OS
Theory Concept Map
Stephen
Patton
CPT
304 Operating Systems Theory & Design
Amitava
Karmaker
May
1, 2023
An operating
system can be classified as a resources allocator and control program which
ensures processes have the resources needed to complete jobs while also
controlling user programs and devices to ensure proper system operation. The
four primary functions of an operating system include processes, memory,
storage management, and security and protection. The process management
function ensures each process or unit of work in a system works correctly by
effectively and efficiently scheduling the execution of processes and threads
by the CPU. The memory management function controls and coordinates the main
memory to ensure enough memory is available to run operations without affecting
other processes. According to Sheldon (2022), "memory management strives
to optimize memory usage so the CPU can efficiently access the instructions and
data it needs to execute the various processes" (Para. 2). Main memory
management keeps track of memory usage and who is using it while loading
processes by allocating space and deallocating space when a process is
complete.
In addition, Storage
management allows the operating system to control and optimize the use of
storage devices that store files and programs to improve system
performance and availability. Wilson (2023) explains, "It tries to improve
and maximize the efficiency of data storage resources" (Para. 1). Some of
these activities include creating and deleting files and directories while also
managing space, allocation of storage, disk scheduling, and ensuring information
is correctly distributed across the storage hierarchy to reduce CPU access
time. The security function protects the system from internal and external
threats like viruses and unauthorized system usage. At the same time, the
protection function controls access to processes and resources to improve
reliability through error detection. According to Silberschatz et al. (2014),
"protection and security require the system to be able to distinguish
among all its users" (p 31). The system uses a list of usernames,
including user IDs and group identifiers, to authenticate system access and tie
a user or group to a set of privileges that prevent unauthorized access to
systems and files. Figure 1 below shows an operating system's main components and roles.
Figure 1
Operating System Component Concept
Map
A process is a
program task that is being executed by the CPU. According to Silberschatz et
al. (2014), "a process is the unit of work in a modern time-sharing
system" (p. 105). A modern time-sharing system can consist of many
processes, including user and operating-system tasks. Processes are often referred
to as active entities, which include the program code or text section, register
contents, program counter or current instruction, stack or temporary data, data
section, or global variables and have a heap or dynamically allocated
memory. According to Silberschatz et al. (2014), "as a process executes,
it changes state" (p. 107). The different states include new or the
process being created. The running state or when instructions are being
executed. Waiting or when the process is waiting for something to happen.
A single-threaded
process executes a single sequence of instructions and can only run on one
processor at a given time. Since only one process can run at a time, the
process must finish before another can begin. However, a process can be swapped
or paused and resumed to run programs concurrently without running into race
conditions. According to Jenov (2021), "When you only have one thread
accessing a data structure shared by multiple tasks (because all the tasks are
executed by the same thread), you avoid the problems of race conditions"
(No Race Conditions Section). In contrast, multi-threading allows a program to
be separated into multiple threads to be executed concurrently through context
swapping or in parallel if there are multiple cores. Multi-threading enables a
program to do many things simultaneously, like checking for spelling errors while a
user types or allows a server to process multiple requests simultaneously.
Multi-threading is
also able to make use of different thread models to help improve system
performance. A single thread can only be used with a one-to-one model that
links the user thread to a kernel thread. A multi-threaded operation can use a
one-to-one model, a many to many, and many to one. A one-to-one model in a
multi-threaded system can take advantage of a multicore system but may suffer from
increased overhead. In a many-to-one model, a user-space thread library is used
to manage the threads, which is efficient due to low overhead by the operating
system, but it lacks multicore support and is rarely used today. Combing the
best features of the one-to-one and many-to-one models, the many-to-many allows
for unlimited user threads and multicore support. Figure 2 below shows the concepts
of single and multi-threaded process synchronization.
