50-percent rule, 337
64-bit computing, 361
A
absolute code, 328
absolute path names, 496
abstract data type, 480
access:
anonymous, 503
controlled, 508
file, see file access
access control, in Linux, 728–730
access-control list (ACL), 508
defined, 608
and revocation of access rights, 616–617
accounting (operating system service), 57, 672
accreditation, 675
ACL (access-control list), 508
acyclic graph, 497
acyclic-graph directories, 497–499
adaptive mutex, 235
additional-reference-bits algorithm, 392
additional sense code, 582
additional sense-code qualifier, 582
address(es)
defined, 567
linear, 359
logical, 330
physical, 329
virtual, 330
address-space identifiers (ASIDs), 348
admission-control algorithm, 294
advanced encryption standard (AES), 653
advanced technology attachment (ATA) buses, 443
advisory file-locking mechanisms, 483, 484
AES (advanced encryption standard), 653
aging, 279
allocation:
contiguous allocation, 527–529
equal, 397
as problem, 488
proportional, 397
Amdahl's Law, 167
analytic evaluation, 308
anomaly detection, 668–669, 671
anonymous access, 503
anonymous memory, 458
APCs (asynchronous procedure calls), 185
API (application program interface), 63–64
Apple Computers, 59
Apple iOS, iOS
application interface (I/O systems), 571–577
block and character devices, 574
blocking and nonblocking I/O, 576–577
application programs, 4, 6, 75
multistep processing of, 328–329
system utilities, 75
application program interface (API), 63–64
application proxy firewalls, 673
application state, 334
arbitrated loop (FC-AL), 445
single-processor systems, 13–14
argument vector, 699
armored viruses, 645
ARM processors, 362
arrays, 372
ASIDs (address-space identifiers), 348
assignment edge, 245
asymmetric clustering, 17
asymmetric encryption, 654, 655
asymmetric multiprocessing, 15, 286
asynchronous devices, 572, 573
asynchronous (nonblocking) message passing, 129
asynchronous procedure calls (APCs), 185
asynchronous thread cancellation, 185
asynchronous writes, 541
ATA buses, 443
atomic transactions, 210
attacks, 634–635. See also denial-of-service attacks
man-in-the-middle, 635
replay, 634
auditing, 672
augmented reality, 36
authentication:
breaching of, 634
in Linux, 728
two-factor, 664
automatic variables, 640
automatic working-set trimming, 420
autoprobes, 697
auxiliary rights (Hydra), 617–618
B
back door, 573
background applications, 115
background processes, 74–75, 282
backing store, 332
bandwidth, disk, 447
barriers, 259
barrier point, 259
basic file systems, 518
batch files, 484
batch interface, 56
Bayes' theorem, 669
Belady's anomaly, 388
Beowulf clusters, 18
best-fit strategy, 337
big kernel lock (BKL), 706
binary semaphore, 214
binding, 328
biometrics, 665
bit(s):
defined, 9
mode, 22
modify (dirty), 385
reference, 392
bit-interleaved parity organization, 462–463
bit-level striping, 460
bitmaps, 34
BKL (big kernel lock), 706
black-box transformations, 652
blade servers, 16
boot control, 520
defined, 722
direct, 533
file-control, 519
indirect, 533
logical, 444
volume control, 520
block devices, 572, 574, 721–723
block groups, 718
blocking, indefinite, 279
blocking (synchronous) message passing, 129
block-interleaved distributed parity, 463
block-interleaved parity organization, 463
block-level striping, 460
block number, relative, 488
boot control block, 520
boot disk (system disk), 93, 454
boot partition, 454
boot sector, 454
bootstrap programs (bootstrap loaders), 7–8, 92–93, 454, 646
boot viruses, 643
bottlenecks, 86
bottom half interrupt service routines, 705
bounded-buffer problem, 219–220
bounded capacity (of queue), 130
bourne-again shell (bash), 695
Bourne shell command interpreter, 58, 59
breach of availability, 634
breach of confidentiality, 634
breach of integrity, 634
browser process, 123
BSD UNIX, 46
buddy heap (Linux), 707
buddy system (Linux), 707
buddy-system allocation, 410–411
buffer, 722
circular, 543
defined, 579
buffer cache, 539
buffer-overflow attacks, 639–642
bugs, 86
bus, 443
defined, 562
expansion, 562
PCI, 562
bus architecture, 12
bus-mastering I/O boards, 569
byte, 9
C
cache, 539
buffer, 539
defined, 580
as memory buffer, 326
in NFS, 551
nonvolatile RAM, 460
page, 539
and performance improvement, 539–53
cache coherency, 29
cancellation points, 186
capability-based protection systems, 617–620
capability lists, 613
cascading termination, 121
CAV (constant angular velocity), 445
central processing unit, see under CPU
certificate authorities, 657
certification, 675
CFS, see Completely Fair Scheduler
challenging (passwords), 664
character devices (Linux), 723
character-stream devices, 572–574
children, 116
Chrome browser, 123
CIFS (common Internet file system), 505
cipher-block chaining, 652
circular buffer, 543
circularly linked list, 32
circular SCAN (C-SCAN) scheduling algorithm, 450
classes (Java programs), 623
cleanup handler, 186
CLI (DTrace command-line interface), 56
C library, 69
client-server systems:
interprocess communication in, 127–148
remote procedure calls, 138–142
client systems, 38
C-LOOK scheduling algorithm, 451
closed-source operating systems, 44
close() operation, 481
clustered page tables, 354–355
clustering:
asymmetric, 17
CLV (constant linear velocity), 444
coarse-grained multithreading, 290–291
Cocoa, 84
code:
absolute, 328
reentrant, 350
code books, 665
collisions (of file names), 526
combined scheme index block, 533
common Internet file system (CIFS), 505
communication(s):
direct, 127
indirect, 128
interprocess, interprocess communication systems programs for, 74–75
communications (operating system service), 57
communication links, 127
communication system calls, 72–73
compiler-based protection enforcement, 620–623
compile time, 328
Completely Fair Scheduler (CFS), 300, 301, 702–703
client-server computing, 38
computer programs, see application programs
computer system(s):
