (IOPS), 461 848 insert() method, 305-307 interrupt-handler routine, 9, 494-495 InServ storage array, 481 interrupt latency, 228 instruction register, 12 interrupt objects, 848 integrity, 622, 687-688 interrupt priority levels, 10-11, 497 integrity label (Windows 10), 663 interrupt request levels (IRQLs), 841, 846 integrity levels, 826 interrupt-request line, 9, 494 Intel processors, 379-382 interrupt service routines (ISRs), 844 event-vector table, 496 interrupt vector, 9, 496 IA-32 architecture, 379-382 intruders, 622 IA-64 architecture, 382 intrusion prevention, 655-657 thread building blocks, 186-188 intrusion-prevention systems (IPSs), 656 inter-computer communications, 522 inverted page tables, 374-375, 433 interface(s). See also specific types involuntary context switches, 204 choice of, 60-62 I/O (input/output): Index 917

fast mechanism for, 865-866 IPC, see interprocess communication raw, 464, 465 iPhone, 60 structure of, 14-15 IPIs (Windows 10), 847-848 in virtual machines, 722-723 IPSec, 646 I/O-bound processes, 112 IPSs (intrusion-prevention systems), 656 I/O burst, 201 IRP (I/O request packet), 863 I/O bus, 456 IRQLs (interrupt request levels), 841, 846 I/O channel, 522 iSCSI, 471 I/O control level (file system), 564 ISPs (Internet Service Providers), 737 I/O interlock, 434-436 ISRs (interrupt service routines), 844 I/O manager, 862-864 Itanium, 382 I/O operations, 56 iteration space, 187 IOPS (input/output operations per second), 461 J I/O request packet (IRP), 863 iOS operating system, 42, 87-89 Java: I/O status information (PCBs), 110 DNS lookup in, 740 I/O subsystem(s), 32-33 file locking in, 534, 535 kernels in, 508-516 fork-join in, 180-184 procedures supervised by, 516 Lambda expressions in, 174 I/O system(s), 489-525 language-based protection in, 694-696 application interface, 500-508 synchronization, 303-311 block and character devices, 503-504 condition variables, 309-311 clocks and timers, 505-506 monitors, 303-307 network devices, 504-505 reentrant locks, 307-308 nonblocking and asynchronous I/O, semaphores, 308-309 506-507 thread dumps in, 339 vectored I/O, 507-508 thread pools in, 179-180 hardware, 490-500 Java Executor interface, 175-176 direct memory access, 498-500 Java threads, 173-176 interrupts, 494-498 Java Virtual Machine (JVM), 177, 717, for memory-mapped I/O, 491-493 727-728 polling, 493-494 JBOD (Just a Bunch of Disks), 472 summary, 500 JIT compilers, 728 kernel subsystem, 508-516 jobs, processes vs., 106 buffering, 509-510 job objects, 859 caching, 510-511 job scheduling, 106 data structures, 512-514 journaling, 587-588, 808 error handling, 511-512 Just a Bunch of Disks (JBOD), 472 I/O scheduling, 508-509 just-in-time (JIT) compilers, 728 power management, 514-516 JVM, see Java Virtual Machine procedures supervised by, 516 protection, 512 K spooling and device reservation, 511 Linux, 810-812 KB (kilobyte), 11 overview, 489-490 K Desktop Environment (KDE), 60 STREAMS mechanism, 519-521 Kerberos network authentication and system performance, 521-524 protocol, 607 transformation of requests to hardware kernel(s), 6, 7, 501, 508-516 operations, 516-519 buffering, 509-510 IP (Internet Protocol), 743-746. See also caching, 510-511 Transmission Control computational, 833 Protocol/Internet Protocol data structures, 36-40, 512-514 (TCP/IP) error handling, 511-512 918 Index

I/O scheduling, 508-509 Lambda expressions, 174 and I/O subsystems, 516 languages, 313-314, 717 Linux, 776-778, 781 language-based protection systems, nonpreemptive, 262 690-696 power management, 514-516 compiler-based enforcement, 691-693 preemptive, 262 in Java, 694-696 protection, 512 LANs (local-area networks), 36, 735-737 secure, 839-840 large objects, 430 spooling and device reservation, 511 latency: synchronization of, 295-299, 792-794 dispatch, 203, 228, 229 uni-, 728 event, 227-228 Windows 10, 839-848 interrupt, 228 kernel abstractions, 89 in real-time systems, 227-229 kernel code, 261 rotational, 451 kernel data structures, 36-40, 512-514 target, 236, 791 kernel environment, 88 latency command, 494 kernel extensions (kexts), 89 layers (of network protocols), 645 kernel memory allocation, 426-430 layered approach (operating system kernel mode, 24, 25, 782 structure), 83-84 Kernel-Mode Driver Framework layered protocols, 891 (KMDF), 864 LBA (logical block address), 456 kernel-mode threads (KT), 841 LCNs (logical cluster numbers), 875 kernel modules, 86, 783-786 LDAP (lightweight directory-access kernel module management, 784 protocol), 607, 884 kernel object access (Windows 10), 884-885 LDT (local descriptor table), 379 kernel threads, 166, 217, 234 least-frequently used (LFU) kernel virtual memory, 801 page-replacement algorithm, Kernighan’s Law, 98 411-412 kexts (kernel extensions), 89 least privilege, principle of, 626, 627, keys: 668-669 for capabilities, 683 least-recently-used (LRU) algorithm, defined, 638 407-408 Internet Key Exchange, 646 left child, 38 in lock-key schemes, 681 LFH design, 894 master, 683 LFU page-replacement algorithm, 411-412 private, 641 lgroups, 419 public, 641 libc (C library), 63, 69, 370, 781 sense, 512 libraries: session, 647 C, 63, 69, 370, 781 key distribution, 644-645 Linux system, 781 key ring, 644 shared, 356, 392 keystreams, 640 thread, 168-176 keystroke logger, 634 about, 168-169 kilobyte (KB), 11 Java, 173-176 KMDF (Kernel-Mode Driver Pthreads, 169-171 Framework), 864 Windows, 171-173 Korn shell, 58 library operating systems, 728 KT (kernel-mode threads), 841 licensing, Linux, 779-780 Kubernetes, 719 life cycle: I/O request, 518-519 L virtual machine, 713 lifetime, virtual address space, 799-800 labels, for mandatory access control, 685 LIFO, 37-38 Index 919 lightweight directory-access protocol obtaining page size on, 364 (LDAP), 607, 884 Linux timers, 27 lightweight process (LWP), 193 lists, 37 limit register, 351-352 access, 679-680 linear addresses, 380, 382 access-control, 552, 555, 826 linear lists (files), 569-570 capability, 680-681 line discipline, 811-812 export, 612 link(s): free-frame, 396-397, 425-426 communication, 128 free-space, 578-579 defined, 548 linear, 569-570 hard, 532, 549, 879 linked, 37, 38, 579-580 resolving, 548 user control, 561 symbolic, 879 listing directories, 542 linked allocation, 573-575 listing file names and attributes, 551 linked lists, 37, 38, 579-580 little cores, 227 linked scheme index block, 576 little-endian, 150 linkers, 75, 76 Little’s formula, 247 linking, 355-356, 803, 882 live CD, 48 Linux, 48, 775-819 live DVD, 48 capabilities in, 685-686 livelock, 320-322 design principles for, 780-783 live migration (virtual machines), 706, file systems, 803-810 724-726 ext3 file system, 805-807 liveness, 283-284 journaling, 808 living documents, 653 /proc file system, 808-810 loadable kernel modules (LKMs), 86 virtual, 804-805 load balancing, 224-225, 735, 753 history of, 775-780 loaders, 75-77, 695, 727, 783. See also input and output, 810-812 bootstrap programs interprocess communication, 812-813 loading, 355, 801-803 kernel modules, 783-786 load sharing, 220 lockdep tool, 330 load time, 353 memory management, 795-803 local allocation, 415-418 execution and loading of user local-area networks (LANs), 36, 735-737 programs, 801-803 local descriptor table (LDT), 379 physical memory, 795-798 locality model, 421 virtual memory, 436-437, 798-801 locality of reference, 395 network structure, 813-815 locality property, 857 process management, 786-790 local-name, 763 process representation in, 111 local replacement, 415-418 scheduling in, 234-239, 790-794 local replacement algorithm, 420-421 security model, 816-818 location, file, 530, 534 swap-space management in, 468-470 location independence, 761, 762 synchronization in, 296-298 location-independent file identifiers, 764 system structure, 83 location transparency, 761 threads example, 195-196 locks, 681. See also deadlock(s) tree of processes, 116 advisory, 535 Windows subsystem for, 91 exclusive, 534 Linux distributions, 776, 779 in Java API, 534, 535 Linux instance, 91 mandatory, 535 Linux kernel, 776-778, 781 mutex, 270-272, 299-300 Linux kernel data structures, 40 nonrecursive, 299 Linux system(s), 776 Pushlocks, 831 components of, 781-783 reader-writer, 292-293 history of, 778-779 reentrant, 307-308 920 Index

