CSS 214: Operating Systems

(L-2; T-0; P-3) 3 Units

MODULE 6
Dr. O. S. Adebayo
&
Mr. Peter Anyaora
Course Outline
Device management
• characteristics of serial and parallel devices
• abstracting device differences
• buffering strategies; direct memory access
• recovery from failures.
Security and protection
• overview of system security
• policy/mechanism separation
• security methods and devices
• encryption
• recovery management.
 Serial vs Parallel devices
Serial Device:
 Data is sent bit by bit from one computer to another in bi-
direction.
 Each bit has its clock plus rate.
 Eight bits are transferred at a time having a start and stop bit
i.e 0 and 1 respectively.
 For transmitting data to a longer distance, data
cables are used.
Parallel Transmission:
 Various bits are sent together simultaneously with a
single clock plus.
 Fast way to transmit as it uses many input/output
liens for transferring the data.
 Difference between serial and parallel devices
Serial transmission requires a single line to
communicate and transfer data
Whereas, Parallel transmission requires
multiple lines
Serial transmission used for long distance
communication
Whereas, Parallel transmission are used for
shorter distance communication.
Error and noise are least in Serial as compared
to Parallel transmission. Since one bit follows
another in serial transmission whereas, in
parallel transmission multiple bits are sent
together
Serial and Parallel Transmission

Figure 1. Serial vs Parallel Transmission. Source: 7

Abstracting Device Differences
Abstraction layers enable a device driver to interact
with a hardware device at a general, or abstract, level
rather than at a detailed hardware level.

Figure 2. Abstracting device-driver development -

Embedded.com, 2021
Abstracting Device Differences
An abstraction layer makes a convenient interface between
device drivers and I/O hardware.

Many operating system vendors don't present a

uniform interface between the device drivers and the
I/O hardware.
This is because writing drivers for each and every one
is a task too daunting for any one organization to take
on.
So, while a single-board computer (SBC) will typically
come with software that ensures operation with the
operating system—usually a board support package
(BSP)—customers are forced to write or port device
drivers for off-board peripherals.
 Buffering Strategies
A buffer is a memory area that stores data
being transferred between two devices or
between a device and an application.

Buffering techniques
Three main I/O buffering techniques
Single buffer: when data is stored in a section
of the system memory.
Double buffer: allows for two buffers to be
used.
Circular buffering: uses a priority-based
queue for when more than two buffers are
needed.
 Memory Access (Direct)
• CPU only initiates operation
• DMA controller transfers data directly to/from main
memory
• Interrupt when transfer completed
• Protocol to input data using DMA

Figure 3. Direct Memory Access. Source: codescracker.com

Direct Memory Access
 I/O module shares the bus with the processor.
 It can use the bus only when the CPU does
not need it.
 it can steal cycles from the CPU by forcing it to
free the bus.
 Procedure: – Processor sends message to DMA
(R/W, where, how much) – Processor continues
while I/O proceeds – At the end, I/O module
sends interrupt signal to the processor
 Recovery from Failures

The recovery process is designed to

recover a server to a previous operating
state, in the event of a hardware or
operating system failure.

The recovery process will begin by

starting computer using a Bootable
Recover Assist Media (BRAM) or a
Bootable Backup Media (BBM).
 Overview of system security
 OS security is the process of ensuring OS
integrity, confidentiality and availability.
 OS security refers to specified steps or
measures used to protect the OS from
threats, viruses, worms, malware or remote
hacker intrusions.
 It encompasses all preventive-control
techniques, which safeguard any computer
assets capable of being stolen, edited or
deleted if OS security is compromised.
System security
Includes:
Performing regular OS patch updates
Installing updated antivirus engines and
software
Scrutinizing all incoming and outgoing
network traffic through a firewall
Creating secure accounts with required
privileges only (i.e., user management)
 Overview of system security
• System addresses several particular functions that involve computer security

Figure 4. System Security. Source: codescracker.com

Policy/mechanism separation
Policies are techniques to choose which activities to perform.
Mechanisms are the implementations that enforce policies, and often
depend to some extent on the hardware on which the operating system
runs.
For instance, a processes may be granted resources using the first come,
first serve policy. This policy may be implemented using a queue of
requests.
Often the kernel provides mechanisms that are used to implement policies
in servers.
The separation of mechanism and policy states that mechanisms (those
parts of a system implementation that control the authorization of
operations and the allocation of resources) should not dictate (or overly
restrict) the policies according to which decisions are made about which
operations to authorize, and which resources to allocate.
While both are most commonly discussed in the context of security
mechanisms (authentication and authorization), separation of mechanism
and policy is applicable to a range of resource allocation problems
(e.g. CPU scheduling, memory allocation, quality of service) as well as the
design of software abstractions
Policy/mechanism separation