architecture of:
single-processor systems, 13–14
file-system management in, 26–27
I/O structure in, 12
kernel data structures in, 31–35
operating system viewed by, 5
secure, 634
special-purpose systems:
real-time embedded systems, 43
mass-storage management, 27
concurrency, parallelism vs., 166
Concurrency Runtime (ConcRT), 305
concurrent dispatch queues, 182
conditional-wait construct, 230
confidentiality, breach of, 634
confinement problem, 611
conflict resolution module (Linux), 695, 697–698
connectionless (UDP) sockets, 137
connection-oriented (TCP) sockets, 137
consistency checker, 542
consistency semantics, 506–507
constant angular velocity (CAV), 445
constant linear velocity (CLV), 444
consumers (DTrace), 89
container objects (Windows 7), 677
contention scope, 285
context (of process), 114
contiguous disk space allocation, 527–529
contiguous memory allocation, 334–338
control cards, 66
controlled access, 508
defined, 562
direct-memory-access, 569
disk, 443
host, 443
control programs, 5
control register, 564
convenience, 3
convoy effect, 275
cooperating process, 203
cooperating processes, 122
cooperative scheduling, 272
copylefting, 45
copy-on-write technique, 382–383
copy protection, 44
copy semantics, 580
core dump, 86
cores, 16
core services layer, iOS, 85
counting, 537
counting-based page replacement algorithm, 394
counting semaphore, 214
covert channels, 638
CPU (central processing unit), 4, 325–326
CPU-bound processes, 113
CPU burst, 270
CPU clock, 326
CPU scheduler, see short-term scheduler
CPU scheduling, 20
first-come, first-served scheduling of, 274–275
multilevel feedback-queue scheduling of, 283–285
multilevel queue scheduling of, 281–283
priority scheduling of, 278–279
round-robin scheduling of, 279–282
shortest-job-first scheduling of, 275–278
dispatcher, role of, 273
and I/O-CPU burst cycle, 270–271
deterministic modeling, 308–309
multiprocessor scheduling, 286–291
and processor affinity, 288, 289
preemptive scheduling, 271–272
short-term scheduler, role of, 271
crackers, 634
crashes, 86
crash dumps, 86
creation:
of files, 480
critical sections, 206
critical-section problem, 206–207
Peterson's solution to, 207–209
deadlocks, 217
starvation, 217
and synchronization hardware, 209–212
C-SCAN scheduling algorithm, 450
current-file-position pointer, 480
cycles, CPU-I/O burst, 270–271
cycle stealing, 570
cylinder groups, 718
D
daemon process, 606
daisy chain, 562
data capability, 619
data-encryption standard (DES), 652
data files, 478
data-in register, 564
data loss, mean time to, 459
data-out register, 564
data parallelism, 168
data section (of process), 106
data striping, 460
DDOS attacks, 634
deadlock prevention, 248
defined, 86
and performance tuning, 87
default signal handlers, 184
defense in depth, 665
deferred thread cancellation, 184
degree of multiprogramming, 113
deletion, file, 480
defined, 375
with inverted page tables, 416
and program structure, 416–417
pure, 377
and restarting instructions, 378–379
demand-zero memory, 711
demilitarized zones (DMZs), 672
denial-of-service (DOS) attacks, 634, 649–650
DES (data-encryption standard), 652
design of operating systems:
mechanisms and policies, 76
desktop, 59
deterministic modeling, 308–309
development kernels (Linux), 689
device controllers, 7, 587, 588. See also I/O system(s)
device directory, 490. See also directories
device drivers, 12, 518, 562, 587–589
device-management system calls, 71–72
device queues, 111
device reservation, 581
DFSs (distributed file systems), 503, 505–506
digital certificates, 657
Digital Rights Management (DRM), 44
digital signatures, 656
digital-signature algorithm, 656
dining-philosophers problem, 222–223, 227–229
direct access (files), 487–488
direct blocks, 533
direct communication, 127
direct I/O, 574
direct memory access (DMA), 12, 569–571
direct-memory-access (DMA) controller, 569
direct virtual memory access (DVMA), 570
dirty bits (modify bits), 385
disinfection, 670
disk(s), 441–443. See also mass-storage structure
allocation of space on, 527–535
contiguous allocation, 527–529
electronic, 11
free-space management for, 535–538
hard, 10
host-attached, 445
low-level formatted, 444
performance improvement for, 539–542
scheduling algorithms, 446–452
C-SCAN, 450
LOOK, 451
SSDs, 452
solid-state, 28
storage-area network, 446
system, 454
disk arm, 442
disk controller, 443
dispatched process, 112
dispatcher objects, 233
distributed denial-of-service (DDOS) attacks, 634
distributed file systems (DFSs), 503, 505–506
distributed information systems (distributed naming services), 504–505
distributed lock manager (DLM), 18
distributions (GNU/Linux), 45
DLLs (dynamic link libraries), 331–332
DLM (distributed lock manager), 18
DMA, direct memory access
DMCA (U.S. Digital Millennium Copyright Act), 44
DMZs (demilitarized zones), 672
domains, 505
domain-name system (DNS), 504
domain switching, 605
DOS (denial-of-service) attacks, 634, 649–650
double buffering, 579
double caching, 540
double indirect blocks, 533
doubly linked list, 32
down time, 529
DRAM (dynamic random-access memory), 9
driver registration module (Linux), 696–697
DRM (Digital Rights Management), 44
DTrace command-line interface (CLI), 56
dual-booted systems, 523
dual-core design, 16
dumpster diving, 636
DVMA (direct virtual memory access), 570
dynamic link libraries (DLLs), 331–332
dynamic loading, 331
dynamic protection, 604
dynamic random-access memory (DRAM), 9
dynamic storage-allocation problem, 336–337, 528
E
earliest-deadline-first (EDF) scheduling algorithm, 296–297
ease of use, 4
ECBs (enabling control blocks), 90
ECC (error-correcting code), 451–452, 462
EDF (earliest-deadline-first) scheduling algorithm, 296–297
effective access time, 379
effective memory-access time, 348
effective transfer rates, 444, 471
effective UID, 31
emulation, 40
emulators, 77
enabling control blocks (ECBs), 90