scope of, 305 as hybrid system, 87-89 shared, 534 latency command, 494 for shared data, 70 sandboxing in, 690-691 lock-free algorithms, 284 macro viruses, 632 locking, page, 434-436 magic number (files), 537 locking files, 534-536 magnetic tapes, 455 lock-key scheme, 681 mailboxes, 129-130 lofs (file system), 598 main memory, 349-385 log-based transaction-oriented file and address binding, 352-353 systems, 587-588 ARMv8 architecture, 383-384 log files, 95, 876 contiguous allocation of, 356-360 log-file service, 878 and dynamic linking, 355-356 logging, 57, 659 and dynamic loading, 355 logging area, 878 and hardware, 350-352 logical address, 353, 379 Intel 32 and 64-bit architectures, 379-382 logical address space, 353-355 and logical vs. physical address space, logical blocks, 456 353-355 logical block address (LBA), 456 paging for management of, 360-376 logical cluster numbers (LCNs), 875 basic method, 360-365 logical file system, 565 hardware, 365-368 logical formatting, 464 hashed page tables, 373-374 logical memory, 24, 362. See also virtual hierarchical paging, 371-373 memory inverted page tables, 374-375 logical processors, 832 and Oracle SPARC Solaris, 375-376 logical records, 539 protection, 368-369 logic bomb, 627 and shared pages, 369-371 login, remote, 750 swapping with, 377 loopback, 148 shared libraries, 356 loosely coupled system, 83 and swapping, 376-378 loosely-coupled systems, 19 main queue, 185 love bug virus, 658 main TLB, 384 low contention, 271 major page faults, 416 low-fragmentation heap (LFH) design, malware, 625-628 894 MANs (metropolitan-area networks), 36 low-level formatting (disks), 463 mandatory access control (MAC), 684-685 low priority, 212 mandatory file-locking mechanisms, 535 LRU algorithm, 407-408 mandatory policy, 826 LRU-approximation page replacement man-in-the-middle attack, 623, 635, 645 algorithm, 409-411 many-to-many multithreading model, LRU page replacement, 407-409 167-168 ls command, 751 many-to-one multithreading model, Lustre, 768 166-167 LWP (lightweight process), 193 mapping, 39 LXC containers, 718, 719 address, 456-457 file, 555, 557 M memory, 802-803 MapReduce system, 22, 761 MAC (mandatory access control), 684-685 marshaling, 150, 882 MAC (message-authentication code), 643 Mars Pathfinder, 285 MAC address, 745 maskable interrupts, 10, 495-496 Mach-O format, 77 masquerading, 622, 623, 635 Mach operating system, 84, 135-138 mass-storage management, 30 macOS operating system: mass-storage structure, 449-486 GUI, 61 address mapping, 456-457 Index 921

attachment of storage, 469-473 logical, 24, 362 device management, 463-467 main, see main memory error detection and correction, 462-463 network virtual memory, 765 hard disk drives, 450-451, 457-461 over-allocation of, 401 nonvolatile memory devices, 452-454, physical, 24, 362, 390, 391, 795-798 461-462 secondary, 395 overview, 449-450 semiconductor, 14 RAID, 473-485 shared, 57, 73, 123, 125, 556-560 extensions, 481-482 software transactional, 312 for object storage, 483-485 32-byte, 363, 364 performance improvement, 475 transactional, 311-312 problems with, 482-483 virtual, see virtual memory RAID levels, 475-481 volatile, 454-455 reliability improvement, 473-475 memory access: scheduling, 457-462 direct, 15, 498-500 secondary storage connection methods, direct virtual, 500 456 effective memory-access time, 367 swap-space management, 467-469 non-uniform, 18, 19, 418-419 volatile memory, 454-455 memory-address register, 354 master book record (MBR), 465, 466 memory allocation, 358-359, 426-430 master file directory (MFD), 543 memory barriers, 265-266 master file table, 566 memory compression, 425-426, 858 master key, 683 memory devices: master secret (TLS), 647 management of, 463-467 matchmakers, 151 nonvolatile, 452-454 Max (data structure), 335 defined, 449 maximum number of resources, NAND flash controller algorithms for, declaration of, 330 453-454 MB (megabyte), 11 overview, 452-453 MBR (master book record), 465, 466 scheduling, 461-462 MD5 message digest, 643 memory fences, 266 mean time between failures (MTBF), 473, memory management, 28-29 474 in Linux, 795-803 mean time of data loss, 474 execution and loading of user mean time to repair, 474 programs, 801-803 mechanical storage systems, 14 physical memory, 795-798 mechanisms, 80, 668. See also specific virtual memory, 798-801 mechanisms with virtual machines, 721-722 medium access control (MAC) address, in Windows 10, 892-895 745 memory-management information medium objects, 430 (PCBs), 110 megabyte (MB), 11 memory-management unit (MMU), 354, memory: 855 Address Window Extension, 894-895 memory manager (MM), 851 anonymous, 399, 469 memory-mapped files, 555-560, 892-893 defined, 14 memory-mapped I/O, 491-493 demand-zero, 799 memory mapping (Linux), 802-803 direct memory access, 14, 498-500 memory model, 265-266 direct virtual memory access, 500 memory protection, 357, 368-369 high, 795 memory stall, 221-222 in-memory file-system structures, memory-style error-correcting 568,569 organization, 476-477 layout of, in C program, 108 memory transactions, 311 layout of process in, 106 messages, 135 922 Index

complex, 136 modules: in distributed systems, 734 file-organization, 565 OSI network, 742, 744 kernel, 86, 783-786 in Win32 API, 891 pluggable authentication, 816 message-authentication code (MAC), 643 stream, 519 message digest (hash value), 643 module loader, 783 message modification, 622-623 module-management system, 783, 784 message passing, 123, 125, 130 module unloader, 783 message-passing model, 57, 72-73, 127-132 monitors, 276-282 buffering, 131-132 dining-philosophers solution with, Mach example, 135-138 295,296 naming, 128-130 implementation of, using semaphores, synchronization, 130-131 280-281 metadata, 607, 876 in Java, 303-307 metaslabs, 581 resumption of processes within, 281-282 methods (Java), 694 security reference, 866-869 Metro, 823 usage of, 277-280 metropolitan-area networks (MANs), 36 monitor calls, see system calls MFD (master file directory), 543 monitor type, 277 MFU page-replacement algorithm, 412 monoculture, 634 microkernels, 84-86 monolithic operating systems, 82-83 Microsoft Interface Definition Language Moore’s Law, 5 (MIDL), 150, 882 most-frequently used (MFU) Microsoft Windows, see Windows page-replacement algorithm, 412 operating system (generally) motherboard, 20 micro TLBs, 384 motivation, for multithreading, 160-161 middleware, 6, 7 mounting, 464, 598-602 MIDL (Microsoft Interface Definition mount points, 598, 879 Language), 150, 882 mount protocol (NFS), 612 migration: mount table, 517, 567 computation, 752 MTBF (mean time between failures), 473, data, 751-752 474 file, 761-762 MUI support, 840 process, 752-753 multicore processors, 221-224 push and pull, 224 multicore programming, 162-166 with virtual machines, 706, 724-726 multicore systems, 16-18 minidisks, 704 multidimensional RAID level 6, 478 minifilters, 863 multifactor authentication, 653 minimum granularity, 791 multilevel feedback-queue scheduling miniport driver, 864 algorithm, 216-217 minor page faults, 416 multilevel index, 576 mirrored volume, 474 multilevel queue scheduling algorithm, mirroring, 474, 476 214-216 MM (memory manager), 851 multimode operation, 25-26 MMU (memory-management unit), 354, multipartite viruses, 634 855 Multiple UNC Provider (MUP), 882-883 mobile computing, 41-42 multiple user interface (MUI) support, mobile systems, 115, 377-378 840 mode bits, 24 multiprocessing, 16, 220, 226-227, 794 moderate contention, 285 multiprocessors, 18, 220 Modern, 823 multi-processor scheduling, 220-227 modified page, 856 approaches to, 220-221 modify bits (dirty bits), 402 examples, 234-242 modularity, 123 Linux, 234-239 Index 923

