# BVS2 ## process PID: process identifier (number) PCB: process control block TID / TCB for Threads process states: ready / running / blocked -> can exit in any state running list / ready list / multiple blocked processes list with the according event to unblock switch from one process to another takes 2ms one CPU only one process -> switch = Context Switch scheduling strategies: - urgent process first - minimal response times - maximal cpu utilization preemptive scheduling: - process can be interrupted - OS has control over CPU - preemptive multitasking non-preemptive scheduling: - process executes till it ends - may block in an infinite loop first come first serve: - non preemptive shortest job first: - non preemptive - prior knowledge of processing time often not known round robin: - preemptive - processes serve cyclically - max n time units -> n = time slice / time quantum - favors short execution times without prior knowledge - switch to next process when time expired or process terminates - low quantum = "processor sharing" priorities: - small number = higher prio - preemptive - static or dynamic priorities - dynamic - aging: the older the process the higher the prio - multilevel feedback queuing: prio depends on the behaviour of the process UNIX scheduling -> priority driven with dynamic priorities when CPU Time rises the priority rises PCB: - each process 2 variables - CPU_usage -> weighted cpu time consumed until now - prio -> current prio (number) real time tasks / non real time tasks windows scheduling: - 32 priorities - round robin inside priority class # virtual memory segmented virtual memory: - pro - memory units = logical units - loading / replacement of individual segments - dynamic growth of segments - individual protection of program units - effective seperation of processes - easy sharing of segments - cons - complex memory management - complete segment must always be loaded - large contiguous main memeory areas required paged virtual memory: - pro - easy storage management - selective loading of required data - cons - physical memory structure != logical memeory structure - large page tables required - sol: multilevel page tables - address calculation sometimes time consuming - sol: TLB paging aufgabe: page 5 address = real page frame * byte size file attributes: - creator / owner - file type - time of creation / modification - size - access rights berechnung aufgabe: v = virtual address py = physical address bs = block size vp = virual page py_new = new physical address vp = v / bs -> Abrunden auf ganze Zahl. py_new = v - vp * bs + py[vp] ## security ACL: left are the ports Capabilities: left are processes security model: - passive objects - items to be protected - active subjects - processes working with objects - access rights stored in: - access control matrix - one place where all info is stored - access control lists (ACLs) - subjects got rights who is able to do what - capability lists - Users got rights so subjects private-key cryptography: - same keys for encryption and decryption - use same keys - both sides must agree on the same key - secure channel to negotiate the key public-key cryptography: - asymmetric cryptography / encryption - different keys for encryption / decryption - public key can be published - execution time is longer than private key - problems: - authenticitiy of private key - higher complexity - execution time is longer ## glossar AES: Advanced Encryption Standard, private-key. AFS: Andrew File System, unique global file tree for all clients, caching and replication → high performance -> Coda is successor Allocation Strategies : static allocation ; dynamic allocation associative memory cache: At access time, all positions have to be checked • concurrent search by "associative memory" Best Fit: search the whole list, allocate space from the smallest segment that has at least the required size Biometric techniques : User’s body must have a specific property Block: storage unit as seen by the operating system Block-level Access: The accessing node "sees" individual disk blocks -> Storage Area Network (SAN) Buffer Cache: contains copies of the most heavily used disk blocks Caching: Caching stores file copies closer to the client -> reduced access times, drawback: consistency problem, advantage: fast access Certification Authority (CA) / Public Key Infrastructure (PKI): Authenticity of Public Keys: registers and distributes trustworthy keys CFS : Completely Fair Scheduling ; all tasks shall get equal shares of the CPU time -> successor of O(1) scheduler Clock algorithm: Auswahl einer zu Verdrängenden Memory Seite Cloud: System of networked servers, store data, provide application software Cluster: : multiple sectors Coda: Nachfolger von AFS Cryptography : encryption of data. To authenticate persons, To sign messages Data Protection: protection of personal data from misuse, informationelle Selbstbestimmung ; DES: Data Encryption Standard, private-key. Diffie-Hellman Protocol Secure algorithm for two communication partners to agree on a common secret key Digital Signature: Cryptographic Hash Functions: MD5 (Message-Digest Algorithm 5) , SHA (Secure Hash Algorithm) Digital Signature: Public-key encryption can be used to sign messages, A signature authenticates both sender and message Direct Mapped Cache: A block can be stored at only one