encapsulation (Java protection), 624
encrypted viruses, 644
entry section, 206
entry set, 232
environment vector, 699
EPROM (erasable programmable read-only memory), 93
equal allocation, 397
erasable programmable read-only memory (EPROM), 93
Erlang, 241
hard, 456
soft, 453
error conditions, 372
error-correcting code (ECC), 451–452, 462
error detection, 57
eSATA buses, 443
escalate privileges, 31
escape (operating systems), 573
events, 233
exceptions (with interrupts), 567
exclusive locks, 482
exec() system call, 183
executable files, 106–107, 478
execution of user programs, 713
execution time, 329
exit section, 206
expansion bus, 562
ext2fs (second extended file system), 717
extended file attributes, 479
extended file system, 519, 717–719
extent (contiguous space), 529
external data representation (XDR), 140
external fragmentation, 337–338, 528
F
failure, mean time to, 459
failure modes (directories), 505–506
false negatives, 669
false positives, 669
FAT (file-allocation table), 531, 532
fault tolerance, 14
FC (fiber channel), 445
FC-AL (arbitrated loop), 445
FCB (file-control block), 519
FC buses, 443
FCFS scheduling algorithm, first-come, first-served scheduling algorithm
fiber channel (FC), 445
fiber channel (FC) buses, 443
FIFO page replacement algorithm, 387–389
FIFO queuing system, 32
50-percent rule, 337
file(s), 26–27, 477–478. See also directories
accessing information on, 487–490
sequential access, 487
batch, 484
defined, 478
internal structure of, 485–486
via passwords/permissions, 511–512
storage structure for, 491–492
file-allocation table (FAT), 531, 532
file-attribute cache, 551
file-blocks cache, 551
file-control block (FCB), 519
file descriptor, 522
file handle, 522
file info window, 479
FileLock (Java), 482
file management, 74
file-management system calls, 71
file mapping, 407
file modification, 74
file-organization module, 519
file pointers, 482
file session, 506
and consistency semantics, 506–507
and client-server model, 503–504
and distributed information systems, 504–505
basic, 518
creation of, 492
design problems with, 518
distributed, distributed file systems
extended, 518
levels of, 518
log-based transaction-oriented, 543–544
logical, 518
File System Hierarchy Standard document, 690
file-system manipulation (operating system service), 56
file transfer protocol (FTP), 503
file viruses, 643
fine-grained multithreading, 290, 291
firewall chains, 727
firewall management, 727
first-come, first-served (FCFS) scheduling algorithm, 274–275, 447–448
first-fit strategy, 337
first in, first out (FIFO), 32
fixed-partition scheme, 336
flow control, 590
flushing, 348
folders, 59
foreground applications, 115
foreground processes, 282
fork() and exec() process model (Linux), 698–700
fork-join strategy, 172
fork() system call, 183
forwarding, 455
forward-mapped page tables, 353
fourth extended file system (ext4), 717
fragments, packet, 727
frame(s), 341
victim, 385
equal allocation, 397
global vs. local, 398
proportional allocation, 397–398
frame-allocation algorithm, 386
free-behind technique, 541
Free Software Foundation (FSF), 45
free-space list, 535
free-space management (disks), 535–538
counting, 537
grouping, 537
front-end processors, 591
FSF (Free Software Foundation), 45
FTP (file transfer protocol), 503
full backup, 544
functional programming languages, 241–242
FUSE file-system, 519
G
Gantt chart, 275
garbage collection, 500
GB (gigabyte), 9
gcc (GNU C compiler), 690
GCD (Grand Central Dispatch), 182–183
GDT (global descriptor table), 358
general graph directories, 499–500
gigabyte (GB), 9
global descriptor table (GDT), 358
global replacement, 398
GNU C compiler (gcc), 690
GNU General Public License (GPL), 45
GNU/Linux, 45
GNU Portable Threads, 169
Google Android, see Android
Google Chrome browser, 123
GPL (GNU General Public License), 45
graceful degradation, 14
Grand Central Dispatch (GCD), 182–183
granularity, minimum, 703
graphs, acyclic, 497
graphical user interfaces (GUIs), 59–62
grappling hook, 646
green threads, 169
group identifiers, 31
grouping, 537
group rights (Linux), 729
GUIs (graphical user interfaces), 59–62
H
handheld computers, 5
hands-on (interactive) computer systems, 20
hard affinity, 288
hard-coding techniques, 128
hard disk(s), 10, 441–443. See also disk(s)
hard errors, 456
hard real-time systems, 291
hardware, 4
polling, 565
for storing page tables, 346–349
hardware objects, 603
hardware transactional memory (HTM), 240
hash maps, 34
hash value (message digest), 656
heaps, 106
heavyweight processes, 163
high availability, 17
high memory (Linux), 707
high-performance computing, 17
hijacking, session, 635
homogeneity, 286
honeypot, 668
host(s), 41
host adapter, 563
host-attached storage, 445
host controller, 443
hot spare disks, 465
hot-standby mode, 17
HTM (hardware transactional memory), 240
human security, 636
hybrid cloud, 42
hybrid operating systems, 83–86
I
identifiers:
file, 478
group, 31
user, 31
idle threads, 302
IDSs (intrusion-detection systems), 668
IKE protocol, 658
immutable shared files, 507
imperative (procedural) languages, 241
implementation:
of CPU scheduling algorithms, 311–312
Grand Central Dispatch, 182–183
incremental backup, 545
indefinite blocking (starvation), 217, 279
independent disks, 459
independent processes, 122
indexed disk space allocation, 531–533
indirect blocks, 533
indirect communication, 128
information-maintenance system calls, 72
infrastructure as a service (IaaS), 42
inode, 519
input/output, see under I/O
input queue, 328
InServ storage array, 467
instruction-execution cycle, 10, 325–326
instruction register, 10
integrity, breach of, 634
integrity label (Windows 7), 676
Intel IA-32 processor, 357–361
Intel x86–64 architecture, 361
interface(s):
batch, 56
defined, 571
internal fragmentation, 337, 487
Internet Protocol (IP), 657–659
