File Management

Roadmap
• Overview
• File organisation and Access
• File Directories
• File Sharing
• Secondary Storage Management
• File System Security
 Files
• Files are the central element to most
applications
• The File System is one of the most important
part of the OS to a user
• Desirable properties of files:
– Long-term existence
– Sharable between processes
– Structure
 Typical Operations
• File systems also provide functions which can
be performed on files, typically:
– Create
– Delete
– Open
– Close
– Read
– Write
 Terms
• Four terms are in common use when
discussing files:
– Field
– Record
– File
– Database
 Fields and Records
• A field is the basic element of data.
• It is characterized by its length and data type (e.g. ASCII string,
decimal).
• Depending on the file design, fields may be fixed length or variable
length.

• A record is a collection of related fields that can be treated as a unit by

some application program.

• File
– Have file names
– Is a collection of similar records
– Treated as a single entity
– May implement access control mechanisms
• Database
– Collection of related data
– Relationships exist among elements
– Consists of one or more files
 File
Management Systems
• Provides services to users and applications in
the use of files
– The way a user or application accesses files
• Programmer does not need to develop file
management software
 Objectives for a File Management
System
• Meet the data management needs of the user
• Guarantee that the data in the file are valid
• Optimize performance
• Provide I/O support for a variety of storage device
types
• Minimize lost or destroyed data
• Provide a standardized set of I/O interface routines
to user processes
• Provide I/O support for multiple users (if needed)
 Requirements for a
general purpose system
1. Each user should be able to create, delete, read, write and
modify files
2. Each user may have controlled access to other users’ files
3. Each user may control what type of accesses are allowed
to the users’ files
4. Each user should be able to restructure the user’s files in a
form appropriate to the problem
5. Each user should be able to move data between files
6. Each user should be able to back up and recover the
user’s files in case of damage
7. Each user should be able to access the user’s files by using
symbolic names
Typical software organization
 Roadmap
• Overview
• File organisation and Access
• File Directories
• File Sharing
• Record Blocking
• Secondary Storage Management
• File System Security
 File Organization
• File Management Referring to the logical
structure of records
– Physical organization discussed later

• Determined by the way in which files are

accessed
 Criteria for File Organization
• Important criteria include:
– Short access time
– Ease of update
– Economy of storage
– Simple maintenance
– Reliability
• Priority will differ depending on the use (e.g.
read-only CD vs Hard Drive)
– Some may even conflict
 File Organisation Types
• Many exist, but usually variations of:
– Pile
– Sequential file
– Indexed sequential file
– Indexed file
– Direct, or hashed, file
 The Pile
• Data are collected in the order
they arrive
– No structure
• Purpose is to accumulate a mass
of data and save it
• Records may have different fields
• Record access is by exhaustive
search
 The Sequential File
• The most common form of file
structure.
• Fixed format used for records
• Records are the same length
• All fields are the same (order and
length)
• Field names and lengths are attributes
of the file
• Key field
– Uniquely identifies the record
– Records are stored in key sequence
 Indexed Sequential File
• Maintains the key characteristic of
the sequential file:
• records are organized in sequence
based on a key field.

Two features are added:

• An index to the file to support random access,
• The overflow file is integrated so that a
record in the overflow file is located by
following a pointer from its predecessor
record
 Indexed File
• Records are accessed only through their
indexes.
• now no restriction on the placement of records
as long as a pointer in at least one index refers to
that record.
• variable-length records can be employed.

• Two types of indexes are used.

• An exhaustive index contains one entry for every
record in the main file. The index itself is
organized as a sequential file for ease of
searching.
• A partial index contains entries to records where
the field of interest exists.

• When a new record is added to the main file,

all of the index files must be updated.
 Direct or hashed File Organization
• Exploits the capability found on disks to access
directly any block of a known address.

• A key field is required in each record.

• But there is no concept of sequential ordering.