specific position; At access time, only this position needs to be checked directory service / name service: Organizes a "name space" to uniquely identify files, Provides information to locate files, Is implemented by directory-server nodes in the network Dispatching: technical operations to switch the CPU between processes / threads ELF: Executablbe and Linkable Format Exceptions : triggered by the running program, synchronous External security: protection against intruders from the outside, "admission control" FAT: location information in a FAT, Advantage: information is directly accessible , Drawback: information is coupled to one file name FAT: File Allocation Table FIFO (first in first out): replace the page that resides in main memory for the longest time file service: Stores the files, Provides operations to access files, Is implemented by file-server nodes in the network File Byte Oriented: file is unstructured sequence of bytes, bytewise access through byte numbers File Record Oriented: file is sequence of records of uniform size, recordwise access File Tree Oriented: file consists of blocks with different sizes, block contains keys File-level Access: The accessing node "sees" files -> NAS (Network Attached Storage) First Come First Served : Processes are served in the order of their arrivals ; Non-preemptive, Processes with short execution times possibly have long waiting times First Fit : search the list from the beginning ; allocate space from the first segment that has at least the required size fragmentation : Too few contiguous free cells to serve a request => Solution: relocation of data BUT it is time consuming Fully Associative Cache: A block can be stored at any position of the cache; At access time, all positions have to be checked Fundamental Model of Cryptology: Encryption: KE CM = E(M,KE) , Decryption: KD M = D(CM,KD) Hard Disk: FCFS (First Come First Served) Scheduling : Requests are served in the order of their arrival times ; Advantage: fairness , Drawback: many long arm movements Hard Disk: SCAN Scheduling : "Elevator Algorithm" Requests are served in the order of their track numbers ; Compromise between costs and fairness Hard Disk: SSTF (Shorted Seek Time First) Scheduling : Shortest Seek Time First ; Always serving the request closest to the current track Hard Disk Access Time: seek time + rotational latency + data transfer time -> usually 5-20 ms hash value: A message is signed by encrypting a "hash value" of the message IaaS: Infrastructure as a Service inode: "index node", File information is stored, is a separate piece of storage, central place for information, used by UNIX, one inode table with inode numbers as indices Internal security: protection against unauthorized actions of a user / process within the system, "access control" Interrupts : "Asynchronous" events, triggered outside the running program Ipsec: ramework within the Internet to protect the transmission of data packets, Used to establish "tunnels" for VPNs Journaling File System: keeps track of changes, in case of failure: easy rollback to a consistent state, example: ext4 / ext3 Kerckhoffs’ Principle:The security of a cipher system, must depend only on the concealment of the key but not on the concealment of the algorithm, Sometimes, even KE can be published Key Distribution: transfer of keys between communication partners Knowledge-based techniques: User must provide a specific information: PIN, password loading strategy: Demand Paging (load pages only to handle page faults ) Prepaging ( load any pages) Local Security: security of a single computer Logic Bombs: a program that has been placed into the file system of a computer becomes active when some specific event occurs logical view : data access by paths and names in a hierarchical file system; hardware view: data access by block and byte numbers in physical storage LRU (Least Recently Used): replace the page that has not been used for the longest time, more costly because you have to remember when which site was used MBR: Master Boot Record, program code to start the OS, Partition Table with info about the partitions NAS: Network Attached Storage, a file service over a (local) network , file access e.g. through NFS (file-level access) Nested Interrupt Handling : An important event can interrupt the handling of a less important event NFS : Network File System Non-Preemptive Scheduling : its execution cannot be interrupted Non-real-time tasks :: "normal", less urgent tasks; are executed when no real-time task is ready for execution;tasks with low CPU loads are preferred PaaS: Platform as a Service PGP: Pretty Good Privacy Encryption software for the private user, especially to encrypt e-mails PID: process identifier (number) PCB: process control block Preemptive Scheduling : OS can interrupt the execution of one process in favour of another process Priorities : Processes are served in the order of descending importance ; Generally preemptive Priorities / nice values: used to calculate the "virtual runtimes" Private-Key Cryptography: Problem Sender and receiver must agree on the same key Need a secure channel to negotiate the key => Use public-key encryption / Diffie-Hellman key exchange Private-Key Cryptography: Symmetric Cryptography, KE = KD, i.e.: the same key used for encryption and decryption Public-Key Cryptography Asymmetric