interprocess communication (IPC), 122–130
in client-server systems, 127–148
remote procedure calls, 138–142
in message-passing systems, 126–130
POSIX shared-memory example of, 130–131
in shared-memory systems, 124–126
defined, 566
interrupt chaining, 567
interrupt-controller hardware, 567
interrupt-driven data transfer, 410
interrupt-driven operating systems, 21–24
interrupt-handler routine, 566
interrupt priority levels, 567
interrupt-request line, 566
interrupt vector, 8–9, 334, 567
intruders, 634
intrusion-detection systems (IDSs), 668
intrusion-prevention systems (IPSs), 668
inverted page tables, 355–357, 416
programmed, 410
I/O-bound processes, 113
I/O burst, 270
I/O channel, 591
I/O operations (operating system service), 56–57
I/O ports, 409
procedures supervised by, 586
application interface, 571–577
block and character devices, 574
blocking and nonblocking I/O, 576–577
polling, 565
and I/O subsystems, 586
spooling and device reservation, 581
character devices, 723
and system performance, 590–594
transformation of requests to hardware operations, 586–589
IP (Internet Protocol), 657–659
IPC, interprocess communication
IPSec, 658
IPSs (intrusion-prevention systems), 668
ISCSI, 446
ISO Reference Model, 658
Itanium, 361
J
Java:
file types, 484
monitors in, 232
protection systems in, 623–625
Java Virtual Machine (JVM), 179, 623–625
jobs, processes vs., 106
job pool, 20
job queues, 111
job scheduler, 112
job scheduling, 20
journaling file systems, 543–544
JVM (Java Virtual Machine), 179, 623–625
K
KB (kilobyte), 9
data structures, 31–35, 582–584
bitmaps, 34
Linux, 35
lists, stacks, and queues, 31–33
tree(s), 33
and I/O subsystems, 586
nonpreemptive, 207
preemptive, 207
spooling and device reservation, 581
task synchronization (in Linux), 704–706
kernel memory allocation, 410–413
kernel threads, 169
Kernighan's Law, 87
private, 654
public, 654
key ring, 657
keystreams, 653
keystroke logger, 645
kilobyte (KB), 9
L
language-based protection systems, 620–625
compiler-based enforcement, 620–623
LANs (local-area networks), 16, 37
last in, first out (LIFO), 32
latency, in real-time CPU scheduling, 291–293
layers (of network protocols), 657
layered approach (operating system structure), 79–81
lazy swapper, 375
LDAP (lightweight directory-access protocol), 505
LDT (local descriptor table), 358
least-frequently used (LFU) page-replacement algorithm, 394
least privilege, principle of, 602–603
least-recently-used (LRU) page-replacement algorithm, 388–389
LFU page-replacement algorithm, 394
lgroups, 399
libraries:
licenses, software, 257
LIFO queuing system, 32
lightweight directory-access protocol (LDAP), 505
lightweight process (LWP), 187
linear addresses, 359
linear lists (files), 526
line discipline, 723
link(s):
communication, 127
resolving, 498
soft, 558
linked disk space allocation, 529–531
linked scheme index block, 533
linking, dynamic vs. static, 331–332, 714–715
adding system call to Linux kernel (project), 98–100
design principles for, 692–695
distributions, 691
system description, 690
interprocess communication, 724–725
character devices, 723
kernel data structures, 35
kernel memory allocation, 413
execution and loading of user programs, 713
page size in, 344
fork() and exec() process model, 698–700
processes and threads, 701
and processor affinity, 288
process representation in, 110
kernel synchronization, 704–706
symmetric multiprocessing, 706
authentication, 728
swap-space management in, 458
system components, 688, 693–695
Little's formula, 310
LiveCD, 45
LiveDVD, 45
living document, 666
loadable kernel modules, 82
loading:
dynamic, 331
in Linux, 713
load sharing, 286
load time, 328
local-area networks (LANs), 16, 37
local descriptor table (LDT), 358
locality of reference, 378
local replacement, 398
local replacement algorithm (priority replacement algorithm), 401
location, file, 478
acquire, 69
exclusive, 482
mutex, 214
release, 69
shared, 482
lock-key scheme, 614
lock() operation, 482
log-based transaction-oriented file systems, 543–544
log files, 86
logging, 672
logical address, 330
logical address space, 329–331
logical blocks, 444
logical file system, 519
logical formatting, 453
logical memory, 21, 372. See also virtual memory
logical records, 487
logical units, 445
login, network, 505
long-term scheduler (job scheduler), 112
LOOK scheduling algorithm, 451
loopback, 138
lottery scheduling, 315
low-level formatting (disks), 453
LRU-approximation page replacement algorithm, 392–394
LWP (lightweight process), 187
MAC (message-authentication code), 656
Mach operating system, 81–82, 84, 131–134
Mac OS X, 84
macro viruses, 643
magic number (files), 485
mailbox sets, 134
mainframes, 5
contiguous allocation of, 334–338
mapping, 335
protection, 335
and dynamic loading, 331
Intel IA-32 example:
and logical vs. physical address space, 329–331
paging for management of, 340–357
ARM processors, 362
Oracle SPARC Solaris, 357
segmentation for management of, 355–357
main TLB, 362
MANs (metropolitan-area networks), 37
mandatory file-locking mechanisms, 483–484
man-in-the-middle attack, 635
many-to-many multithreading model, 170–171
many-to-one multithreading model, 169
mapping, 34
Mars Pathfinder, 218
maskable interrupts, 567
masquerading, 634
mass-storage management, 27
mass-storage structure, 441–444
disk attachment:
host-attached, 445
storage-area network, 446
disk management:
disk scheduling algorithms, 446–452
C-SCAN, 450
LOOK, 451
performance improvement, 460
reliability improvement, 459–460
solid-state disks, 443
stable-storage implementation, 468–470
swap-space management, 456–458
master book record (MBR), 454
master file directory (MFD), 493
master file table, 520
master key, 617
master secret (SSL), 660
matchmakers, 140
MB (megabyte), 9
MBR (master book record), 454
mean time between failures (MTBF), 474
mean time to data loss, 459