• Direct files are often used where very rapid

access is required, where fixed length records are
used, and where records are always accessed one
at a time.
 Roadmap
• Overview
• File organisation and Access
• File Directories
• File Sharing
• Record Blocking
• Secondary Storage Management
• File System Security
 Directory
• Contains information about files
– Attributes
– Location
– Ownership
• Directory itself is a file owned by the
operating system
• Provides mapping between file names and the
files themselves
 Simple Structure for a Directory
• The method for storing the previous
information varies widely between systems
• The simplest form of structure for a directory
is that of a list of entries, one for each file.
- This structure could be represented by a simple
sequential file, with the name of the file serving as
the key.
– Forces user to be careful not to use the same
name for two different files
 Two-Level Scheme for a Directory
• One directory for each user and a master
directory
– Master directory contains entry for each user
– Provides address and access control information
• Each user directory is a simple list of files for
that user
– Does not provide structure for collections of files
Hierarchical, or Tree-Structured Directory

• Master directory with

user directories
underneath it
• Each user directory
may have
subdirectories and files
as entries
 Naming
• Users need to be able to refer to a file by
name
– Files need to be named uniquely, but users may
not be aware of all filenames on a system
• The tree structure allows users to find a file by
following the directory path
– Duplicate filenames are possible if they have
different pathnames
Example of Tree-Structured Directory
 Roadmap
• Overview
• File organisation and Access
• File Directories
• File Sharing
• Record Blocking
• Secondary Storage Management
• File System Security
 File Sharing
• In multiuser system, allow files to be shared
among users
• Two issues
– Access rights
– Management of simultaneous access
 Access Rights
• The file system should provide a number of
options so that the way in which a particular file
is accessed can be controlled.

• Typically, users or groups of users are granted

certain access rights to a file.

A wide range of access rights has been used.

• These rights can be considered to constitute a
hierarchy, with each right implying those that precede
it.
 Access Rights cont…
• Execution
– The user can load and execute a program but
cannot copy it
• Reading
– The user can read the file for any purpose,
including copying
• Appending
– The user can add data to the file but cannot
modify or delete any of the file’s contents
 Access Rights cont…
• Updating
– The user can modify, delete, and add to the file’s
data.
• Changing protection
– User can change access rights granted to other
users
• Deletion
– User can delete the file
 User Classes
• Owner
– Usually the files creator, usually has full rights
• Specific Users
– Rights may be explicitly granted to specific users
• User Groups
– A set of users identified as a group
• All
– everyone
 Simultaneous Access
• When access is granted to append or update a file to
more than one user, the operating system or file
management system must enforce discipline.

• A brute-force approach is to allow a user to lock the

entire file when it is to be updated.
• A finer grain of control is to lock individual records during
update.

Issues of mutual exclusion and deadlock must be

addressed in designing the shared access capability.
 Roadmap
• Overview
• File organisation and Access
• File Directories
• File Sharing
• Secondary Storage Management
• File System Security
 Secondary Storage Management
• On secondary storage, a file consists of a
collection of blocks.
• The operating system or file management system is
responsible for allocating blocks to files.

This raises two management issues.

• First, space on secondary storage must be allocated
to files,
• second, it is necessary to keep track of the space
available for allocation.
 File Allocation Method
• Three methods are in common use:
– contiguous,
– chained, and
– indexed.
 Contiguous Allocation
• A single contiguous set of blocks is allocated to a file at
the time of file creation
• This is a preallocation strategy, using variable-size
portions.

The file allocation table needs just a single entry for each
file, showing the starting block and the length of the
file.

Contiguous allocation is the best from the point of view

of the individual sequential file.
• Multiple blocks can be read in at a time to improve I/O
performance for sequential processing.
• It is also easy to retrieve a single block.
 Contiguous File Allocation

External fragmentation will occur, making it difficult to find contiguous blocks of space of
sufficient length.

From time to time, it will be necessary to perform a compaction algorithm to free up

additional space on the disk.
External fragmentation
 Chained Allocation
• Allocation on basis of individual block
• Each block contains a pointer to the next block
in the chain
• The file allocation table needs just a single
entry for each file, showing the starting block
and the length of the file.
• No external fragmentation
• Best for sequential files
Chained Allocation
 Indexed Allocation

• File allocation table contains a separate one-level index

for each file
• The index has one entry for each portion allocated to
the file
• The file allocation table contains block number for the
index
• Allocation may be either
– Fixed size blocks or
– Variable sized blocks
• Allocating by blocks eliminates external fragmentation
Indexed allocation with Block Portions
Indexed Allocation with
Variable Length Portions
 Roadmap
• Overview
• File organisation and Access
• File Directories
• File Sharing
• Secondary Storage Management
• File System Security
 Access Control
• By successfully logging on to a system, the
user is identified
• The OS can then enforce rules
– Granting access to files and applications (or
denying)
• The OS needs a rule-set to enforce access
control
 Access Matrix
• A general model of access control exercised
by a file management system or database is an
Access Matrix
 Access Matrix
One dimension of the matrix consists of identified subjects that may attempt data access.
• Typically, this list will consist of individual users or user groups, although access could be
controlled for terminals, hosts, or applications instead of or in addition to users.

