Đang tải... (xem toàn văn)
Chapter 3 - Process description and control. This chapter refers to virtual memory. Much of the time, we can ignore this concept in dealing with processes, but at certain points in the discussion, virtual memory considerations are pertinent.
Chapter Process Description and Control – What is a process? – Process states which characterize the behaviour of processes – Data structures used to manage processes – Ways in which the OS uses these data structures to control process execution Requirements of an Operating System • Fundamental Task: Process Management • The Operating System must – Interleave the execution of multiple processes – Allocate resources to processes – Protect the resources of each process from other processes – Enable processes to share and exchange information – Enable synchronization among processes What is a “process”? • A program in execution • An instance of a program running on a computer • The entity that can be assigned to and executed on a processor • A unit of activity characterized by the execution of a sequence of instructions, a current state, and an associated set of system resources Process Elements • A process is comprised of: – Program code (possibly shared) – A set of data associated with the code – A number of attributes describing the state of the process Process Elements • While the process is running, it has a number of attributes including – Identifier – State – Priority – Program counter – Memory pointers – Context data – I/O status information – Accounting information Trace of the Process • The behavior of an individual process is shown by listing the sequence of instructions that are executed • This list is called a Trace • Dispatcher is a small program which switches the processor from one process to another Process Execution • Consider three processes being executed • All are in memory (plus the dispatcher) Trace from the Process point of view: The 4th instruction of Process B invokes an I/O operation Trace from Processor’s point of view Timeout I/O Time slice: instruction cycles Roadmap – What is a process? – Process states which characterize the behaviour of processes – Data structures used to manage processes – Ways in which the OS uses these data structures to control process execution 10 When to switch processes A process switch may occur any time that OS has gained control from the currently running process Possible events giving OS control are: Mechanism Cause Use Interrupt External to the execution of the current instruction Reaction to an asynchronous external event Trap Associated with the execution of the current instruction Handling of an error or an exception condition Supervisor call Explicit request Call to an operating system function Table 3.8 Mechanisms for Interrupting the Execution of a Process 42 Change of Process State … • The steps in a process switch are: Save context of processor including program counter and other registers Update the process control block of the process that is currently in the Running state Move process control block to appropriate queue – ready; blocked; ready/suspend 43 Change of Process State cont… Select another process for execution Update the process control block of the process selected Update memory-management data structures Restore context of the selected process 44 Mode Switching • The occurrence of an interrupt does not necessarily mean a process switch • It is possible that, after the interrupt handler has executed, the currently running process will resume execution • In that case, only need to save / restore the processor state information in hardware 45 Is the OS a Process? • If the OS is just a collection of programs and if it is executed by the processor just like any other program, is the OS a process? • If so, how is it controlled? – Who (what) controls it? • These questions have inspired a number of design approaches 46 Non-process Kernel • Execute kernel outside of any process – OS has its own region of memory and system stack • The concept of process is considered to apply only to user programs – Operating system code is executed as a separate entity that operates in privileged mode 47 Execution Within User Processes • Execute Within User Processes – OS is a collection of routines called by the user to perform various functions – No need for Process Switch to run OS routine, only Mode Switch 48 Process-based Operating System • Process-based operating system – Implement the OS as a collection of system process 49 Security Issues • An OS associates a set of privileges with each process – These privileges dictate what resources the process may access – Highest level being administrator, supervisor, or root access • A key security issue in the design of any OS is to prevent anything (user or process) from gaining unauthorized privileges on the system 50 System access threats • Intruders (hackers, crackers) – gain access to a system – acquire protected information – Masquerader • unauthorised outsider – Misfeasor • legitimate insider performing unauthorised access – Clandestine user • outside or insider seizing supervisory control of the system 51 System access threats • Malicious software (malware) – destroy files and data in main memory – bypass controls to gain privileged access – provide a means for intruders to bypass access control – parasitic (to a host program) e.g., viruses – self-contained (independent), e.g., worms 52 Countermeasures: Intrusion Detection • Intrusion detection systems (IDS) monitors and analyzes system events for suspicious activity to detect human intruder and malicious software behaviour • IDS typically comprise – Sensors for collecting data, e.g., log files – Analyzers for determining if an intrusion has occurred – User Interface for viewing output and controlling behavior of the system 53 Countermeasures: Authentication • Two Stages: – Identification (provide a claimed identity) – Verification (establish validity of the claim) • Four Factors: – Something the individual knows – Something the individual possesses – Something the individual is (static biometrics) – Something the individual does (dynamic biometrics) 54 Countermeasures: Access Control • A policy governing access to resources • A security administrator maintains an authorization database that specifies what type of access to which resources is allowed for which users – The access control function consults this to determine whether to grant access 55 Countermeasures: Firewalls • Firewalls protect a local system from network-based security threats while at the same time afford access to the outside world • Traditionally, a firewall is a dedicated computer that: – interfaces with computers outside a network – has special security precautions built into it to protect sensitive files on computers within the network 56 ... 48 Process- based Operating System • Process- based operating system – Implement the OS as a collection of system process 49 Security Issues • An OS associates a set of privileges with each process. .. system resources by processes 24 Operating System Control Structures • For the OS to manage processes and resources, it must have information about the current status of each process and resource •... Non -process Kernel • Execute kernel outside of any process – OS has its own region of memory and system stack • The concept of process is considered to apply only to user programs – Operating system