mean time to failure, 459
mean time to repair, 459
mechanisms, 76
media services layer, iOS, 84
medium-term scheduler, 113, 114
megabyte (MB), 9
memory:
anonymous, 458
direct memory access, 12
direct virtual memory access, 570
main, see main memory
physical, 21
secondary, 378
semiconductor, 11
unified virtual memory, 539
virtual, see virtual memory
memory-address register, 329
execution and loading of user programs, 713
memory-management unit (MMU), 330
memory-mapped I/O, 409–410, 563
defined, 404
memory protection, 335
memory-resident pages, 376
memory stall, 290
memory-style error-correcting organization, 462
memory transaction, 239
message-authentication code (MAC), 656
message digest (hash value), 656
message modification, 634
message passing, 122
message-passing model, 72, 126–130
metadata, 505
metaslabs, 537
methods (in Java programs), 623
metropolitan-area networks (MANs), 37
MFD (master file directory), 493
MFU page-replacement algorithm, 394
Microsoft Interface Definition Language (MIDL), 140
Microsoft Windows, see Windows
micro TLBs, 362
middleware, 7
MIDL (Microsoft Interface Definition Language), 140
minicomputers, 5
minimum granularity, 703
mirroring, 459
MMU (memory-management unit), 330
mobile systems:
multitasking in, 115
swapping on, 334
mode bit, 22
modify bits (dirty bits), 385
module loader (Linux), 695, 696
module management (Linux), 695–696
dining-philosophers solution using, 227–229
implementation of, using semaphores, 229–230
resumption of processes within, 230–232
monitor calls, see system calls
monoculture, 645
Moore's Law, 6
most-frequently used (MFU) page-replacement algorithm, 394
mount points, 500
mount protocol, 548
MTBF (mean time between failures), 474
multicore programming, 166–169
programming challenges, 167–168
multicore systems, 166
MULTICS operating system, 606–608
multilevel feedback-queue scheduling algorithm, 283–285
multilevel index, 533
multilevel queue scheduling algorithm, 281–283
multipartite viruses, 645
multiple-partition method, 336
multiprocessing:
in Google Chrome browser, 123
memory access model for, 15
multiprocessor scheduling, 286–291
examples of:
and multicore processors, 289–291
and processor affinity, 288, 289
multiprocessor systems (parallel systems, tightly coupled systems), 14–16, 166
multitasking (time sharing), 20
multithreading:
and exec() system call, 183
and fork() system call, 183
and scheduler activations, 187–188
and thread-local storage, 187
mutex locks, 212–214, 234–235, 244–245
N
named shared-memory object, 407
namespace, 699
domain name system, 504
of files, 478
lightweight directory-access protocol, 505
network(s). See also local-area networks (LANs); wide-area networks (WANs)
metropolitan-area (MANs), 37
security in, 636
small-area, 37
wireless, 35
network-attached storage (NAS), 445–446
network computers, 35
mount protocol, 548
path-name translation, 550
remote operations, 551
network information service (NIS), 504
network-layer protocol, 657
network login, 505
network operating systems, 38
new state, 107
NIS (network information service), 504
nonblocking (asynchronous) message passing, 129
noncontainer objects (Windows 7), 677
nonmaskable interrupt, 567
nonpreemptive kernels, 207
nonpreemptive scheduling, 272
nonsignaled state, 233
non-uniform memory access (NUMA), 16, 398–399
nonvolatile RAM (NVRAM), 11
nonvolatile RAM (NVRAM) cache, 460
Noop scheduler, 452
NUMA (non-uniform memory access), 16, 398–399
NVRAM (nonvolatile RAM), 11
NVRAM (nonvolatile RAM) cache, 460, 470
O
objects:
free, 412
hardware vs. software, 603
in Linux, 709
used, 412
object types, 525
obscurity, security through, 667
off-line compaction of space, 529
one-time pad, 665
one-time passwords, 664
one-to-one multithreading model, 170
on-line compaction of space, 529
open-file table, 481
open() operation, 481
open-source operating systems, 43–48
operating system(s):
closed-source, 44
features of, 3
mechanisms for, 76
network, 38
operations of:
and timer, 24
policies for, 76
real-time, 43
as resource allocator, 5
security in, 636
study of, 48
system's view of, 5
user interface with, 4–5, 58–62
optimal page replacement algorithm, 388–389
ordinary (anonymous) pipes, 142–145
orphans (orphan processes), 121–122
out-of-band key delivery, 657
over allocation (of memory), 383–384
owner rights (Linux), 729
P
p (page number), 341
packets, 727
packing, 486
pages:
defined, 341
page address extension (PAE), 360
page allocator (Linux), 707
page-buffering algorithms, 394–395
page directory pointer table, 360
page fault, 377
page-fault-frequency (PFF), 403–405
page-fault rate, 381
page number (p), 341
pageout (Solaris), 420
pageout policy (Linux), 712
pager (term), 375
page replacement, 383–395. See also frame allocation
and application performance, 395
counting-based page replacement, 394
FIFO page replacement, 387–389
global vs. local, 398
LRU-approximation page replacement, 392–394
optimal page replacement, 388–389
and page-buffering algorithms, 394–395
page replacement algorithm, 386
page slots, 458
forward-mapped, 353
Oracle SPARC Solaris, 357
page-table base register (PTBR), 346
page-table length register (PTLR), 350
ARM processors, 362
in Linux, 712
and memory protection, 349–350
Oracle SPARC Solaris, 357
priority, 421
swapping vs., 456
paging mechanism (Linux), 712
paired passwords, 664
PAM (pluggable authentication modules), 728
parallelism:
concurrency vs., 166
parallelization, 17
parallel regions, 181
parallel systems, See multiprocessor systems
parent process, 116
partition(s), 336, 489, 523–524
boot, 454
raw, 457
root, 523
partition boot sector, 520
partitioning, disk, 453
path name, 494
path names:
absolute, 496
relative, 496
path-name translation, 550
PCBs (process control blocks, task control blocks), 107–109
PCI bus, 562
PCS (process-contention scope), 285
PC systems, 3
PDAs (personal digital assistants), 11