Figure 2
Thread and Process
Synchronization Concept Map
The objective of
memory management in operating systems is to utilize memory as efficiently as
possible to allow for some degree of multiprogramming by controlling and
coordinating a computer's main memory. According to JavaTpoint (n.d.),
"its management is critical to the computer system because the amount of
main memory available in a computer system is very limited" (Para. 1). To
overcome the limited amount of physical memory, memory management must keep
track of all the available and used space, allocate and deallocate space for
various processes, provide ways for large programs to run on memory smaller
than the programs, and to protect and share memory between processes.
One of the many
ways memory management provides more space than is available is by swapping
processes to and from main memory using a backing store or secondary memory.
Sahay (2020) explains the swapping scheme "temporarily swaps out an idle
or blocked process from the main memory to secondary memory, which ensures
proper memory utilization and memory availability for those processes which are
ready to be executed" (Para. 2). Although this method is good at
maximizing CPU utilization, it fails at decreasing page faults and can run into
issues sharing common resources which can affect performance. Another memory
management scheme is called contiguous memory allocation. The scheme divides
memory into fixed or variable-sized partitions or blocks which contain one
process. This method allows several processes to be in memory at one time, and
multiprogramming is limited by the number of partitions available.
Additionally,
virtual memory address spaces are logical addresses generated by the CPU in reference
to a program and are visible to users. Logical addresses are used to reference
physical addresses in the main memory and are mapped by the memory management
unit (MMU), which is used in segmentation and paging. In contrast, physical
addresses refer to a location in the main memory that is not visible to users
and computed by the MMU. Physical address spaces reduce the time needed to
access a program's processes by the CPU; however, they are limited by their
size and may need more space to hold all the program's processes. Swapping
processes from main memory to secondary storage can help to elevate the space
constraints, but loading an entire process from storage to main memory can be
time-consuming. To improve the process, virtual address spaces artificially
expand the main memory by using secondary storage. Segments or pages are loaded
and swapped in and out of virtual memory, which is mapped to physical memory
allowing large programs to run on a limited amount of main memory. Figure 3 below
outlines the different memory schemes, protection, and virtual memory.
Figure 3
Memory Management Concept Map
File management is a software feature an operating system provides to manage files. It addresses individual and group files and all files in a computer system. A file system provides details about files, including their location, owner, time created or modified, and type and state. File management functions allow users to create, modify and delete files within a computer system. It also manages the locations of files so they can be easily retrieved and allows files to be securely shared among processes. In addition, it protects files from data loss or destruction by making copies or backups that can be recovered. It also standardizes I/O operations through an interface to provide read, write, and extract functions and simplifies the modification of files. To protect files further, it manages the permissions of files, including the ability to read, write and execute by various users. It supports the mounting and extraction from devices like hard drives, flash drives, and peripherals while organizing files and folders or directories into hierarchies that are easy to navigate. These directory structures include single-level, two-level, tree structures, acyclic, and general graph directories.
The operating acts
as an intermediary between hardware and application interfaces to service
different input/output devices like hard disks, keyboards, monitors, and
printers. Like a disk drive, hardware is connected through a port and contains
a controller that sends information to the operating system and CPU over a bus.
This information is translated by a device driver, which standardizes the
format of commands making it easier to connect various devices of ever-evolving
technology. Furthermore, the software controls the flow of information and
manages the protection and synchronization of processes allowing for memory
virtualization and swap space to improve system performance and efficiency.
Figure 4 below shows the different components of storage management and directory
structures used to manage file systems.
Figure 4
Storage Management Concept Map
Although used
interchangeably, protection and security differ in that protection focuses on
internal threats while security focuses on external ones. Internal threats like
unauthorized access to data or resources and external threats like viruses can
be malicious and unintentional. An operating system (OS) or application may
implement different types of protection to secure access or privileges or help
to enforce protection policies like domain and language-based protection. The
goal of domain protection is to secure resources that a process may access.
