Advanced Operating Systems - Lecture 45: Reliability in commodity OSes. This lecture will cover the following: OS research directions; reliability of commodity OSes; mobile phone risks and security issues; embedded operating systems; symbian OS for mobile devices; virtual machine monitors; asynchronous I/O interfaces in Linux kernel; quick review of memory management and I/O topics;...
CS703 Advanced Operating Systems By Mr Farhan Zaidi Lecture No. 45 Overview of today’s lectures OS research directions Reliability of commodity OSes Mobile phone risks and security issues Embedded operating systems Symbian OS for mobile devices Virtual Machine Monitors Asynchronous I/O interfaces in Linux kernel Quick review of memory management and I/O topics Reliability in commodity OSes (e.g. Nooks) Drivers run in protection domains defined by hardware and software just like processes Requires kernel modification Solution good for drivers as well as other kernel extensions e.g in-kernel file systems Mobile phone risks Toll fraud: Loss or theft: Data loss Data compromise Loss of Identity (caller ID) Availability: Auto dialers High cost SMS/MMS Phone Proxy SPAM Destruction of the device (flash) Destruction of data Risks induced by usage: Mobile banking Confidential e-mail, documents Device present at confidential meetings: snooping Attack vectors Executables Bluetooth GPRS / GSM OTA IrDa Browser SMS / MMS SD card WAP E-mail Too many entry points to list all Symbian OS for mobile devices Symbian Ltd formed in 1998 Ericsson, Nokia, Motorola and Psion EPOC renamed to Symbian OS Currently ~30 phones with Symbian,15 licensees Current ownership Nokia 47.5% Panasonic 10.5% Ericsson 15.6% Siemens 8.4% SonyEricsson 13.1% Samsung 4.5% Architecture Multitasking, preemptive kernel MMU protection of kernel and process spaces Strong Client–Server architecture Plug-in patterns Filesystem in ROM, Flash, RAM and on SD-card Symbian security features Crypto: Algorithms Certificate framework Protocols: HTTPS, WTLS, … Symbian signed: Public key signatures on applications Root CA’s in ROM Separation Kernel vs user space; process space Secured ‘wallet’ storage Access controls SIM PIN, device security code Bluetooth pairing Artificial Limitations / patches Prevent loading device drivers in the kernel (Nokia) Disallow overriding of ROM based plug-ins Limitations No concept of roles or users No access controls in the file system No user confirmation needed for access by applications User view on device is limited: partial filesystem, selected processes Majority of interesting applications is unsigned Are attacks prevented? Fraud: user should not accept unsigned apps Loss/theft: In practice, little protection Availability: any application can render phone unusable (skulls trojan) Virtual Machine Monitors Export a virtual machine to user programs that resembles hardware A virtual machine consists of all hardware features e.g user/kernel modes, I/O, interrupts and pretty much everything a real machine has A virtual machine may run any OS Examples: JVM, VmWare, User-Mode Linux (UML) Advantage: portability Disadvantage: slow speed What Is It? Virtual machine monitor (VMM) virtualizes system resources Runs directly on hardware Provides interface to give each program running on it the illusion that it is the only process on the system and is running directly on hardware Provides illusion of contiguous memory beginning at address 0, a CPU, and secondary storage to each program When Is VM Possible? Can virtualize an architecture when: All sensitive instructions cause traps when executed by processes at lower levels of privilege All references to sensitive data structures cause traps when executed by processes at lower levels of privilege Asynchronous kernel interfaces Their implementation in the Linux kernel May require major changes to several parts and subsystems of the kernel May result in enhanced kernel and application performance Goals of OS memory management Questions regarding memory management Multiprogramming Virtual addresses Fixed partitioning Variable partitioning Fragmentation Paging Address translation Page tables and Page table entries Multi-level address translation Page faults and their handling Segmentation Combined Segmentation and paging Efficient translations and caching Translation Lookaside Buffer (TLB) Set associative and fully associative caches Demand Paging Page replacement algorithms Page replacement Thrashing Working set model Page fault frequency Copy on write Sharing Memory mapped files Allocation Linked allocation FAT Indexed allocation i-nodes File buffer cache Read ahead Consistency problem and its solutions SABRE airline example UNIX file system invariants Consistency ensuring techniques and rules Write ordering etc Disks structure and internals Platters, Cylinders, heads, tracks, sectors etc Fast File system Cylinder groups Fragments for small files Log structured (or journaling) file systems record each update to the file system as a transaction All transactions are written to a log A transaction is considered committed once it is written to the log However, the file system may not yet be updated The transactions in the log are asynchronously written to the file system When the file system is modified, the transaction is removed from the log If the file system crashes, all remaining transactions in the log must still be performed Uniform file system interface to user processes Represents any conceivable file system’s general feature and behavior Assumes files are objects that share basic properties regardless of the target file system Goals of I/O software Layers of I/O software Direct Vs memory mapped I/O Interrupt driven I/O Polled I/O Direct Memory Access (DMA) Device independent I/O software layer Buffered and un-buffered I/O Block and character devices Network devices Kernel I/O subsystem and data structures Life cycle of a typical I/O request Life cycle of a typical network I/O request Interrupt handlers Interrupts and exceptions Linux interrupt handling Top halfs, bottom halfs and tasklets Timings and timer devices Linux kernel timers and interval timers Loadable Kernel modules and device drivers Linux module management Linux module conflict resolution Linux module registration Signals and asynchronous event notification .. .Lecture? ?No. 45 Overview of today’s lectures OS research directions Reliability of commodity OSes Mobile phone risks and security issues Embedded operating systems... Confidential e-mail, documents Device present at confidential meetings: snooping Attack vectors Executables Bluetooth GPRS / GSM OTA IrDa Browser SMS / MMS SD card WAP E-mail... protection of kernel and process spaces Strong Client–Server architecture Plug-in patterns Filesystem in ROM, Flash, RAM and on SD-card Symbian security features Crypto: Algorithms Certificate