Solaris, 242-244 naming schemes, 763 Windows, 239-242 naming structures (DFS), 761-763 heterogeneous multiprocessing, 226-227 NAND flash controller algorithms, and load balancing, 224-225 453-454 and multicore processors, 221-224 NAS (network-attached storage), 470-471 and processor affinity, 225-226 NAT (network address translation), 723 multiprocessor systems, 16-19 national-language-support (NLS) API, multiprogramming, 23, 112, 420 835 multi-provider router, 883 NDIS (Network Device Interface multitasking, 23, 115, 790 specification), 880 multithreaded processes, 160 Need (data structure), 335, 336 benefits of, 162 need-to-know principle, 672 deadlocks in, 319-321 nested page tables (NPTs), 710, 712 and exec() system call, 188 network(s): and fork() system call, 188 communication structure, 738-749 models of, 166-168 communication protocols, 741-745 motivation for, 160-161 and naming/name resolution, 738-741 and signal handling, 188-189 TCP/IP example, 745-746 multithreading: UDP and TCP transport protocols, chip, 222, 223 746-749 coarse-grained, 222 defined, 36 fine-grained, 222 firewalling to protect, 659-660 many-to-many, 167-168 in Linux, 813-815 many-to-one, 166-167 local-area, 36, 735-737 one-to-one, 167 metropolitan-area, 36 simultaneous, 222 network operating systems, 749-751 multi-touch hardware, 874 personal-area, 36 MUP (Multiple UNC Provider), 882-883 as resource types, 318 mutex locks, 270-272, 299-300 security in, 623 mutual exclusion (mutex), 260, 267, 268, storage-area, 21, 470, 472 845 structure of, 735-738 mutual-exclusion condition (deadlocks), threats to, 634-637 321, 327 virtual private, 646, 881 wide-area, 36, 735, 737-738 N wireless, 41, 736-737 network address translation (NAT), 723 names: network-attached storage (NAS), 470-471 common and distinguished, 647 network computers, 40 host, 73, 738 network devices, 504-505, 810 resolution of, 738-741 Network Device Interface specification named condition variables, 309 (NDIS), 880 named pipes, 143-145, 881-882 network file system (NFS), 610-615, 759 named semaphores, 300-301 network information service (NIS), 607 named shared-memory object, 559 networking, 880-884 name server, 739 network interfaces (Windows 10), 880 namespaces, 787 network layer, 742 naming, 128-130 network-layer protocol, 645 defined, 761 network operating systems, 36, 749-751 in distributed file systems, 761-764 network protocols, registration of, 785 distributed naming services, 607 network time protocol (NTP), 505 domain name system, 607 network virtual memory, 765 file, 530 new state, 108 and network communication, 738-741 NFS (network file system), 610-615, 759 port, 135-136 NFS protocol, 612-614 924 Index

nice value, 236, 790 event, 845 NIS (network information service), 607 file, 605, 804-805, 862 NLS API, 835 hardware, 672 no-access page, 852 inode, 605, 804 nonblocking I/O, 506-507 interrupt, 848 nonblocking message passing, 130 job, 859 noncontainer objects (Windows 10), 664 in Linux, 797, 804 nonmaskable interrupts, 10, 495 named shared-memory, 559 nonpreemptive kernels, 262 noncontainer, 664 nonpreemptive scheduling, 202 section, 139, 852 nonrecursive locks, 299 semaphore, 845 nonrepudiation, 644 sharing, 885-886 nonresident attributes, 876 small, medium, and large, 430 nonsignaled state, 297 software, 672 non-uniform memory access (NUMA), 18, superblock, 605, 804, 805 19, 418-419 timer, 845 nonvolatile memory (NVM) devices, 13, in Windows 10, 664, 845-846, 848, 849 14, 452-454 Object Linking and Embedding (OLE), defined, 449 882 NAND flash controller algorithms for, object manager (Windows 10), 849-851 453-454 object storage, 483-485 overview, 452-453 object types, 849, 850 scheduling, 461-462 objfs (file system), 598 nonvolatile storage (NVS), 14, 449 off-line compaction of space, 572 NOOP scheduler, 461 OLE (Object Linking and Embedding), no-preemption condition (deadlocks), 882 321, 328 one-time passwords, 652 Normal World, 838 one-to-one multithreading model, 167 notify() method, 305-307 on-line compaction of space, 572 Notify port, 135 OOM (out-of-memory) killers, 418 NPTs (nested page tables), 710, 712 OpenAFS (Andrew file system), 759 NTFS, 875-877 open count, 533 NTP (network time protocol), 505 open-file table, 533, 567 NUMA, see non-uniform memory access opening files, 532 NUMA-aware algorithms, 225-226 OpenMP, 183-185, 312-313 NUMA mode, 238-239 open operating systems, 634 NVM devices, see nonvolatile memory open-source operating systems, 46-51 devices Open Systems Interconnection (OSI) NVM express (NVMe), 456 model, 741-744 NVS (nonvolatile storage), 14, 449 operating system(s): application specificity to, 77-79 O booting, 94-95 building, 92-93 objects: closed-source, 46 access lists for, 679-680 computing environments, 40-46 in cache, 428 CPU scheduling in, 234-244 container, 664 Linux scheduling, 234-239 critical-section, 297, 888 Solaris scheduling, 242-244 defined, 672 Windows scheduling, 239-242 dentry, 605, 804, 805 debugging, 95-100 device, 863 defined,1,3,5-7 directory, 850 design goals for, 79-80 dispatcher, 297, 845-846 features of, 3 driver, 863 functioning of, 4-7 Index 925

implementation of, 80-81 owners: kernel data structures, 36-40 clock, 837 linkers and loaders, 75-77 file, 603 network, 36 as user class, 551 open-source, 46-51 owner rights, 678, 817 operations, 21-27 dual-mode and multimode, 24-26 P multiprogramming and multitasking, 23-24 p (page number), 360 and timer, 26-27 PaaS (platform as a service), 44 reasons for studying, 6 packaged applications, 859 as resource allocator, 5 package systems, 823 resource management by, 27-32 PAE (page address extension), 381 security in, 623-624 pages. See also specific types services provided by, 55-58 defined, 360 structure, 81-91 locking, 434-436 hybrid systems, 86-91 obtaining size of, 364 layered approach, 83-84 page address extension (PAE), 381 microkernels, 84-86 page allocator (Linux), 796 modules, 86 page-buffering algorithms, 412 monolithic, 82-83 page cache, 583, 798 study of, 50 page directory, 381, 853 system calls, 62-74 page-directory entries (PDEs), 853 and API, 63-66 page directory pointer table, 381 functioning of, 62-63 page faults, 394-395, 405, 416 types of calls, 66-74 page-fault-frequency (PFF), 424-425 system services, 74-75 page-fault rate, 398, 423 system’s view of, 5 page frames, 853 threads in, 194-196 page-frame number (PFN) database, 856 user interface with, 4-5, 58-62 page in, 377 virtualization components, 719-726 page locking, 434-436 CPU scheduling, 720 page number (p), 360 I/O devices, 722-723 page offset (d), 360 live migration, 724-726 page out, 377 memory management, 721-722 pageout policy (Linux), 800 optimal page replacement, 406-407 pageout process (Solaris), 439 optimal page replacement algorithm, page replacement, 401-413. See also frame 406-407 allocation optimistic approach, 285 and application performance, 412-413 Oracle SPARC Solaris, 375-376 basic mechanism, 401-404 Orange Book, 826 counting-based page replacement, ordinary pipes, 140-143 411-412 org (top-level domain), 739 defined, 401 orphan processes, 122 FIFO page replacement, 404-406 OS/2 operating system, 821-822 global vs. local, 415-418 OSI model, 741-744 LRU-approximation page replacement, OSI network model, 741-744 409-411 OSI protocol stack, 742-744 LRU page replacement, 407-409 other users (class), 551 optimal page replacement, 406-407 out-of-band key delivery, 644 and page-buffering algorithms, 412 out-of-memory (OOM) killers, 418 page replacement algorithm, 403 over-allocation of memory, 401 page size, 363, 364, 431-432 overcommitment, 720 page slots, 469 over-provisioning, 454 page table(s), 361-378, 393 926 Index

