Memory Management and Virtualization in Operating Systems

Posted on Oct 30, 2024 in Computers

Memory Management

Memory Management Concepts

Its primary function is the transfer of data between main memory (MP) and secondary storage (MS). Since access time is greater for MS, the OS tries to reduce the number of I/O operations for MS. It aims to keep the largest number of processes in MP, allow new processes to run without space limitations in MP, and run programs larger than the physical memory capacity using overlay techniques and virtual memory.

Overlay

Overlay involves splitting the program into modules and using the same memory page for implementing the modules. The size is established based on the largest module and has performance problems due to excessive module swapping between MS and MP.

Swapping

Applied to programs that require memory for execution. Swap out is the transfer of a program from MP to MS, and swap in is the transfer of a program from MS to MP.

Contiguous Allocation

Simple Contiguous Allocation

Used in single-tasking OSes, it divides the MP into an area for the OS and one for the programs. The user has control over the MP. Protection is achieved through registers/restriction areas. It is easy to implement but does not efficiently use hardware resources.

Partitioned Contiguous Allocation (Static/Fixed/Absolute)

Memory is divided into fixed-size partitions, defined during OS boot based on currently running programs. Programs are loaded into specific partitions. Compilers and assemblers are limited to generating absolute code. Changing partition size requires an OS restart. Internal fragmentation occurs when programs don’t fully utilize partitions, leaving free memory areas.

Partitioned Contiguous Allocation (Dynamic)

Without fixed-size partitions, each program uses only the required memory space. External fragmentation occurs because programs leave available memory areas that become too small for other programs. Solutions include collecting free areas into a single area or relocating occupied partitions to eliminate spaces between them. This reduces fragmentation but increases complexity and processor/disk usage.

Virtual Memory Management

Combines MP and MS as a single memory space, allowing more processes to share MP.

Virtual Address Space

Addresses are allocated to programs in virtual memory. During execution, virtual addresses are translated to physical addresses.

Deadlock

A deadlock is waiting for an allocated resource that will never be released or an event that will not occur. Four simultaneous conditions are necessary for a deadlock: mutual exclusion, waiting for resources, no preemption, and circular wait.

Input/Output Subsystem

The OS has routines for communication with connected devices. I/O operations are performed using system calls.

Synchronous Operation

The process is on hold pending operation completion.

Asynchronous Operation

The process remains ready to run even with ongoing operations. A signal indicates operation completion.

Device Driver

Implements communication between I/O devices and controllers (hardware for handling I/O).

DMA (Direct Memory Access)

Allows some devices direct read/write access to memory.

Device Types

Structured Device

Stores information in fixed-size blocks (e.g., hard drives). Can have direct or sequential access.

Unstructured Device

Sends or receives unstructured data streams (e.g., printer).

Read/Write Times

  • Seek: Head positioning for read/write.
  • Rotational Latency: Waiting for the desired sector to reach the read mechanism.
  • Transfer: Time to transfer the block to MP.

Redundancy and Data Protection

Creating an array of disks (RAID) has six levels, aiming for increased storage capacity, performance, and reliability.

Virtualization

Running multiple OSes on a single device.

Types of Virtualization

  • Hardware Virtualization: Running several OSes on the same machine.
  • Presentation Virtualization: Accessing a computing environment without physical access.
  • Application Virtualization: Accessing applications on a virtual server without local installation.

Virtual Machines (VMs)

A complete operating environment behaving like an independent computer.

Benefits of Virtualization

  • Server consolidation
  • Development/test environments
  • Business continuity
  • Dynamic data center

Storage

Device or support for long-term data storage.

Remote Administration Tools

Telnet

Remote management via IP, supports distance, but lacks security.

SSH

Remote server administration, remote support, encapsulates protocols, and uses asymmetric key security.

VNC

Remote access to machines with any OS, supports remote aid, uses TCP/IP, maintains sessions upon disconnection, but doesn’t transfer files, opens one terminal at a time, and has slow screen updates.

Terminal Service

Administers the server from any client machine. All processing is performed on the server, allowing simultaneous connections (creating sessions for each client).

Terminal Service Modes

  • Remote Administration Mode: Server management from any location (requires administrator privileges, no license needed).
  • Application Server Mode: Server runs applications remotely (used for clients with limited hardware resources, requires a license).

Remote Desktop

Remote connection to Windows desktops, aims to remotely control computers on a LAN or the Internet, and allows sharing of disks and serial ports.

Security Threats and Protection

Security Breaches

  • Breach of Confidentiality: Unauthorized data reading.
  • Breach of Integrity: Unauthorized data modification.
  • Breach of Availability: Unauthorized data destruction.
  • Theft of Service: Unauthorized resource use.
  • Denial of Service: Preventing legitimate system use.

Security Attacks

  • Masking: Attacker pretends to be another host or user.
  • Replay Attack: Malicious replay of data transmission.
  • Man-in-the-Middle Attack: Attacker intercepts communication between two parties.

Security Measures

  • Physical Protection: Monitoring access to the system room.
  • Human Protection: Only authorized users access the system.
  • OS Protection: Protecting against OS vulnerabilities.
  • Network Protection: Security to prevent data interception or hacking.

Authentication

Proves the identity of the message sender, works with encryption, and verifies message integrity. The authentication algorithm consists of keys (K), messages (M), authenticators (A), a message authentication generating function, and a message authenticity verification function.

Encryption

Restricts message senders/receivers based on selectively distributed secret keys. Tools include symmetric/asymmetric encryption, authentication, and key distribution.

Firewall

A device between the network and the internet that controls network traffic based on predefined rules.

Firewall Types

  • Personal Firewall: Software layer in the OS or application.
  • Application Proxy Firewall: Understands application protocols.
  • System Call Firewall: Sits between the kernel and applications, monitoring system calls.
  • Packet Filtering Firewall: Controls connections based on IP addresses.
  • Application Firewall: Controls applications using proxy servers.

Distributed Systems

Autonomous systems connected by a communication network, each component having its own resources. Reasons for creating distributed systems include resource sharing, increased processing speed, reliability, and communication.

Clusters

Loosely coupled nodes connected by a high-performance dedicated network. Each node has its own resources.

Data Migration

Partial or total transfer of a file.

Computing Migration

Used when data transfer time exceeds remote access time.

Process Migration

Process execution in different locations for load balancing, increased speed, and hardware/software choice.