Operating System Fundamentals: Processes, Memory, and Security

Posted on Mar 8, 2025 in Computers

Operating Systems: Core Concepts and Mechanisms

Process Scheduling

Round-robin scheduling is a preemptive algorithm that distributes CPU time equally among tasks in an operating system. However, it doesn’t take priority into account. Another issue is that a process might not have any work to do, so it must be actively skipped.

Daemons

Daemons open automatically and run in the background without the user’s input or control. They often start when the computer boots.

What is an Operating System?

There isn’t a universally agreed-upon definition of an operating system, but it generally performs the following functions:

  • Resource Management
  • Sharing (allowing multiple programs to share memory, processor time, and devices)
  • Virtual Machine/Abstraction (acting as an intermediary between hardware and applications)
  • Security Management

An operating system is one or more programs that provide an abstraction of our computer(s) to facilitate sharing, resource management, and security.

Batch vs. Interactive Systems

A batch system executes one job from start to finish before moving to the next. An interactive system rapidly switches between jobs, creating the illusion of multitasking.

Single Computer vs. Distributed Operating Systems

Single computer operating systems work on a single (logical) computer. Distributed operating systems connect many computers into a single computing platform.

LDAP and Active Directory

LDAP (Lightweight Directory Access Protocol) is a specialized database designed for managing user access, optimized for fast reading. Active Directory is a Microsoft-specific extension of LDAP.

Structure of an Operating System

An operating system typically consists of:

  • Userland: The operating environment for programs.
  • Kernel: The core of the operating system.
  • Device Drivers: Modules specific to hardware types/brands (e.g., NVIDIA graphics driver).
  • Hardware Abstraction Layer (HAL): Allows a generic kernel to work on different hardware (e.g., ARM vs. x64).
  • GUI/Windowing Manager: Presents a user interface.

Monolithic Kernels

Monolithic kernels are single programs where a crash in one part can affect the entire system. They are highly efficient due to shared resources.

Microkernels

In a microkernel, the kernel itself is minimal, managing processes and messages. Most other components run as separate modules in userland (e.g., filesystem, networking).

Kernel Modules

Kernel modules combine aspects of monolithic and microkernels. They allow a monolithic kernel to load objects that run as separate programs. This provides extensibility without the overhead of microkernels. Kernel modules run in kernel space (and share the same memory space).

The Processor

The processor is unique because:

  • It’s a calculating system, not a storage mechanism.
  • It’s much faster than other system components.
  • It’s a scarce resource.
  • There’s no alternative for running programs.

Processes and Process Control Blocks (PCBs)

A process is a data structure stored in the operating system’s memory, tracking resources used by a program. The PCB (Process Control Block) holds this data, including:

  • Process state (running, waiting, etc.)
  • Process priority
  • Time accounting
  • User information
  • Current working directory

Interrupts

External (hard) interrupts originate outside the CPU (e.g., Ctrl+Alt+Del). They can happen anytime. Soft interrupts (traps in MIPS) are synchronous, occurring when an instruction executes.

Preemptive vs. Cooperative Multitasking

Using a timer for process scheduling is called preemptive multitasking; the OS can preempt a program. In cooperative multitasking, programs decide when to yield control to the OS.

Scheduling Goals

Goals of scheduling include:

  • Fairness (equal CPU time)
  • Efficiency (keeping the CPU busy)
  • Responsiveness (quick response to user input)
  • Turnaround (minimizing completion time for long processes)
  • Throughput (maximizing completed jobs)

Priority Scheduling

Priority scheduling assigns priorities to processes to address round-robin’s limitations. Issues include starvation (low-priority processes may never run) and sorting overhead. Options include:

  • Variable Quantum
  • Priority Strata
  • Variable Priority

Real-Time Scheduling

Real-time scheduling is used in systems requiring precise timing (e.g., medical equipment). There are two types: hard (no missed deadlines) and soft (occasional missed deadlines are allowed).

Linux CFS (Completely Fair Scheduler)

Linux CFS uses a variable quantum, ensuring every process gets a turn within a set time (default: 20ms), weighted by priorities.