penetration test, 666
percentage speedup, 473
performance:
and allocation of disk space, 534–535
performance improvement, 460, 539–542
performance tuning, 87
periodic processes, 294
permissions, 510
per-process open-file table, 521
personal computer (PC) systems, 3
personal digital assistants (PDAs), 11
personal firewalls, 673
personal identification number (PIN), 664
PFF (page-fault-frequency), 403–405
phishing, 636
physical address, 329
physical address space, 329–330
physical formatting, 453
physical memory, 21, 372, 707–710
physical security, 635
PIC (position-independent code), 715
pid (process identifier), 116
PIN (personal identification number), 664
pinning, 419
PIO (programmed I/O), 410, 569
pipe mechanism, 724
platform as a service (PaaS), 42
pluggable authentication modules (PAM), 728
plug-in processes, 123
policy(ies), 76
policy algorithm (Linux), 712
polling, 565
polymorphic viruses, 644
pools:
of free pages, 382
of storage, 468
pop-up browser windows, 638
portals, 35
port scanning, 649
position-independent code (PIC), 715
positioning time (disks), 442
POSIX:
interprocess communication example, 130–131
real-time scheduling, 298, 299
possession (of capability), 613
power collapse, 585
power-of-2 allocator, 410
power users, 61
P + Q redundancy scheme, 463–464
preemptive kernels, 207
preemptive multitasking, 701–702
preemptive scheduling, 271–272
premaster secret (SSL), 660
principle of least privilege, 602–603
priority-based scheduling algorithm, 293–294
priority-inheritance protocol, 218, 236
priority inversion, 217–218, 236
priority number, 230
priority paging, 421
priority replacement algorithm, 401
priority scheduling algorithm, 278–279
private cloud, 41
private keys, 654
privileged instructions, 22
privileged mode, see kernel mode
probes (DTrace), 89
procedural (imperative) languages, 241
process(es), 20
background, 282
communication between, see interprocess communication
and context switches, 114
cooperating, 122
defined, 105
foreground, 282
heavyweight, 163
independent, 122
I/O-bound vs. CPU-bound, 113
job vs., 106
in Linux, 701
multithreaded, see multithreading
single-threaded, 163
threads performed by, 109
process-contention scope (PCS), 285
process control blocks (PCBs, task control blocks), 107–109
process-control system calls, 66–71
process file systems (Linux), 720–721
process identifier (pid), 116
process identity (Linux), 698–699
process management, 24–25, 698–701
process mix, 113
processor sets, 288
process representation (Linux), 110
process scheduler, 111
process scheduling:
thread scheduling vs., 269
process synchronization:
bounded-buffer problem, 219–220
critical-section problem, 206–207
Peterson's solution to, 207–209
dining-philosophers problem, 222–223, 227–229
examples of:
functional programming languages, 241–242
Java, 232
dining-philosophers solution, 227–229
resumption of processes within, 230–232
semaphores, implementation using, 229–230
readers-writers problem, 220–222
production kernels (Linux), 689
profiling (DTrace), 88
programs, processes vs., 106–107. See also application programs
program execution (operating system service), 56
program files, 478
program loading and execution, 74
programmable interval timer, 575
programmed I/O (PIO), 410, 569
programming languages, functional, 241–242
programming-language support, 74
logic bombs, 639
stack- or buffer overflow attacks, 639–642
trap doors, 638
projects, 307
proportional allocation, 397–398
proportional share scheduling, 297–298
access matrix as model of, 608–612
capability-based systems, 617–620
file, 478
language-based systems, 620–625
compiler-based enforcement, 620–623
as operating system service, 57–58
permissions, 510
and principle of least privilege, 602–603
and revocation of access rights, 616–617
security vs., 633
static vs. dynamic, 604
protection domain, 604
protection mask (Linux), 729
providers (DTrace), 89
PTBR (page-table base register), 346
thread cancellation in, 186–187
PTLR (page-table length register), 350
public cloud, 41
public domain, 691
public keys, 654
pull migration, 289
pure code, 350
pure demand paging, 378
push migration, 289
Q
capacity of, 130
input, 328
queueing diagram, 112
queueing-network analysis, 310
R
race condition, 205
RAID (redundant arrays of inexpensive disks), 458–468
extensions, 466
performance improvement, 460
reliability improvement, 459–460
selecting a level, 466
structuring, 459
RAID array, 459
RAM (random-access memory), 9
random-access devices, 572, 573
random-access memory (RAM), 9
random-access time (disks), 442
rate, of periodic task, 294
rate-monotonic scheduling algorithm, 295–296
raw partitions, 457
RBAC (role-based access control), 615
read-ahead technique, 541
read-end, 142
readers, 220
readers-writers problem, 220–222
reading files, 480
read only devices, 573
read-only memory (ROM), 92–93, 454
read-write devices, 573
ready state, 107
real-time class, 302
real-time CPU scheduling, 291–298
earliest-deadline-first scheduling, 296–297
priority-based scheduling, 293–294
proportional share scheduling, 297–298
rate-monotonic scheduling, 295–296
real-time operating systems, 43
real-time range (Linux schedulers), 702
real-time systems, 43
real-time value (Linux), 300
records:
logical, 487
master boot, 454
recovery:
and consistency checking, 542–543
of files and directories, 542–545
red-black trees, 35
redundancy, 459. See also RAID
redundant arrays of inexpensive disks, see RAID
reentrant code (pure code), 350
reference bits, 392
Reference Model, ISO, 658
reference string, 386
register(s), 65
memory-address, 329
page-table base, 346
page-table length, 350
for page tables, 346
relocation, 330
registry, 74
regressive round-robin scheduler, 316
relative block number, 488
relative path names, 496
relative speed, 207
release() operation, 482
relocation register, 330
remainder section, 206