clustered, 374 control, 714 defined, 361 file-system, 601-602 for demand paging, 395 raw, 468 forward-mapped, 371 root, 601 hardware for storing, 365-368 storage device, 463-465 hashed, 373-374 variable-partition schemes, 358 for hierarchical paging, 371-373 partition boot sector, 566 inverted, 374-375, 433 partitioning, device, 463-464 nested, 710, 712 passphrases, 651 Oracle SPARC Solaris, 375-376 passwords, 554, 649-652 page-table base register (PTBR), 365 path names, 544, 546 page-table entries (PTEs), 853 path-name translation (NFS), 614-615 page-table length register (PTLR), 369 PB (petabyte), 12 paging, 360-376 PCBs (process control blocks), 109-110 basic method, 360-365 PCIe bus, 490 demand, 392-399, 430-436 PC motherboard, 20 basic mechanism, 393-396 PCS (process-contention scope), 217-218 defined, 393 PC systems, 874 free-frame list, 396-397 PDEs (page-directory entries), 853 with inverted page tables, 433 peer-to-peer computing, 43-44 and I/O interlock, 434-436 peer-to-peer distributed systems, 734 and page size, 431-432 PE (Portable Executable) format, 77 and performance, 397-399 penetration test, 654 and prepaging, 430-431 performance: and program structure, 433-434 and allocation of secondary storage, pure, 395 578-579 and TLB reach, 432-433 and demand paging, 397-399 hardware, 365-368 and file system implementation, 583-586 for hashed page tables, 373-374 and I/O system, 521-524 hierarchical, 371-373 and page replacement, 412-413 IA-32, 380-381 RAID structure to improve, 475 inverted, 374-375 under swapping, 378 in Linux, 800 virtualization requirement related to, and memory protection, 368-369 704 and Oracle SPARC Solaris, 375-376 of Windows 10, 831-833 priority, 440 performance monitoring, 96-97 and shared pages, 369-371 performance tuning, 95-97 swapping with, 377, 378 periodic processes, 230 paging files, 851 periodic task rate, 230 paired passwords, 652 permanent revocation, 682 PAM (pluggable authentication permissions, 553, 669 modules), 816 permitted capabilities, 685 PAN (personal-area network), 36 per-process open-file table, 567 parallel file system (PFS), 768 per-process tools, 96, 97 parallelism, 163, 165-166, 475 personal-area network (PAN), 36 parallelization, 20 personal computer (PC) systems, 874 parallel regions, 183-184 personal firewalls, 660 paravirtualization, 703, 716-717 personal identification number (PIN), 652 parent-child relationship, 140 personalities, 87, 787 parent process, 111 pessimistic approach, 285 partial revocation, 682 petabyte (PB), 12 partial slabs, 429, 798 Peterson’s solution, 262-265 partitions: PFF (page-fault-frequency), 424-425 boot, 465 PFN database, 856 Index 927

PFS (parallel file system), 768 naming of, 135-136 phishing, 624 in remote procedure calls, 150 PHY (ports), 490 well-known, 146 physical address, 354, 379 portability, 834-835 physical address space, 353-355 Portable Executable (PE) format, 77 physical formatting, 463 portals, 40 physical layer, 741, 742 port driver, 864 physical memory, 24, 362, 390, 391, 795-798 port number, 746-747 physical security, 623 port rights, 135 physical-to-virtual (P-to-V) conversion, port scanning, 637 724 position-independent code (PIC), 803 PIC (position-independent code), 803 positioning time (disks), 450 Pico process, 91 POSIX: Pico Providers, 823 interprocess communication example, pid (process identifier), 116, 787 132-135 PIN (personal identification number), 652 real-time scheduling, 232-234 pinning, 436, 866 synchronization examples, 299-303 PIO (programmed I/O), 498 POSIX 1e, 685, 686 pipes, 139-145 possession (of capability), 680 anonymous, 141-145 POST (power-on self-test), 872 implementation considerations, 139-140 posting messages, 891 named, 143-145, 881-882 power framework (PoFX), 870 ordinary, 140-143 power management, 514-516 use of, 146 power manager (Windows 10), 870-871 pipe mechanism, 813 power-of-2 allocator, 427 platform as a service (PaaS), 44 power-on self-test (POST), 872 platter (disks), 450 power users, 60-61 PLM (Process Lifetime Manager), 837 PPTP (Point-to-Point Tunneling plug-and-play and (PnP) managers, Protocol), 881 869-870 P + Q redundancy scheme, 478 pluggable authentication modules preemptive kernels, 262 (PAM), 816 preemptive multitasking, 790 plug-in process, 124 preemptive scheduling, 202-203 PnP managers, 869-870 premaster secret (TLS), 647 PoFX (power framework), 870 prepaging, 430-431 Point-to-Point Tunneling Protocol presentation layer, 742 (PPTP), 881 primary thread, 890 policy(-ies), 80 principle of least privilege, 626, 627, cache updating, 766-767 668-669 delayed-write, 766 priority (field), 243 group, 884 priority-based scheduling, 229-230 mandatory, 826 priority-inheritance protocol, 284 mechanisms vs., 668 priority inversion, 284, 285 pageout, 800 priority number, 281 security, 653 priority paging, 440 write-on-close, 766-767 priority replacement algorithm, 420-421 write-through, 766 priority scheduling algorithm, 211-214 policy algorithm (Linux), 800 private cloud, 44 polling, 493-494 private dispatch queues, 185 polymorphic viruses, 633 private keys, 641 pools, 177-180, 483, 889 privileged instructions, 25 pop, 66 privileged mode, see kernel mode ports, 78, 129, 490 privilege escalation, 623 connection and communication, 138 privilege separation, 669 928 Index

procedural languages, 313 process identifier (pid), 116, 787 procedures, as domains, 674 process identity (Linux), 787 process(es), 23, 105-154 Process Lifetime Manager (PLM), 837 aborting, 342 process management: background, 74-75, 115, 123, 215, 241 about, 27-28 browser, 124 in Linux, 786-790 communication between, see Windows 10, 886-891 interprocess communication process manager (Windows 10), 858-860 components of, 106-107 process migration, 752-753 consumer, 126-127, 290, 291, 559-560 process name, 73 context of, 788-789 processors, 18 cooperating, 123, 257 distributed system, 734 coordination among, 260 front-end, 522 daemon, 690 ideal, 242, 842 defined, 103, 105 Intel, 379-382 dispatched, 112 event-vector table, 496 as domains, 674 IA-32 architecture, 379-382 empty, 123 IA-64 architecture, 382 environment of, 787-788 thread building blocks, 186-188 foreground, 115, 122, 215, 241 logical, 832 guest, 702 multi-, 18, 220 idle, 872 multicore, 221-224 independent, 123 processor affinity, 225-226 init, 117 processor groups, 832 I/O- vs. CPU-bound, 112 process reflection, 860 job vs., 106 process representation (Linux), 111 lightweight, 193 process scheduler, 110-112 in Linux, 789-790 multithreaded, see multithreaded process scheduling, 110-115, 199, 234 processes; multithreading process synchronization, 260. See also operations on, 116-123 synchronization tools creation, 116-121 process termination, deadlock recovery termination, 121-123 by, 342 orphan, 122 /proc file system (Linux), 808-810 parent, 111 procfs (file system), 598 passing data between, 813 producer process, 126-127, 290, 558-559 periodic, 230 production kernels (Linux), 777 Pico, 91 program counters, 27, 106, 109 plug-in, 124 program execution (operating system producer, 126-127, 290, 558-559 service), 56 renderer, 124 program loading and execution, 74 service, 123 programmable interval timer, 505 sibling, 111 programmed I/O (PIO), 498 single-threaded, 160 programmer interface (Windows 10), state of, 107-109 884-895 system, 872 IPC with Windows messaging, 891-892 systemd, 117 kernel object access, 884-885 threads performed by, 110 memory management, 892-895 visible, 122 process management, 886-891 in Windows 10, 886 sharing objects between processes, zombie, 122 885-886 process-contention scope (PCS), 217-218 programming: process control blocks (PCBs), 109-110 multi-, 23, 112, 420 process-control system calls, 66-71 multicore, 162-166 Index 929 programming-environment P-to-V conversion, 724 virtualization, 703, 717 public cloud, 44 programming languages, 313-314 public domain software, 779-780 programming-language support, 74 public keys, 641 program structure, for demand paging, public-key encryption, 641 433-434 pull migration, 224 program threats, 625-634 pure code (reentrant), 370 code injection, 628-631 pure demand paging, 395 malware, 625-628 pushing, 66, 519 viruses, 631-634 Pushlocks, 831 worms, 631, 632 push migration, 224 progress (requirement), 260 put command, 751 projects, 244 proportional allocation, 414-415 Q proportional share scheduling, 233 proprietary software, 46-47 Quest-V, 729 protection, 667-698 queue(s), 38 access matrix model, 675-685 dispatch, 185 implementation, 679-682 main, 185 mandatory access control, 684-685 ready, 112, 221, 843 and revocation of access rights, scheduling, 112-113 682-683 wait, 112 role-based access control, 683-684 queuing diagram, 112, 113 capability-based systems, 685-687 queuing-network analysis, 247 code signing, 690 in computer systems, 33-34 R with contiguous memory allocation, 357 domain of, 671-675 race condition, 259, 261 file, 531 RAID (redundant arrays of inexpensive file-system interface, 550-555 disks), 473-485 goals of, 667-668 extensions, 481-482 I/O, 512 levels of, 475-481 language-based systems, 690-696 for object storage, 483-485 compiler-based enforcement, 691-693 performance improvement, 475 in Java, 694-696 problems with, 482-483 as operating system service, 57-58 reliability improvement, 473-475 in paged environment, 368-369 structuring, 474 and principle of least privilege, 668-669 RAID level 0, 476 rings of, 669-671 RAID level 0 + 1, 478-479 sandboxing, 689-690 RAID level 1, 476 static vs. dynamic, 673 RAID level 1 + 0, 478-479 system-call filtering, 688 RAID level 4, 476-477 system integrity, 687-688 RAID level 5, 477-478 from viruses, 657-659 RAID level 6, 478 protection domains, 671-675, 711 RAID levels, 475-481 protection mask (Linux), 817 common, 475-478 protection rings, 25, 669-671 selecting, 480-481 protection system calls, 73-74 variations in, 478-480 pseudo-device driver, 721-722 raising interrupts, 9, 494 PTBR (page-table base register), 365 RAM (random-access memory), 11 PTEs (page-table entries), 853 RAM drives, 454, 455 PTE tables, 853 random-access devices, 502 Pthreads, 169-171, 218-219 random-access memory (RAM), 11 PTLR (page-table length register), 369 random-access time (disks), 450 930 Index

