operating system exercises --chapter 14-sol

14 CHAPTER Protection Practice Exercises 14.1 What are the main differences between capability lists and access lists? Answer: An access list is a list for each object consisting of the domains with a nonempty set of access rights for that object. A capability list is a list of objects and the operations allowed on those objects for each domain. 14.2 A Burroughs B7000/B6000 MCP file can be tagged as sensitive data. When such a file is deleted, its storage area is overwritten by some random bits. For what purpose would such a scheme be useful? Answer: This would be useful as an extra security measure so that the old content of memory cannot be accessed, either intentionally or by accident, by another program. This is especially useful for any highly classified information. 14.3 In a ring-protection system, level 0 has the greatest access to objects, and level n (greater than zero) has fewer access rights. The access rights of a program at a particular level in the ring structure are considered as a set of capabilities. What is the relationship between the capabilities of a domain at level j and a domain at level i to an object (for j > i)? Answer: D j is a subset of D i . 14.4 The RC 4000 system (and other systems) have defined a tree of processes (called a process tree) such that all the descendants of a process are given resources (objects) and access rights by their ancestors only. Thus, a descendant can never have the ability to do anything that its ancestors cannot do. The root of the tree is the operating system, which has the ability to do anything. Assume the set of access rights was represented by an access matrix, A. A(x,y) defines the access rights of process x to 55

Upload: evilanubhav

Post on 10-Apr-2015

1.684 views

Category:

Documents

1 download

Report

Download

Embed Size (px):

DESCRIPTION

These are some very important solved questions of Operating System book by Galvin

TRANSCRIPT

Page 1: operating System exercises --chapter 14-sol

14C H A P T E R

Protection

Practice Exercises

14.1 What are the main differences between capability lists and access lists?Answer: An access list is a list for each object consisting of the domainswith a nonempty set of access rights for that object. A capability list isa list of objects and the operations allowed on those objects for eachdomain.

14.2 A Burroughs B7000/B6000 MCP file can be tagged as sensitive data.When such a file is deleted, its storage area is overwritten by somerandom bits. For what purpose would such a scheme be useful?Answer: This would be useful as an extra security measure so that theold content of memory cannot be accessed, either intentionally or byaccident, by another program. This is especially useful for any highlyclassified information.

14.3 In a ring-protection system, level 0 has the greatest access to objects,and level n (greater than zero) has fewer access rights. The access rightsof a program at a particular level in the ring structure are considered asa set of capabilities. What is the relationship between the capabilitiesof a domain at level j and a domain at level i to an object (for j > i)?Answer: Dj is a subset of Di .

14.4 The RC 4000 system (and other systems) have defined a tree of processes(called a process tree) such that all the descendants of a process are givenresources (objects) and access rights by their ancestors only. Thus, adescendant can never have the ability to do anything that its ancestorscannot do. The root of the tree is the operating system, which has theability to do anything. Assume the set of access rights was representedby an access matrix, A. A(x,y) defines the access rights of process x to

Page 2: operating System exercises --chapter 14-sol

56 Chapter 14 Protection

object y. If x is a descendant of z, what is the relationship between A(x,y)and A(z,y) for an arbitrary object y?Answer: A(x,y) is a subset of A(z,y).

14.5 What protection problems may arise if a shared stack is used for pa-rameter passing?Answer: The contents of the stack could be compromised by otherprocess(es) sharing the stack.

14.6 Consider a computing environment where a unique number is associ-ated with each process and each object in the system. Suppose that weallow a process with number n to access an object with number m onlyif n > m. What type of protection structure do we have?Answer: Hierarchical structure.

14.7 Consider a computing environment where a process is given the priv-ilege of accessing an object only n times. Suggest a scheme for imple-menting this policy.Answer: Add an integer counter with the capability.

14.8 If all the access rights to an object are deleted, the object can no longerbe accessed. At this point, the object should also be deleted, and thespace it occupies should be returned to the system. Suggest an efficientimplementation of this scheme.Answer: Reference counts.

14.9 Why is it difficult to protect a system in which users are allowed to dotheir own I/O?Answer: In earlier chapters we identified a distinction between kerneland user mode where kernel mode is used for carrying out privilegedoperations such as I/O. One reason why I/O must be performed inkernel mode is that I/O requires accessing the hardware and properaccess to the hardware is necessary for system integrity. If we allowusers to perform their own I/O, we cannot guarantee system integrity.

14.10 Capability lists are usually kept within the address space of the user.How does the system ensure that the user cannot modify the contentsof the list?Answer: A capability list is considered a “protected object” and isaccessed only indirectly by the user. The operating system ensures theuser cannot access the capability list directly.

8.1 Solutions to Exercises - OpenTextBookStore Catalog 8 Sol… · · 2015-07-03Last edited 12/4/14 8.1 Solutions to Exercises 1. Since the sum of all angles in a triangle is 180°,

2.2 Exercises AE-2 - jontalle.web.engr.illinois.edu file2.2. EXERCISES AE-2 391 Thus we ﬁnd the equation is a rotated ellipse. –Q 1.4: What is the name of this curve? Sol: It is

System Operating Limits Methodology For The Operations …This document is the RC West’s System Operating Limit (SOL) Methodology for the Operations Horizon [NERC Standard FAC-011-3

Governance Standard Operating Procedures Technology ... · PDF fileGovernance Standard Operating Procedures Technology Training & Exercises Usage ... s H e l p s F c u s ... 4 P R

Operating System Exercises 20082010 - vLSM.org · Operating Systems Concepts a) Describe briefly, what a system program is! b) Give some examples of point 'a'. c) Describe briefly,

Stock Option Exercises and the Quality of Operating Cash Flows

Exercises on ConsolidJSGNGation - Book (TEXT - SOL)

Ubuntu Linux Operating System Installation Guidetyan.com/EN/solution/openpower-GN70BP010/Palmetto...xxx.xxx.xxx.xxx -I lanplus -U admin -P admin sol activate. Leave SOL console by

Operating Systems I Supervision Exercises - …srk31/teaching/1a-osi-exercises-latest.pdf · The following diagram shows a simple Von Neumann ... A naive system designer calculates

Operating Systems I Supervision Exercises€¦ · (d ) DOS, a single-tasking monolithic operating system, allows some executables to directly specify the physical memory addresses

SOL-5 SOL-2B SOL-2P SOLH-3file.yizimg.com/145913/20078161848358283922368.pdf · 2015-11-24 · 2 Description Type SOL-5 SOL-2B SOL-2P SOLH-3 Material : Stem Float Stopper Operating

Simply Sol-fa - dogsandbirds.co.uk · Simply Sol-fa Over 300 Exercises for Aural Training ... As you start each exercise first find these notes and play them through two or three