remote operations, network file system, 551
removable storage media:
solid-state disks, 443
renderer processes, 123
rendezvous, 129
repair, mean time to, 459
replay attacks, 634
replication:
in RAID, 465
repositioning (in files), 480
request edge, 245
request manager, 722
resolution, and page size, 415
resolving links, 498
resource allocation (operating system service), 57
resource-allocation graph, 244–248
resource allocator, operating system as, 5
resource sharing, 165
resource utilization, 5
restore:
data, 545
state, 114
reverse engineering, 44
revocation of access rights, 616–617
rich text format (RTF), 670
rights amplification (Hydra), 618
risk assessment, 666
roles, 615
role-based access control (RBAC), 615
ROM (read-only memory), 92–93, 454
root partitions, 523
root uid (Linux), 729
rotational latency (disks), 442, 447
round-robin (RR) scheduling algorithm, 279–282, 316
RTF (rich text format), 670
running state, 107
running system, 93
run queue, 316
RW (read-write) format, 27
S
safe computing, 670
SANs, see storage-area networks
SATA buses, 443
save, state, 114
scalability, 166
SCAN (elevator) scheduling algorithm, 449–450
scatter-gather I/O method, 578
short-term, 113
scheduling:
cooperative, 272
CPU, see CPU scheduling
disk scheduling algorithms, 446–452
C-SCAN, 450
LOOK, 451
job, 20
kernel synchronization, 704–706
symmetric multiprocessing, 706
multiprocessor, see multiprocessor scheduling
nonpreemptive, 272
scheduling classes, Linux, 300
script kiddies, 642
SCS (system-contention scope), 285
SCSI (small computer-systems interface), 12
SCSI buses, 443
SCSI initiator, 445
SCSI targets, 445
search path, 495
secondary memory, 378
secondary storage, 10, 517. See also disk(s)
second-chance page-replacement algorithm (clock algorithm), 392–393
second extended file system (ext2fs), 717
section objects, 135
sectors, disk, 442
sector sparing, 455
secure single sign-on, 505
secure systems, 634
security. See also file access; program threats; protection; user authentication
implementing defenses, 665–672
accounting, 672
auditing, 672
logging, 672
vulnerability assessment, 666–667
kernel-based vs. compiler-based, 621–622
authentication, 728
as operating system service, 57–58
protection vs., 633
and system/network threats, 645–650
port scanning, 649
use of cryptography for, 650–661
via user authentication, 661–665
biometrics, 665
security access tokens (Windows 7), 675
security context (Windows 7), 676
security descriptor (Windows 7), 676–677
security domains, 672
security through obscurity, 667
seeds, 664
seek, file, 480
segment base, 340
segment limit, 340
segment tables, 340
semantics:
copy, 580
immutable-shared-files, 507
session, 507
binary, 214
counting, 214
and deadlocks, 217
defined, 214
implementation of monitors using, 229–230
and priority inversion, 217–218
and starvation, 217
semiconductor memory, 11
sense key, 582
sequential access (files), 487
serial ATA (SATA) buses, 443
serial dispatch queues, 182
server subject (Windows 7), 676
services, Android, 115
services, operating system, 55–58, 74
session hijacking, 635
session semantics, 507
shares, 307
shared files, immutable, 507
shared lock, 482
shared-memory model, 73, 124–126
sharing:
load, 286
time, 20
shells, 58
shortest-job-first (SJF) scheduling algorithm, 275–278
shortest-remaining-time-first scheduling, 277–278
shortest-seek-time (SSTF) scheduling algorithm, 448–449
short-term scheduler (CPU scheduler), 113, 271
shoulder surfing, 662
signals:
Linux, 724
signaled state, 233
signatures, 668
signature-based systems, 668
simple operating system structure, 78–79
simple subject (Windows 7), 676
single indirect blocks, 533
single kernel spinlock, 706
single-level directories, 492–493
single-processor systems, 13–14, 269
single-threaded processes, 163
singly linked list, 32
64-bit computing, 361
SJF scheduling algorithm, 275–278
slab (Linux), 708
slab allocation, 411–413, 708–710
slim reader-writer locks, 254
small-area networks, 37
small computer-systems interface, see under SCSI
SMP, see symmetric multiprocessing
snapshots, 544
sniffing, 662
social engineering, 636
socket interface, 574
soft affinity, 288
soft error, 453
soft links, 558
soft real-time systems, 291, 704
software as a service (SaaS), 42
software capability, 619
software interrupts (traps), 567
software objects, 603
software transactional memory (STM), 240
Solaris, 46
paging with SPARC CPU, 357
swap-space management in, 457–458
solid-state disks (SSDs), 11, 28, 443, 452
source-code viruses, 643
source files, 478
SPARC, 357
special-purpose computer systems, 43
speed:
of operations (I/O devices), 573
relative, 207
spinlock, 213
spoofed client identification, 504
spoofing, 673
spool, 581
spooling, 581
spyware, 638
SSDs, see solid-state disks
SSTF (shortest-seek-time) scheduling algorithm, 448–449
stack(s), 32
stack algorithms, 391
stack-overflow attacks, 639–642
stalling, 326
starvation, see indefinite blocking
stateless DFS, 506
state restore, 114
state save, 114
static linking, 331–332, 714–715
static protection, 604
status information, 74
status register, 564
stealth viruses, 644
STM (software transactional memory), 240
Stoll, Clifford, 672
storage, 9–12. See also mass-storage structure
definitions and notations, 9
tertiary, 27
storage-area networks (SANs), 18, 445, 446
mass-storage management, 27
stream ciphers, 653
stream head, 589
streaming transfer rates, 471
string, reference, 386
stubs, 331
subsystems, 74
SunOS, 46
superblock, 520
supervisor mode, see kernel mode
swap map, 458
swapper (term), 375
defined, 20
and demand paging, 375
in Linux, 712
on mobile systems, 334
paging vs., 456
swap space, 378
swap-space management, 456–458
switch architecture, 12
switching, domain, 605
symmetric mode, 17
symmetric multiprocessing (SMP), 15, 287, 706
synchronization, 129. See also process synchronization