range (value), 187 redirectors, 882-883 ransomware, 626 redundancy, 473-475 RAT (Remote Access Tool), 625 redundant arrays of inexpensive disks, rate-monotonic scheduling, 230-232 see RAID rate-monotonic scheduling algorithm, reentrant code (pure code), 370 230-232 reentrant locks, 307-308 raw disk, 413, 464, 601 reference, locality of, 395 raw I/O, 464, 465, 503-504 reference bits, 409 raw partitions, 468 referenced pointer, 849 RBAC (role-based access control), 683-684 reference string, 404, 406 RDP, 707 reflection, process, 860 reacquisition, of capabilities, 682 reflector, 864 read access, locks with, 292 regions, 383 read-ahead technique, 585 register(s): read-end (of pipe), 140 base, 351-352 readers, 291, 292 control, 492 readers-writers problem, 290-293 CPU, 110 reader-writer locks, 292-293 data-in, 492 reading files, 532, 551 data-out, 492 read-modify-write cycle, 477 instruction, 12 read only devices, 502 limit, 351-352 read pointer, 532 memory-address, 354 read-write devices, 502 page-table base, 365 ready queues, 112, 221, 843 page-table length, 369 ready state, 108, 109 relocation, 354 real-time class, 239 status, 492 real-time CPU scheduling, 227-234 translation table base, 383 earliest-deadline-first scheduling, registry, 74, 871-872 232-233 regression testing, 249 and minimizing latency, 227-229 relative access, 539-540 POSIX real-time scheduling, 233-234 relative block number, 540 priority-based scheduling, 229-230 relative path names, 546 proportional share scheduling, 233 release, of resources, 318 rate-monotonic scheduling, 230-232 reliability: real-time embedded systems, 45-46 of distributed systems, 735 real-time operating systems, 46 RAID for improving, 473-475 real-time range (Linux schedulers), 790 of TCP, 748 real-time scheduling (Linux), 792 of UDP, 747 reapers, 417-418 of Windows 10, 828-829 receives, blocking vs. nonblocking, 130 relocatable code, 353 reconfiguration, 755 relocatable object file, 75 records: relocation, 75, 76 activation, 107 relocation register, 354 base file, 876 remainder section, 260 logical, 539 Remote Access Tool (RAT), 625 master boot, 465, 466 remote desktop, 874 recovery: remote file access, 764-767 from deadlock, 341-343 remote file-systems, 605-608 from failure, 755-756 remote file transfer, 750-751 and file system implementation, 586-589 remote login, 750 Windows 10, 877-878 remote operations (NFS), 615 recovery mode, 95 remote procedure calls (RPCs), 149-153, red-black trees, 38, 40 834 Red Hat, 779 remote-service mechanism, 764 Index 931 removable storage media, 451 rich text format (RTF), 658 remove() method, 305-307 right child, 38 renaming files, 542 rights: renderer processes, 124 access, 534, 673, 680, 682-683 rendezvous, 131 copy, 677 repair, mean time to, 474 group, 817 replacement, page, seepagereplacement owner, 678, 817 replay attacks, 622 port, 135 replication, 480, 592-593 user, 817 reply port, 135 world, 817 repositioning (in files), 532 rings, protection, 669-671 Request (data structure), 335-336, 339, 340 risk assessment, 653-654 requests, for resources, 318 roaming profiles, 883 request consumer (circular buffer), 716 robustness, distributed system, 754-756 request edge, 323 roles, 683 request manager, 811 role-based access control (RBAC), 683-684 request producer (circular buffer), 716 rollback, 343 resident attributes, 876 root directory, 877 resolution: rootkit viruses, 632 address resolution protocol, 745 root partition, 601 conflict, 784, 785 rotational latency (disks), 451 of links, 548 rotations per minute (RPM), 450 name, 738-741 round robin, 130 and page size, 431-432 round-robin (RR) scheduling algorithm, resource allocation (operating system 209-211 service), 57 routers, 736 resource-allocation graph, 323-326, 334, RPCs (remote procedure calls), 149-153, 338 834 resource-allocation-graph algorithm, 333 RPM (rotations per minute), 450 resource allocator, operating system as, 5 RR scheduling algorithm, 209-211 resource arbiters, 869 RSA algorithm, 641, 642 resource management, 27-32 RTE (run-time environment), 64-65 resource preemption, deadlock recovery RTF (rich text format), 658 by, 342-343 running state, 108, 109 resource-request algorithm, 335 running system, 94 resource sharing, 162, 734-735 run time, virtual, 236 resource utilization, 4 run-time-based enforcement, 694-696 responses (password), 652 run-time environment (RTE), 64-65 response consumer (circular buffer), 716 response producer (circular buffer), 716 S response time, 23, 205 responsibility, for run-time-based SaaS (software as a service), 44 enforcement, 694 safe computing, 658 responsiveness, multithreaded process, safe sequence, 331 162 safe state, 331-333 restart area, 878 safety, as virtualization requirement, 704 restore, state, 114 safety algorithm, 335 restore point, system, 871 sandbox, 124, 658 restoring data, 588-589 sandboxing, 689-690 resuming, 717, 888 SANs, see storage-area networks return from sleep, 243 SAS buses, 456, 490 reverse engineering, 47 SATA buses, 456 revocation of access rights, 682-683 save, 114, 592 RHEL 7, 461 scalability, 162, 484, 756-757 932 Index

SCAN scheduling, 458-459 search path, 545 SCAN (elevator) scheduling algorithm, secondary memory, 395 458-459 secondary storage, 13. See also disk(s) scatter-gather method, 498, 508 allocation of, 570-578 schedulers: contiguous allocation, 570-573 CFQ, 461, 811 indexed allocation, 575-577 Completely Fair, 236, 237, 790 linked allocation, 573-575 CPU, 113-114, 201 and performance, 578-579 deadline, 460, 461 connection methods for, 456 Linux, 790 second-chance page-replacement NOOP, 461 algorithm (clock algorithm), process, 110-112 410-411 scheduler activation, 192-194 second extended file system (ext2), 805 scheduling: second-level interrupt handler (SLIH), cooperative, 202 496 CPU, see CPU scheduling second readers, 291 C-SCAN, 460 section objects, 139, 852 earliest-deadline-first, 232-233 sectors, 450, 466, 566 fair, 791 sector slipping, 467 FCFS, 458, 459 sector sparing, 466 HDD, 457-461 Secure Boot, 872 I/O, 508-509 secure by default, 634 job, 106 secure kernel, 839-840 in Linux, 790-794 Secure Monitor Call (SMC), 670 multi-processor, see multi-processor secure shell, 116 scheduling secure system process, 872 nonpreemptive, 202 secure systems, 622 NVM, 461-462 Secure World, 838 preemptive, 202-203 security, 621-665. See also protection priority-based, 229-230 of compiler-based enforcement, 692 process, 110-115, 199, 234 in computer systems, 33-34 proportional share, 233 cryptography for, 637-648 rate-monotonic, 230-232 and encryption, 638-645 real-time, 792 implementation, 645-646 SCAN, 458-459 TLS example, 646-648 selecting disk-scheduling algorithm, implementation of, 653-662 460-461 and accounting, 659 shortest-remaining-time-first, 209 and auditing, 659 thread, 199, 790-791, 844-845 and firewalling, 659-660 user-mode, 241, 833, 890-891 and intrusion prevention, 655-657 in Windows 10, 887 levels of defenses, 661-662 scheduling classes, 236 and logging, 659 scheduling context, 788 and security policy, 653 scheduling domain, 238 and virus protection, 657-659 scheduling information, CPU, 110 and vulnerability assessment, 653-655 scheduling rules, 887 in Linux, 816-818 SCM (service control manager), 870 as operating system service, 57-58 scope: as problem, 621-625 contention, 217-218 and program threats, 625-634 of lock, 305 code injection, 628-631 script kiddies, 631 malware, 625-628 scripts, shell, 61, 536 viruses, 631-634 SCS (system-contention scope), 218 worms, 631, 632 searching, for files, 541, 542 and system/network threats, 634-637 Index 933