The other dimension lists the objects that may be accessed.

• At the greatest level of detail, objects may be individual data fields.
• More aggregate groupings, such as records, files, or even the entire database, may also
be objects in the matrix.

Each entry in the matrix indicates the access rights of that subject for that object.
 Access Control Lists
• In practice, an access matrix is usually
sparse and is implemented by
decomposition in one of two ways:
• A matrix may be decomposed by columns
• Giving an Access Control List (ACL) for
each file.
• Thus for each object, an access
control list lists users and their
permitted access rights.
• The access control list may contain a
default, or public, entry.
• This allows users that are not
explicitly listed as having special rights
to have a default set of rights.

• Elements of the list may include

individual users as well as groups of
users.
 Capability Lists

• Decomposition by
rows yields capability
lists (or ticket)
– specifies authorized
objects and
operations for a user.
Computer Security Threats
 Roadmap
• Computer Security Concepts
• Threats
• Intruders
• Malicious Software Overview
• Viruses, Worms, and Bots
• Rootkits
 Security definition
• The NIST Computer Security Handbook
defines computer security as:

– The protection afforded to an automated

information system in order to attain the
applicable objectives of preserving the integrity,
availability and confidentiality of information
system resources
 Computer Security Triad

• Three key objectives are at the heart of

computer security
– Confidentiality
• (data confidentiality and user privacy)
– Integrity
– Availability
• Two further concepts are often added to
the core of computer security
– Authenticity
– Accountability
 Roadmap
• Computer Security Concepts
• Threats
• Intruders
• Malicious Software Overview
• Viruses, Worms, and Bots
• Rootkits
 Threats
Four kinds of threats

Unauthorized Disclosure
• A circumstance or event whereby an entity gains access to data for which the
entity is not authorized.

Deception
• A circumstance or event that may result in an authorized entity receiving
false data and believing it to be true.

Disruption
• A circumstance or event that interrupts or prevents the correct operation of
system services and functions.

Usurpation
• A circumstance or event that results in control of system services or functions
by an unauthorized entity
 Assets
• The assets of a computer system can be
categorized as
– hardware,
– software,
– data,
– communication lines and networks.
Scope of System Security
Assets in Relation to the CIA Triad
 Roadmap
• Computer Security Concepts
• Threats
• Intruders
• Malicious Software Overview
• Viruses, Worms, and Bots
• Rootkits
 Intruders
Three main classes of intruders:
1. Masquerader,
– Typically an outsider
2. Misfeasor
– Often an insider and legitimate user
3. Clandestine user
– An individual who seizes supervisory control of the
system and uses this control to evade auditing and
access controls or to suppress audit collection
 Roadmap
• Computer Security Concepts
• Threats, Attacks, and Assets
• Intruders
• Malicious Software
• Viruses, Worms, and Bots
• Rootkits
 Malware
• General term for any Malicious softWare
– Software designed to cause damage
– Or use up the resources of a target computer.
• Some malware are parasitic
– Contained within other software
• Some malware are self-replicating, others
require some other means to propogate.
• E.g backdoor, logic bomb, trojan horse, mobile
code
 Backdoor
• Trapdoor
• Secret entry point
• Useful for programmers debugging
– But allows unscrupulous programmers to gain
unauthorized access.
 Logic Bomb
• Explodes when certain conditions are met
– Presence or absence of certain files
– Particular day of the week
– Particular user running application
 Trojan Horse
• Useful program that contains hidden code
that when invoked performs some unwanted
or harmful function
• Can be used to accomplish functions indirectly
that an unauthorized user could not
accomplish directly
– User may set file permission so everyone has
access
 Mobile Code
• Transmitted from remote system to local
system
• Executed on local system without the user’s
explicit instruction
• Common example is cross-site scripting
attacks
 Roadmap
• Computer Security Concepts
• Threats, Attacks, and Assets
• Intruders
• Malicious Software Overview
• Viruses, Worms, and Bots
• Rootkits
 Parts of Virus
• Software that “infects” other software by
modifying them
• Modification includes
– An infection mechanism
– Trigger
– Payload
 Virus Stages
• During its lifetime, a typical virus goes through
the following four phases:
– Dormant phase
– Propagation phase
– Triggering phase
– Execution phase