Inter-Process Communication (IPC)

IPC allows processes to work together. Methods include:

  • Files: Basic communication through files.
  • Signals: Communicate a single bit of information.
  • Shared Memory: Processes access the same memory (e.g., `mmap()` in POSIX).
  • Pipes: Pseudo-devices providing an in-memory queue.
  • Message Passing: Similar to pipes, but with explicit message sending/receiving.
  • RPCs (Remote Procedure Calls): Call functions on other computers over a network.

Threads

Threads were introduced to reduce the overhead of sharing resources between processes. The main difference between a process and a thread is security. Threads share memory mappings, file descriptors, and the heap, only having their own program counter and stack.

Kernel Threads (1-1)

Each user-space thread has a corresponding kernel-space thread, allowing separate scheduling and avoiding blocking issues.

Kernel Mode vs. User Mode

In kernel mode, the CPU can perform actions not allowed in user mode, such as:

  • Memory management functions
  • Writing to interrupt vector locations
  • Disabling interrupts
  • Returning from interrupt service routines
  • Controlling I/O peripherals
  • Raw I/O access

Context Switch

A context switch saves the state of a process when it’s removed from the CPU.

Devices and Drivers

Abstraction Layer: Simplifies device access but requires extensive domain knowledge. Device Drivers: Translate device requests to the OS abstraction layer. Blocking Mode: Process waits until data is available. Non-Blocking Mode: Process retrieves available data without waiting. Polling vs. Interrupts: Polling: CPU actively checks devices. Interrupts: Device signals CPU when ready. Disk Fragmentation and Defragmentation: Fragmentation: Creates holes when files are created/deleted. Defragmentation: Reorganizes data to close gaps and reunite fragmented files. Solid-State Drives (SSD): Transistor-based, slower than registers, with limited write cycles. Handles random block access as efficiently as sequential reading.

Memory Management

Memory Protection: Prevents one process from overwriting another’s data. Segments: Divide programs into segments (code, stack, heap). Paging: Maps logical addresses to physical memory pages. Page Tables: Manage mappings for each process. Inverted Page Tables: Maps physical to virtual addresses. Policies: Local Policy: Decides which pages to swap within a process. Global Policy: Decides system-wide page swapping. Replacement Algorithms: Clock Algorithm: Tracks least recently used pages. Demand Paging: Loads pages only when needed. Pre-Paging: Predictively loads pages.

Shells and User Interfaces

Shells: Provide user interfaces for launching applications. Init Process: Starts kernel-related processes and launches the login shell. Idle Process: Runs when no other processes can. Loaders: Prepare executables for running. Verifies executable files. Maps shared libraries into process memory. Relocation: Adjusts program addresses dynamically for security and compatibility.

Concurrency

Dining Philosophers Problem: Models resource contention. Producer/Consumer: Balances production and consumption rates. Readers/Writers Problem: Manages simultaneous read/write access. Race Conditions: Competing processes may cause unpredictable results. Synchronization Techniques: Peterson’s Algorithm: Simple but inefficient. Test-and-Set: Atomic operation for locks. Spinlocks: Busy-waiting locks. Semaphores: Kernel-controlled flags to ensure mutual exclusion.

Security

Key Concepts: Secure System: Ensures intended operations only. Threats: Potential vulnerabilities. Attacks: Attempts to exploit vulnerabilities. Attack Types: Internal/External: From within or outside the network. Programmatic Attacks: Viruses, worms, and Trojan horses. Denial of Service (DoS): Overloading a service to make it unresponsive. Defensive Measures: Cryptography: Hides data from unauthorized users. Firewalls: Regulate network traffic based on rules. Permissions/Policies: Restrict application access to resources.

Summary of Key Terms

Virtual File System (VFS): Unifies multiple file systems. Quota: Limits user disk usage. Spooler: Queues jobs for resource execution. Deadlock Mitigation: Break conditions like mutual exclusion or hold-and-wait. Employ algorithms like Banker’s or two-phase locking.