user authentication for, 648-653 server subject (Windows 10), 663 in Windows 10, 662-664, 826-828, 878 server systems, 42-43, 734, 874-875 security access tokens (Windows 10), 662 service(s): security context (Windows 10), 662-663 defined, 757 security descriptor (Windows 10), 663 denial of, 622, 636 security domains, 659 distributed naming, 607 security ID (SID), 33, 867 high-availability, 19 security policy, 653 infrastructure as, 44 security reference monitor (SRM), 866-869 log-file, 878 security-through-obscurity approach, 655 network information, 607 security tokens, 867 operating system, 55-58, 74-75, 115, 152 seek, file, 532 platform as, 44 seek time (disks), 450 software as, 44 segmentation, IA-32, 379-380 theft of, 622 selective revocation, 682 service control manager (SCM), 870 semantics, 510, 608-609 service processes, 123 semaphore(s), 272-276 service-trigger mechanism, 870 binary, 273 session(s), 751, 874 counting, 273 session 0, 873 defined, 272 session hijacking, 623 dining-philosophers solution with, session key, 647 294-295 session layer, 742 implementation, 274-276 session manager subsystem (SMSS), in Java, 308-309 872-873 monitors using, 280-281 session semantics, 609 named, 300-301 sets: POSIX examples, 300-302 entry, 303, 304, 307 unnamed, 300-302 hard working-set limits, 438 usage of, 273-274 of holes, 358 semaphore objects (Windows 10), 845 SMT, 242 semiconductor memory, 14 wait, 304, 307 sends, blocking vs. nonblocking, 130 working, 422-424, 438 sending messages, 891 setuid attribute, 34 sense key, 512 setuid bit, 674-675 separation hypervisors, 729 SHA-1 message digest, 643 sequence numbers, 748 shadow copies, 863 sequential access (files), 539, 541 sharable devices, 502 sequential devices, 502 shares, 244 serial ATA (SATA) buses, 456 shared directories, 547 serial-attached SCSI (SAS) buses, 456, 490 shared files, 609 serial dispatch queue, 185 shared libraries, 356, 392 server(s), 73 shared lock, 534 blade, 18-19 shared memory, 123, 125, 556-560 bootstrap, 136 shared-memory model, 57, 73, 125-127, in client-server model, 606, 758-759, 132-136 861-862 shared ready queue, 843 defined, 757 shared system interconnect, 18 in distributed systems, 734 sharing: file-server systems, 43 file, 602-603 name, 739 information, 123 and redirectors, 882-883 load, 220 server-initiated approach to verifying and paging, 369-371 cached data, 767 resource, 162, 734-735 Server Message Block (SMB), 880 space, 592 934 Index

sharing objects, 885-886 SMSS (session manager subsystem), shells, 58, 116, 783 872-873 shell scripts, 61, 536 SMT sets, 242 short duration locks, 272 snapshots, 480, 588, 705, 879 shortest-job-first (SJF) scheduling sniffing, 635-636, 649-650 algorithm, 207-209 social engineering, 624 shortest-next-CPU-burst algorithm, 207 sockets, 146-149 shortest-remaining-time-first scheduling, socket interface, 504 209 soft affinity, 225 shoulder surfing, 649 soft errors, 463 sibling process, 111 soft page faults, 416 SID (security ID), 33, 867 soft real-time systems, 227 Siemens Jailhouse project, 729 software: signals, 188-189, 812-813 process migration and, 753 signal-and-continue method, 279 proprietary, 46-47 signal-and-wait method, 279 public domain, 779-780 signaled state, 297 software as a service (SaaS), 44 signal handlers, 188-189 software engineering, 80 signal-handler table, 789 software interrupts (traps), 497 signatures, 633, 643, 656, 828 software objects, 672 signature-based detection, 656 software transactional memory (STM), silos, 859 312 SIMD, 833 Solaris, 51 simple messages, 136 file systems in, 482-484, 597, 599 Oracle SPARC, 375-376 simple subject (Windows 10), 662 scheduling example, 242-244 simulations, 248-249 virtual memory in, 438-440 simultaneous multithreading, 222 ZFS file system, 482-484, 581, 588, 598 single indirect blocks, 576 Solaris 10: single-level directories, 542-543 role-based access control in, 683, 684 single-processor systems, 15-16 zones in, 718, 719 single step (mode), 72 solid-state disks (SSDs), 452 single-threaded processes, 160 source-code viruses, 633 single-user mode, 95 source files, 530 singly linked lists, 37 space maps, 581 SIP (System Integrity Protection), 687-688 space sharing, 592 Siri, 5 SPARC, 375-376 sites, distributed system, 734 sparseness, 374, 391 64-bit computing, 383 special instructions, 709 SJF scheduling algorithm, 207-209 special-purpose file systems, 597-598 sketch, 70 specifications, thread behavior, 169 slabs, 427-429, 797-798 speed of operations (I/O devices), 502 slab allocation, 427-430, 797-798 spinlocks, 272 Slackware, 779 split-screen, 115 sleep, return from, 243 spoofed identifiers, 606 SLIH (second-level interrupt handler), spoofing, 636 496 spools, 511 slim reader-writer (SRW) locks, 889 spooling, 511 SLOB allocator, 430 Springboard interface, 60, 87 SLUB allocator, 430 spyware, 626 small objects, 430 SRM (security reference monitor), 866-869 SMB (Server Message Block), 880 SRW (slim reader-writer) locks, 889 SMC (Secure Monitor Call), 670 SSDs (solid-state disks), 452 SMP, see symmetric multiprocessing stacks, 37-38, 66 Index 935

device, 862 stream ciphers, 640 LRU page replacement with, 408 stream head, 519 OSI protocol, 742-744 streaming transfer rate, 486 stack algorithms, 408-409 stream modules, 519 stack inspection, 694, 695 STREAMS mechanism, 519-521 stack section (of process), 107 string, reference, 404, 406 stalling, 350 strongly ordered model, 265 standard swapping, 377 strong passwords, 651 standby page, 856 stubs, 150 starvation (indefinite blocking), 213, 343 subjects (Windows 10), 662-663 states: subsets, stack algorithm, 408 application, 378 subsystems, 75 new, 108 SunOS, 51 nonsignaled vs. nonsignaled, 297 superblock, 566 of processes, 107-109 superblock objects, 605, 804, 805 ready, 108, 109 supervisor mode, see kernel mode running, 108, 109 SuSE, 779 safe, 331-333 suspended state, 705, 888 suspended, 705, 888 swap map, 469 terminated, 109 swapping, 113-114, 376-378 unsafe, 332-334 in Linux, 800 waiting, 108, 109 on mobile systems, 377-378 state information, 608 with paging, 377, 378 stateless DFS, 608 standard, 377 state restore, 114 system performance under, 378 state save, 114 swap space, 395, 468-469 static linking, 355-356, 803 swap-space management, 467-469 static protection, 673 SwitchBranch mechanism, 830 status information, 74 switches, context, 114-115, 204 status register, 492 switching: stealth viruses, 633 domain, 673, 674 STM (software transactional memory), fast-user, 825, 874-875 312 symbolic links, 879 storage, 11-14. See also mass-storage symmetric clustering, 20 structure symmetric encryption, 639-640 cloud, 471, 751 symmetric encryption algorithm, 639 content-addressable, 484 symmetric multiprocessing (SMP), 16, definitions and notations, 12 220, 794 host-attached, 470 symmetry, in addressing, 129 network-attached, 470-471 synchronization, 130-131, 289-314 nonvolatile, 14, 449 alternative approaches to, 311-314 object, 483-485 block, 305 secondary, 13, 456, 570-578. See also bounded-buffer problem, 290 disk[s] dining-philosophers problem, 293-295 tertiary, 13 for interprocess communication, 812-813 thread-local, 192, 894, 895 in Java, 303-311 utility, 481 condition variables, 309-311 volatile, 11 monitors, 303-307 storage-area networks (SANs), 21, 470, 472 reentrant locks, 307-308 storage array, 472-473, 481 semaphores, 308-309 storage attachment, 469-473 kernel, 295-299, 792-794 storage devices, organization of, 597, 598 in Linux, 130-131, 812-813 storage device management, 463-467 in message-passing model, 130-131 storage management, 30, 32, 723 in POSIX, 299-303 936 Index