synchronous message passing, 129
synchronous writes, 541
SYSGEN (system generation), 91–92
system administrators, 61
system calls (monitor calls), 8, 62–73
for file management, 71
for information maintenance, 72
system-call firewalls, 674
system-contention scope (SCS), 285
system disk, see boot disk
system files, 495
system generation (SYSGEN), 91–92
system libraries (Linux), 693, 694
system mode, see kernel mode
systems programs, 6
system resource-allocation graph, 244–248
system utilities, 74–75, 693–695
system-wide open-file table, 520
T
table(s), 372
master file, 520
open-file, 481
page, 378
per-process open-file, 521
segment, 340
system-wide open-file, 520
tags, 613
target latency, 703
target thread, 185
tasks (Linux), 701
task control blocks (process control blocks, PCBs), 107–109
task parallelism, 168
TCBs (trusted computer bases), 674–675
TCP sockets, 137
terminal concentrators, 591
terminated state, 107
termination:
cascading, 121
tertiary storage devices, 27
text files, 478
text section (of process), 106
theft of service, 634
third extended file system (ext3), 717–719
defined, 400
and page-fault-frequency strategy, 403–404
and working-set model, 401–403
threads. See also multithreading
components of, 163
idle, 302
JVM and host operating system, 179
kernel, 169
and multicore programming, 166–169
and process model, 109
target, 185
user, 169
thread-local storage (TLS), 187
thread scheduling, 269
threats, 634. See also program threats
throughput, 273
tightly coupled systems, see multiprocessor systems
time:
compile, 328
effective access, 379
effective memory-access, 348
execution, 329
of file creation/use, 478
load, 328
turnaround, 273
waiting, 273
time profiles, 72
time quantum, 279
time sharing (multitasking), 20
time slice, 702
TLB (translation look-aside buffer), 347, 362
TLB miss, 347
TLB walk, 357
TLS (thread-local storage), 187
top half interrupt service routines, 705
Torvalds, Linus, 687
touchscreens, 60
trace listings, 87
trace tapes, 311
tracks, disk, 442
transactions:
atomic, 210
defined, 719
in log-structured file systems, 543–544
transfer rate (disks), 444
translation look-aside buffer (TLB), 347, 362
transport-layer protocol (TCP), 657
trap doors, 638
tree(s), 33
tree-structured directories, 495–496
triple indirect blocks, 533
Tripwire file system, 671
trusted computer bases (TCBs), 674–675
tunnels, 673
tunneling viruses, 644
turnaround time, 273
turnstiles, 236
two-factor authentication, 664
two-level directories, 493–495
two tuple, 339
type safety (Java protection), 624
U
UDP sockets, 137
UFD (user file directory), 493
UFS (UNIX file system), 519
UI, see user interface
UMA (uniform memory access), 16
UMS (user-mode scheduling), 304–305
unbounded capacity (of queue), 130
unified buffer cache, 540, 541
unified virtual memory, 539
uniform memory access (UMA), 16
universal serial buses (USBs), 443
UNIX file system (UFS), 519
UNIX operating system:
consistency semantics for, 506–507
and Linux, 687
permissions in, 510
swapping in, 334
unnamed semaphores, 238
upcalls, 188
upcall handler, 188
U.S. Digital Millennium Copyright Act (DMCA), 44
USBs (universal serial buses), 443
user accounts, 675
with biometrics, 665
user control list, 514
user-defined signal handlers, 184
user file directory (UFD), 493
user identifiers (user IDs), 31
effective, 31
for files, 478
user interface (UI), 56, 58–52, 61–62
user-mode scheduling (UMS), 304–305
user programs (user tasks), 106, 713
user rights (Linux), 729
user threads, 169
utility storage, 467
V
variable class, 302
variables, automatic, 640
variable timer, 24
vector programs, 646
vfork() (virtual memory fork), 383
VFS, see virtual file system
victim frames, 385
virtual address, 330
virtual address space, 372–373, 711–712
virtual file system (VFS), 524–526, 715–717
virtual machine manager (VMM), 22
and copy-on-write technique, 382–383
demand paging for conserving, 375–381
with inverted page tables, 416
and program structure, 416–417
pure demand paging, 378
and restarting instructions, 378–379
direct virtual memory access, 570
equal allocation, 397
global vs. local allocation, 398
proportional allocation, 397–398
and kernel memory allocation, 410–413
page replacement for conserving, 383–395
and application performance, 395
counting-based page replacement, 394
FIFO page replacement, 387–389
LRU-approximation page replacement, 392–394
optimal page replacement, 388–389
and page-buffering algorithms, 394–395
separation of logical memory from physical memory by, 372
size of, 372
page-fault-frequency strategy, 403–404
unified, 539
virtual memory fork, 383
virtual memory regions, 711
virtual private networks (VPNs), 658
virtual run time, Linux, 300
virus dropper, 643
VMM (virtual machine manager), 22
vnode, 524
voice over IP (VoIP), 40
volumes, 490
volume control block, 520
volume table of contents, 490
von Neumann architecture, 10
VPNs (virtual private networks), 658
vulnerability assessments, 666–667
W
WAFL file system, 544, 551–554
waiting state, 107
waiting time, 273
wait queue, 724
watchdogs, 679
wide-area networks (WANs), 17, 37
WiFi networks, 34
Windows:
interprocess communication example, 135–136
Windows thread library, 174–176
wireless (WiFi) networks, 34
working-set maximum (Windows), 420
working-set minimum (Windows XP), 420
workstations, 5
world rights (Linux), 729
World Wide Web, 503
WORM (write-once, read-many) format, 27
worst-fit strategy, 337
write-anywhere file layout (WAFL), 551. See also WAFL file system
write-end, 142
write only devices, 573
writers, 220
writing files, 480
X
XDR (external data representation), 140
Xerox, 59
XML firewall, 674
Y
yellow pages (network information service), 504
Z
Z
zero capacity (of queue), 130
zero-day attacks, 669
zero-fill-on-demand technique, 383
ZFS file system, 466–467, 537–538, 544
zombie process, 121
zombie systems, 649
zones (Linux), 707