According to Silberschatz et al. (2014), "A process should be allowed to
access only those resources for which it has authorization" (p. 603). The
need-to-know principle applies to domain protection as it should require access
to only the resources needed to accomplish a task. The structure of a domain
includes a set of objects and operations that can be applied to those objects,
which can be either static, dynamic, or overlap. A domain can represent a user,
process, or procedure and helps protect the system by controlling access to
objects, resources, and privileges, which can prevent or limit the amount of
damage that may occur.
In contrast,
language-based protection aims to enforce system protection at the application
level using the application's programming language. This provides a more robust
layer of security by allowing an application to identify potential issues that
might be unknown to the operating system. For example, a compiler may be
programmed to protect different resources as they are declared apart from the
operating system, which can be more flexible and efficient. This type of
protection often imposes the principles of least privilege and need-to-know to
ensure access and resources are regulated to appropriate users and tasks. Additionally,
an access matrix provides the ability to control the operations a process can
invoke on an object within a specified domain. According to GeeksforGeeks
(2022), "Access matrix is used to define the rights of each process
executing in the domain with respect to each object" (Para. 1). Each
domain may only allow certain privileges to be used on specific objects
depending on which domain a process is allocated. For example, in Table 1
below, if a user is given access to domain 1, they can read files 1 and 3 but
may not have access to file 2 or to print. The model ensures that access writes
are given to only those contained in specific domains.
Furthermore,
security is essential and is used to protect programs, systems, and networks
from threats. Program threats can include Trojan horses or malware disguised as
a legitimate program and logic bombs or embedded code that can be
triggered when certain conditions are met. Both can be used to conduct
malicious functions, providing unauthorized access or damaging programs and
computer systems. In addition, network threats like worms, proxy scanning, and
denial of service attacks can disrupt many systems at once, which can lead to
unauthorized access, misuse, or prevent access to services. Security methods
like cryptography, authentication, instruction protection, and anti-virus
applications can help defend against many of these threats by providing ways to
secure access to data or resources and identifying potential problems while
isolating them from a system or application. Figure 5 below outlines the
different concepts of both protection and security.
Figure 5
Protection & Security
Concept Map
As a cyber and data security major, I plan to use these concepts about operating system theory and design in future classes and careers by applying what I have learned to other related areas such as data structures, algorithms, and cryptography. These concepts will help build a basic understanding of more complex concepts, which will help me form a more holistic view of information technology. This approach will help me better visualize issues while improving my critical thinking skills to find solutions and explanations to system changes or threats. Understanding how an operating system functions will also help me determine which security solutions are best used to protect different systems and which tools will work best to find potential security-related problems. Furthermore, the information I have learned during this course will better guide me on my journey of earning my degree by keeping me updated on technological and application changes.
References
GeeksforGeeks.
(2022). Access matrix in Operating System. GeeksforGeeks. https://www.geeksforgeeks.org/access-matrix-in-operating-system/Links
to an external site.
JavaTpoint.
(n.d.). Memory Management. Javatpoint. https://www.javatpoint.com/memory-management-operating-systemLinks
to an external site.
Jenkov,
J. (n.d.). Single-threaded Concurrency. Tutorials.jenkov.com. https://jenkov.com/tutorials/java-concurrency/single-threaded-concurrency.html
Sahay,
M. (2022, October 10). What is Swapping in Operating Systems (OS)? Scaler
Topics. https://www.scaler.com/topics/swapping-in-os/
Sheldon,
R. (2022). Memory management. WhatIs.com. https://www.techtarget.com/whatis/definition/memory-management#:~:text=Memory%20management%20is%20the%20process,to%20carry%20out%20their%20operationsLinks
to an external site.
Silberschatz,
A., Galvin, P. B., & Gagne, G. (2014). Operating system concepts essentials (2nd ed.).
Retrieved from https://redshelf.com/Links
to an external site.
Wilson,
M. (2023). Storage Management - What is it and How to Implement &
Monitor! PC & Network Downloads - PCWDLD.com. https://www.pcwdld.com/storage-management#wbounce-modalLinks
to an external site.
Comments
Post a Comment