process, 260. See also synchronization system goals, 79 tools System Integrity Protection (SIP), 687-688 readers-writers problem, 290-293 system libraries (Linux), 781 thread, 888-889 system mode, see kernel mode synchronization primitives, 845-846 system model, for deadlocks, 318-319 synchronization tools, 257-287 system processes, 872 about, 257-260 system programs, 6 critical-section problem, 260-270 system resource-allocation graph, 323-326 hardware solution to, 265-270 system restore point, 871 Peterson’s solution to, 262-265 system utilities, 74-75, 781 evaluation of, 284-286 System V init, 117 and liveness, 283-284 system-wide open-file table, 567 monitors for, 276-282 system-wide tools, 96, 97 resumption of processes within, 281-282 T semaphores, implementation using, 280-281 table(s). See also page table(s) usage, 277-280 attribute-definition, 877 mutex locks, 270-272 device-status, 508-509 semaphores for, 272-276 event-vector, 11 synchronous devices, 502, 506, 507 file, 788 synchronous message passing, 130 file-allocation, 574-575 synchronous threading, 169 frame, 365 synchronous writes, 585 global, 679 system administrators, 60 global descriptor, 379 system build, 92 handle, 849 system calls (monitor calls), 22, 62-74 hash, 570 and API, 63-66 master file, 566 clone(), 195-196 mount, 517, 567 for communication, 72-73 open-file, 533, 567 for device management, 71-72 page directory pointer, 381 exec(), 188 per-process open-file, 567 for file management, 71 PTE, 853 fork(), 188 signal-handler, 789 functioning of, 62-63 system-wide open-file, 567 for information maintenance, 72 tags, 680 for I/O, 512, 513 tapes, magnetic, 455 for process control, 66-71 target latency, 236, 791 for protection, 73-74 target thread, 190 system-call filtering, 688 tasks, 106, 135, 195, 234. See also user system-call firewalls, 660 programs (user tasks) system-call interface, 65 task control blocks, see process control system components (Windows 10), blocks 838-874 task identification, for multicore executive, 848-874 programming, 163 hardware-abstraction layer, 840 task parallelism, 165, 166 hyper-V hypervisor, 839 Task Self port, 135 kernel, 840-848 TB (terabyte), 12 secure kernel, 839-840 TBBs (thread building blocks), 186-188 system-contention scope (SCS), 218 TCP (transmission control protocol), system daemons, 22, 781 743-749 system-development time, 705 TCP/IP, see Transmission Control system disk, 465 Protocol/Internet Protocol systemd process, 117 TCP sockets, 147 Index 937

TDI (Transport Driver Interface), 880 Grand Central Dispatch, 185-186 TEBs (thread environment blocks), Intel thread building blocks, 186-188 889-890 OpenMP and, 183-185 templating, 706 thread pools and, 177-180 temporary revocation, 682 issues: terabyte (TB), 12 fork() and excel() system calls, 188 terminal concentrators, 522 scheduler activations, 192-194 terminal server systems, 874-875 signal handling, 188-190 terminated state, 109 thread cancellation, 190-192 termination, 121-123, 342 thread-local storage, 192 tertiary storage devices, 13 multi-, 166-168, 222, 223 testing, multicore programming in, 165 synchronous, 169 text files, 530 thread libraries, 168-176 text section (of process), 106 about, 168-169 theft of service, 622 Java, 173-176 thin-client computing, 874-875 Pthreads, 169-171 thin clients, 40 Windows, 171-173 third extended file system (ext3), 805-807 thread-local storage (TLS), 192, 894, 895 32-byte memory, 363, 364 thread pools, 177-180, 889 thrashing, 419-425 thread scheduling, 199 cause of, 419-422 in Linux, 790-791 current practice, 425 in Windows 10, 844-845 and page-fault-frequency strategy, threats, 622 424-425 program, 625-634 and working-set model, 422-424 code injection, 628-631 threads, 159-197. See also threading malware, 625-628 alertable, 846 viruses, 631-634 green, 167 worms, 631, 632 hardware, 222 system/network, 634-637 idle, 239, 842 three-way handshake, 748 Java, 173-176 throughput, 204-205 kernel, 166, 217, 234 thunking, 830 kernel-mode, 841 tightly coupled systems, 83 in Linux, 789-790 time: and multicore programming, 162-166 compile, 352 in operating systems, 194-196 down, 572 and process model, 110 effective access, 397-398 Pthreads, 169-171, 218-219 effective memory-access, 367 scheduling of, 199 execution, 353 target, 190 load, 353 user, 166, 217 mean time between failures, 473, 474 user-mode, 841 mean time of data loss, 474 in Windows 10, 841-845, 886-889, 894 mean time to repair, 474 Thread attach, 860 positioning, 450 thread building blocks (TBBs), 186-188 random-access, 450 thread cancellation, 190-192 response, 23, 205 thread dumps, 339 seek, 450 thread environment blocks (TEBs), system-development, 705 889-890 turnaround, 205 threading: virtual run, 236 asynchronous, 169 waiting, 205 hyper-, 222, 832 time quantum, 209-211, 243 implicit, 176-188 time quantum expired, 243 fork join, 180-183 timers, 26-27, 505-506 938 Index

timer objects, 845 Trojan horses, 625-626 time slice, 209-211, 790-791 truncating files, 532 timestamps, 531 trusted addresses, 638 timestamp counters (TSCs), 845 Trustlets, 838 TLB, see translation look-aside buffer TrustZone (TZ), 670, 671 TLB miss, 366 TSCs (timestamp counters), 845 TLB reach, 432-433 tunneling, attacks with, 659-660 TLB walk, 376 turnaround time, 205 TLS (thread-local storage), 192, 894, 895 twisted pair cables, 736 TLS (Transport Layer Security), 646-648 two-factor authentication, 652 tmpfs (file system), 598 two-level directories, 543-545 top half (interrupt service routines), two-level model, 168 793-794 two-level page-table scheme, 372-373 total revocation, 682 type 0 hypervisors, 702, 713-714 touch screens, 5 type 1 hypervisors, 703, 714-715 touch-screen interface, 56, 60 type 2 hypervisors, 703, 715-716 trace files, 248 type safety (Java), 696 tracing tools, 97-98 TZ (TrustZone), 670, 671 tracks, disk, 450 traditional computing, 40-41 U traffic, network, 635-636 transactions, 311, 587, 808 UDP (user datagram protocol), 743, transactional memory, 311-312 746-748 transfer rates, 450, 451, 486 UDP sockets, 147 transition page, 856 UEFI (Unified Extensible Firmware translation: Interface), 94 binary, 708-710 UFD (user file directory), 543 flash translation layer, 453-454 UFS (UNIX file system), 565-566, 598 network address, 723 UI, see user interface path-name, 614-615 UMDF (User-Mode Driver Framework), translation granules, 383 864 translation look-aside buffer (TLB), UMS, see user-mode scheduling 365-368, 376, 384, 855 unbounded buffer, 126 translation table base register, 383 unbounded capacity (of queue), 132 transmission control protocol (TCP), UNC (Uniform Naming Convention), 881 743-749 uncontended loads, 285 Transmission Control Protocol/Internet uncontended locks, 271 Protocol (TCP/IP), 36, 743-746, unified buffer cache, 583-585 880-881 Unified Extensible Firmware Interface transparency, 756, 761 (UEFI), 94 Transport Driver Interface (TDI), 880 unified virtual memory, 583 transport layer, 742 Uniform Naming Convention (UNC), 881 transport-layer protocol (TCP), 645 unikernels, 728 Transport Layer Security (TLS), 646-648 universal serial buses (USBs), 456 traps, 22, 89, 497, 847 Universal Windows Platform (UWP), 426 trap-and-emulate method, 707-708 UNIX file system (UFS), 565-566, 598 trap doors, 626, 627 UNIX operating system: traversing file system, 542 consistency semantics, 609 trees, 38, 39, 116 inode, 577 tree-structured directories, 545-547 I/O kernel structure in, 513, 514 TRIMing unused blocks, 581-582 permissions in, 553 trimming, automatic working-set, 438 protection domain in, 674-675 triple DES, 639 system calls, 68 triple indirect blocks, 576, 577 system structure, 82 Index 939 unloader, module, 783 variables: unnamed data, 875 atomic, 269-270 unnamed semaphores, 300-302 condition, 278, 279, 302-303, 309-311, 889 unsafe state, 332-334 variable class, 239 unstructured data, 484 variable-partition schemes, 358 untrusted applet protection, 695 variable timer, 26 upcalls, 193 VCPU (virtual CPU), 707 upcall handler, 193 vectored I/O, 507-508 updating policy, cache, 766-767 verifier, 98 urgency value, 223 version control system, 49 URL loader, 695 vfork() (virtual memory fork), 400 USB drive, 452 VFS (virtual file system), 804-805 USBs (universal serial buses), 456 VFS layer, 601 use, of resources, 318 victim, for resource preemption, 343 users, 4-5, 603 victim frames, 402 as domains, 674 views, 557, 852 multiple, file sharing between, 602-603 virtual address, 354 other users (class), 551 virtual address control block (VACB), 865 power, 60-61 virtual address descriptors (VADs), 857 user accounts, 662 virtual address space, 390, 391, 799-800 user authentication, 648-653 VirtualBox project, 704 user control list, 561 virtual CPU (VCPU), 707 user datagram protocol (UDP), 743, virtual file-systems, 603-605 746-748 virtual file system (VFS), 804-805 user-defined signal handlers, 189 virtual file system (VFS) layer, 601 user experience layer (macOS and iOS), virtualization, 34-35 87 defined, 701 user file directory (UFD), 543 operating-system components for, user goals, 79 719-726 user IDs, 33, 531, 675 CPU scheduling, 720 user-initiated class, 185-186 I/O devices, 722-723 user-interactive class, 185 live migration, 724-726 user interface (UI), 4-5, 56, 58-62 memory management, 721-722 user mode, 24, 25, 782 storage management, 723 User-Mode Driver Framework (UMDF), para-, 703, 716-717 864 programming-environment, 703, 717 user-mode scheduling (UMS), 241, 833, research, 728-729 890-891 virtual machines, 34, 701-730. See also user-mode threads (UT), 841 virtualization user programs (user tasks), 106, 353, benefits of, 704-707 801-803 building blocks, 707-713 user rights (Linux), 817 binary translation, 708-710 user threads, 166, 217 hardware assistance, 710-713 UT (user-mode threads), 841 trap-and-emulate method, 707-708 utility class, 186 examples, 726-728 utility storage, 481 features of, 704-707 UWP (Universal Windows Platform), 426 history of, 703-704 implementations, 713-719 V application containment, 718-719 emulation, 717-718 VACB (virtual address control block), 865 paravirtualization, 716-717 VADs (virtual address descriptors), 857 programming-environment valid-invalid bit, 368-369 virtualization, 717 valid page, 856 type 0 hypervisors, 713-714 940 Index