Figure 5. OS Sepration of Policy and Mechanism. Source: codescracker.com

 Security method and Devices
The most common techniques used to protect
operating systems include:

Use of antivirus software and other

endpoint protection measures
Regular OS patch updates
Firewall for monitoring network traffic
Enforcement of secure access through least
privileges and user controls
Security method and Devices
• Authentication Measures
Authentication involves matching an identified user with the
programs or data they are allowed to access.
All operating systems have controls that can be used to verify
that users who run a particular program are authorized to do so.

Authenticate techniques at the operating system level:

Security keys: keys are provided by a key generator, usually
in the form of a physical dongle.
The user must insert the key into a slot in the machine to log in.
Username-password combinations: The user enters a
username that is registered with the OS, along with a
matching password.
Biometric signatures: The user scans a physical attribute,
such as a fingerprint or retina, to identify themselves.
 Security method and Devices
• Multi-factor authentication:
Modern authentication systems use multiple methods
to identify a user
combining something the user knows (credentials),
something they own (such as a mobile device), and/or
a physical characteristic (biometrics).
Using One-Time Passwords
 One-time passwords offer an additional layer of
security when combined with standard authentication
measures.
 Users must enter a unique password generated each
time they log in to the system.
A one-time password cannot be reused.
 Security method and Devices
• Examples of one-time passwords include:
• Network passwords: An application sends a one-time password to
the users via a registered email address or mobile phone number.
• Random numbers: The user receives a card with listing numbers that
correspond to matching letters.
• Secret keys: The user receives a device that generates secret keys.

Virtualization
Virtualization enables you to abstract software from hardware,
effectively separating the two.
The main advantage of virtualization is that it introduces a high level of
efficiency and flexibility, while providing greater security coverage.

Types of virtualization:
desktop, application, network, server, network, storage, and OS
virtualization.
 Security method and Devices

Figure 6. OS Security overview. Source: 3

 Security method and Devices
Encryption
Encryption is the conversion of original
information into secret code that hides its true
meaning.
The science of encrypting and decrypting
information is called cryptography.
The original message or unencrypted data is also
known as plaintext
The converted or encrypted data is
called ciphertext.
The techniques used to encode and decode
messages are called encryption
algorithms, or ciphers.
 Recovery Management
The process of planning, testing, and implementing
the recovery procedures and standards required to
restore service in the event of a component failure
Either by returning the component to normal
operation, or taking alternative actions to restore
service.
Recovery Management is the acknowledgement that
failures will occur regardless of how well the system is
designed.
The intent is to anticipate and minimize the impact
of these failures through the implementation of
predefined, pretested, documented recovery plans
and procedures.
 Recovery Management

Figure 7. System Recovery Management Interface. Source: 1

 References
1. HP Notebook PCs - Using System Recovery, Factory Reset and Minimized Image Recovery
Options | HP® Customer Support. (n.d.). Retrieved October 25, 2021, from
https://support.hp.com/in-en/document/c02638587
2. Security Features of Trusted Operating Systems. (n.d.). Retrieved October 25, 2021, from
https://www.brainkart.com/article/Security-Features-of-Trusted-Operating-
Systems_9627/
3. Understanding OS Security: Threats and Security Controls - Hysolate. (n.d.). Retrieved
October 25, 2021, from https://www.hysolate.com/learn/sandboxing/understanding-os-
security-threats-and-security-controls/
4. Abstracting device-driver development - Embedded.com. (n.d.). Retrieved October 25,
2021, from https://www.embedded.com/abstracting-device-driver-development/
5. Difference Between Serial and Parallel Transmission (with Comparison Chart). (n.d.).
Retrieved October 25, 2021, from https://techdifferences.com/difference-between-serial-
and-parallel-transmission.html
6. I/O buffering and its Various Techniques - GeeksforGeeks. (n.d.). Retrieved October 25,
2021, from https://www.geeksforgeeks.org/i-o-buffering-and-its-various-techniques/
7. Computer Data Storage | Operating System, 2021. OS-Chapter 4 - Device
Management.
8. I/O buffering and its Various Techniques - GeeksforGeeks, 2021
9. Understanding OS Security: Threats and Security Controls - Hysolate, 2021