Accounting, Protection, Security and More Fault Handling Gotchas

1
Accounting, Protection, SecurityandMore Fault
Handling Gotchas

• May 26, 2000
• Instructor Gary Kimura

2
Todays Topics

• Accounting
• Protection and security
• Handling faults

3
Accounting Systems

• In large old computing centers accounting systems
  were very common.
• Not that applicable in a PC environment.
• But again useful in a network
• The task was not necessarily to restrict usage
  but to hold individual users accountable for
  their usage of the system
• Why?
• Charge back to make money
• Monitor system usage monitoring
• When to buy a bigger system
• Locate usage hogs

4
Things to measure

• We measure things that give us a metric for
  overall and specific system usage
• CPU Usage
• Main Memory Usage
• Disk Usage
• Paper Usage
• Connect time usage
• How to do the measurement is mostly pretty
  obvious but not always

5
Quotas

• A means of limiting resource usage by an
  individual or a group
• Typical quota items include
• Disk usage
• Memory usage
• Open handle usage
• Mail box usage
• Either the system prohibits a users usage from
  exceeding their quota or sounds a lot of bells
  and whistles when they do

6
Protection and Security

• Dont trust anyone
• Naïve user with dumb mistakes
• Destructive malicious user
• DOD security levels (A D)
• D least protected system (MS-DOS pass any tests)
• C discretionary protection and accountability
  with two subgroups (C1 and C2)
• B mandatory protection (security levels)
• A highest level of security

7
Protection put on objects and users

• Access control lists
• Identify either a group or a individual user
• Indicates if access is allowed or denied
• Object reuse
• Be sure to clear out memory and secondary storage
  before reusing objects space
• Revocation
• Each user/process has an ID and usually a list of
  access rights
• Some systems allow the system to revoke the
  access rights to an existing process, some
  systems do not

8
More security issues

• Authentication
• Password, etc
• Program threats
• Trojan Horses
• Trap doors
• System threats
• Worms
• Viruses
• Encryption
• Denial of service attacks

9
Places where page faults occur

• User invoked faults
• Code
• Data
• Both
• Kernel invoked faults
• Code
• Data
• Both

10
Double faults

• In some systems it is okay for a page fault
  handler to itself cause a fault
• There is somewhat a chicken and egg problem that
  needs to be addressed
• Eventually the last fault needs all of its data
  code to be resident in memory
• It is possible to pin down your code and data,
  however doing so usually takes more CPU cycles
  than its worth. So just make the code nonpaged
  to start with.

11
Collided page faults

• When two processes both fault in the same page at
  the same time we can come up with a collided page
  fault.
• The same can happen if one process touches a page
  while the fault is almost through being handled

12
Things to come

• Distributed Systems
• RPC
• Review
• Final exam day