type 1 hypervisors, 714-715 virtual memory context, 789 type 2 hypervisors, 715-716 virtual memory fork, 400 and virtual machine life cycle, 713 virtual memory (VM) manager, 851-858 life cycle, 713 virtual memory regions, 799 virtual machine control structures virtual private networks (VPNs), 646, 881 (VMCSs), 711 virtual run time, 236 virtual machine managers (VMMs), 25-26, virtual to physical (V-to-P) conversion, 35, 702 724 virtual machine sprawl, 713 Virtual Trust Levels (VTLs), 838 virtual memory, 24, 389-441 virus dropper, 632 background on, 389-392 viruses, 631-634, 657-659 and copy-on-write technique, 399-401 virus signatures, 633 demand paging for conserving, 392-399, visible processes, 122 430-436 VMCSs (virtual machine control basic mechanism, 393-396 structures), 711 free-frame list, 396-397 VM manager, 851-858 with inverted page tables, 433 VMMs, see virtual machine managers and I/O interlock, 434-436 VMware, 704, 726-727 and page size, 431-432 vnode, 604 and performance, 397-399 voice over IP (VoIP), 44 and prepaging, 430-431 voice recognition, 5 and program structure, 433-434 volatile memory, 454-455 and TLB reach, 432-433 volatile storage, 11 direct virtual memory access, 500 volume, 464-465, 474 and frame allocation, 413-419 volume control block, 566 allocation algorithms, 414-415 volume file, 876-877 global vs. local allocation, 415-418 volume shadow copies, 879 minimum number of frames, 413-414 voluntary context switches, 204 non-uniform memory access, 418-419 von Neumann architecture, 12 kernel, 801 VPNs (virtual private networks), 646, 881 and kernel memory allocation, 426-430 VSM Enclaves, 840 in Linux, 798-801 VTLs (Virtual Trust Levels), 838 and memory compression, 425-426 V-to-P conversion, 724 network, 765 VT-x instructions, 710 operating-system examples, 436-440 vulnerability assessment, 653-655 page replacement for conserving, 401-413 W and application performance, 412-413 basic mechanism, 401-404 WAFL file system, 589-593 counting-based page replacement, wait-for graph, 337, 338 411-412 waiting, busy, 272 FIFO page replacement, 404-406 waiting state, 108, 109 LRU-approximation page waiting time, 205 replacement, 409-411 wait() method, 305-307 LRU page replacement, 407-409 wait queue, 112 optimal page replacement, 406-407 wait set, 304, 307 and page-buffering algorithms, 412 wait() system call, 119, 121-122 and thrashing, 419-425 WANs, see wide-area networks cause, 419-422 weakly ordered model, 265 current practice, 425 wear leveling, 454 page-fault-frequency strategy, 424-425 Web-distributed authoring and working-set model, 422-424 versioning (WebDAV), 881 unified, 583 well-known ports, 146 in Win32 API, 892, 893 well-known port numbers, 747 Index 941 wide-area networks (WANs), 36, 735, secure kernel, 839-840 737-738 terminal services, 874-875 WiFi (wireless) networks, 41, 736-737 virtual memory in, 437-438 Win32 API, 884-895 Windows Desktop Bridge, 823 creating process, 119-120 Windows Driver Foundation, 864 IPC with Windows messaging, 891-892 Windows executive, 848-874 kernel object access, 884-885 booting, 872-874 memory management, 892-895 cache manager, 864-866 process management, 886-891 client-server computing, 861-862 shared memory, 556-560 I/O manager, 862-864 sharing objects between processes, object manager, 849-851 885-886 plug-and-play manager, 869-870 Windows operating system (generally): power manager, 870-871 anonymous pipes, 141, 145 process manager, 858-860 booting from storage device, 466 registry, 871-872 interprocess communication example, security reference monitor, 866-869 138-139 virtual memory manager, 851-858 scheduling example, 239-242 Windows group policy, 884 synchronization within kernels, 296-298 Windows messaging, 891-892 system calls, 68 Windows Store, 823 threads, 194-195 Windows subsystem for Linux (WSL), 91 Windows 7, 465, 822 Windows Task Manager, 97 Windows 8, 823 Windows thread library, 171-173 Windows 10, 821-896 Windows Vista, 822 access-control list management in, 555 Windows XP, 822 design principles, 826-838 WinRT, 823 application compatibility, 830-831 Winsock, 891 dynamic device support, 837-838 wired down entries, 366 energy efficiency, 836-837 wireless access points, 736 extensibility, 833-834 wireless (WiFi) networks, 41, 736-737 international support, 835-836 word, 11 performance, 831-833 Work (data structure), 335, 339, 340 portability of, 834-835 working sets, 422-424, 438 reliability, 828-829 working-set maximum, 438 security, 826-828 working-set minimum, 438 developments, 823-825 working-set model, 422-424 fast-user switching with, 874-875 working-set window, 422 file system, 875-879 Workstation (VMWare), 726-727 history of, 821-825 work stealing algorithm, 182 networking, 880-884 world rights (Linux), 817 programmer interface, 884-895 World Wide Web, 605, 737 IPC with Windows messaging, worms, 631, 632 891-892 worst-fit strategy, 358, 359 kernel object access, 884-885 writes, synchronous vs. asynchronous, memory management, 892-895 585 process management, 886-891 write access, locks with, 292 sharing objects between processes, write amplification, 462 885-886 write-anywhere file layout (WAFL) file security in, 662-664 system, 589-593 system components, 838-874 write-back caching, 766 executive, 848-874 write-end (of pipe), 140 hardware-abstraction layer, 840 write once devices, 502 hyper-V hypervisor, 839 write-on-close policy, 766-767 kernel, 840-848 write pointer, 532 942 Index

writers, 291 write-through policy, 766 writing files, 532, 551 WSL (Windows subsystem for Linux), 91

X

x86-64 architecture, 382 XDR (external data representation), 150 Xen, 704, 716-717 XML firewalls, 660 Xtratum, 729

Y

yellow pages, 607

Z

zero capacity (of queue), 131 zero-day attacks, 656 zeroed page, 856 zero-fill-on-demand technique, 397 ZFS file system, 482-484, 581, 588, 598 zombie process, 122 zombie systems, 634, 635 zones, 718, 719, 795