Cryptography, Asymmetric Encryption, KE ≠ KD different keys used for encryption and decryption, KE is public, KD is private, KD cannot be calculated from KE RAID 0: striping ; RAID 1: mirroring ; RAID 5: striping, distribution of redundancy data ; RAID 10: multiple RAID 1,combined by RAID 0 RAID: Redundant Array of Independent / Inexpensive Disks, disks can be accessed in parallel Real-time tasks : : time-critical, urgent tasks ; have high, static priorities Redundancy: additional data are stored by which the original data can be reconstructed in case of a disk failure Replacement Strategies : Pages are moved from main memory to secondary storage to make room for the pages to be loaded, FIFO (First in First out), LRU (Least recently used) Replication: stores file copies on multiple servers Round Robin : Processes are served cyclically ; Preemptive Schedulingstrategie für die CPU; RSA: public-key encryption algorithm, invented by Rivest, Shamir, Adleman S/MIME: Secure Multipurpose Internet Mail Extensions, Internet standard for the secure transmission of e-mails SaaS: Software as a Service SAN: Storage Area Network, block-level access Scheduler / dispatcher: manages process priorities, selects one of the processes in main memory for execution Scheduling : strategic decisions when to execute which process / thread and which process / thread gets the cpu Sector: physical storage unit on hard disk Set Associative Cache: Compromise between fully associative and direct mapped cache Job First : Processes are served in the order of ascending processing times, Generally non-preemptive, Processes with short execution times have short waiting times SSL / TLS: Secure Socket Layer, secure communication over Internet sockets, TLS = Transport Layer Security Steganography: Hide secret information in a bulk of open information Striping: data (= entries of a file) are distributed over the disks Swapper process: moves processes between main memory and disk Task groups: multiple tasks can be combined to a group ; each group gets the same share TLB : Translation Lookaside Buffer : Multilevel page tables Token-based techniques: User must have a specific physical item Trojan Horses: A trojan horse is a program that pretends to provide a useful function, but performs malicious actions instead two-factor authentication: combination of two techniques Use private-key cryptography with key Kpriv for the secure transmission of the message itself Use public-key cryptography only for the secure transmission of a key Kpriv virtual address: a pair of a segment number and an offset into the segment Web Services : Service offered in the Internet based on Internet protocols, XML or JSON for data coding, Implementation with SOAP or REST Working-Set Strategy: To determine the current demands for main memory space Worms: A computer worm is a self-contained program, replicates itself over the network CPU_usage: cpu usage during last second + cpu usage old / decay (>1) prio: base priority + normalization factor * cpu usage new + nice CFS scheduler: Completely Fair Scheduling -> all tasks same process time Storage Hirachy: on-chip cache -> off-chip cache -> main memory -> HDD or SSD Free Memory List: 38, 1MB, 50, 49MB ... segment address -> free MB CPU cache: small due to expensive hardware, copies of memory blocks Cache Operations: Read / Write, Load, Evict Cache Organization: Fully Associative Cache, Direct Mapped Cache, Set Associative Cache Virtual Memory for process: large, directly accessible, homogeneous, private MMU: Memory Management Unit Memory segment: sequence of bytes or words, finite length, mapped to contiguous are in physical storage Virtual Memory Paging: linear sequence, virtual address = sequence number, pages have same length LVS: Linux Virtual Server File Sequential Access: searching the file from beginning, rewind / proceed by n units File Random / direct access: specify its position, goto unit no. n File Index sequential access: combination of two direct and squential access Flat Filesystem: no structure, name must be different, no seperate area, no folders Tree Structure Filesystem: Folders -> lik UNIX filesystem Hard Link: entries point to the same file, no directories! Soft Link / Symbolic Link: file containing the path of the original file, works with folders logical view: paths and names in file system hardware view: block and byte numbers in physical storage Performance Measures: Buffer Cache, Contiguous file placement, RAID Distributed File System: disks of multiple nodes, accessed from all nodes Remote Files: Upload / Download Model vs Remote Access Model Models for File Access: Block-level Access, File-level Access File Service: stores files, operation to access files, file-server nodes directory service / name service: directory-server nodes, information to locate files, namespace to identify files FTP: File Transfer Protocol, internet protocol, service of a network operating system Threats: accidental events, malicious intruders (crackers), measures: fault tolerance, security Hybrid Virtual Memory: segments are subdivided into pages CPU_usage(Pi)new = "CPU time used during the last second" + CPU_ usage(Pi)old/decay prio(Pi)new = Bu + norm * CPU_usage(Pi)new + nice(Pi) Working Set: memory pages the process needs the most, Festlegung wieviel Hauptspeicherplatz ein Prozess bekommen soll.