70
 Worms
• Replicates itself
• Use network connections to spread form
system to system
• Email virus has elements of being a worm (self
replicating)
– But normally requires some intervention to run,
so classed as a virus rather than worm
71
 Worm Propogation
• Electronic mail facility
– A worm mails a copy of itself to other systems
• Remote execution capability
– A worm executes a copy of itself on another
system
• Remote log-in capability
– A worm logs on to a remote system as a user and
then uses commands to copy itself from one
system to the other
 Bots
• From Robot
– Also called Zombie or drone
• Program secretly takes of another Internet-
attached computer
• Launch attacks that are difficult to trace to
bot’s creator
• Collection of bots is a botnet
 Multiple-Threat Malware
• Multipartite virus infects in multiple ways
• Blended attack uses multiple methods
• Ex: Nimda has worm, virus, and mobile code
characteristics
 Roadmap
• Computer Security Concepts
• Threats, Attacks, and Assets
• Intruders
• Malicious Software Overview
• Viruses, Worms, and Bots
• Rootkits
 Rootkit
• Set of programs installed on a system to
maintain administrator (or root) access to that
system
• Hides its existence
• With root access, Attacker has complete
control of the system.
 Rootkit installation
• Often as a trojan
– Commonly attached to pirated software
• Installed manually after a hacker has gained root
access
• Rootkits can be classified based on whether they
can survive a reboot and execution mode.
– Persistent
– Memory based
– User mode
– Kernel mode
Computer Security Protection
Techniques
 Roadmap
• Authentication
• Access Control
• Intrusion Detection
• Malware Defense
 Authentication
• Basis for most type of access control and
accountability
• Two steps
– Identification
– Verification
 Means of Authentication
• Traditionally listed as three factors
• Something you know
– Password, PIN
• Something you have
– Card, RFID badge
• Something you are
– Static Biometrics: Fingerprint, face
– Dynamic Biometrics: handwriting, voice
recognition, typing rhythm
 Password-Based
Authentication
• Determines if user is authorized to access the
system
• Determines privileges for the user
• Discretionary access control may be applied
 Hashed Passwords

• Widely used technique

for storing passwords
• Secure against a
variety of cryptanalytic
attacks
 Token-Based Authentication
• Objects that a user possesses for the purpose
of user authentication are called tokens.
• Examples include
– Memory cards
– Smart cards
 Memory Cards
• Memory cards can store but not process data.
• Often used in conjunction with password or
ping
• Drawbacks include
– Requires a special reader
– Token loss
– User dissatisfaction
 Smart Cards
• Contains microprocessor, along with memory,
and I/O ports.
• Many types exist differing by three main
aspects:
– Physical characteristics
– Interface
• Static
• Dynamic password generator
• Challenge-response
 Static Biometric Authentication
• Includes
– Facial characteristics
– Fingerprints
– Hand geometry
– Retinal pattern
• Based on pattern recognition,
– technically complex and expensive.
Dynamic Biometric Authentication
• Patterns may change
• Includes
– Iris
– Signature
– Voice
– Typing rhythm
 Roadmap
• Authentication
• Access Control
• Intrusion Detection
• Malware Defence
 Access Control
Dictates what types of access are permitted, under what circumstances, and by whom.
• Discretionary access control (DAC):
• Controls access based on the identity of the requestor and on access rules (authorizations)
stating what requestors are (or are not) allowed to do.
• This policy is termed discretionary because an entity might have access rights that permit the
entity, by its own volition, to enable another entity to access some resource.

• Mandatory access control (MAC):

• Security labels indicate how sensitive or critical system resources are
• Security clearances indicate which system entities are eligible to access certain resources
• MAC controls access based on comparing security labels with security clearances
• This policy is termed mandatory because an entity that has clearance to access a resource
may not, just by its own volition, enable another entity to access that resource.

• Role-based access control (RBAC):

• Controls access based on the roles that users have within the system and on rules stating
what accesses are allowed to users in given roles.
Not mutually exclusive
Extended Access Control
Matrix
 Role Based Access Control
• Effective implementation of the principle of
least privilege
• Each role should contain the minimum set of
access rights needed for that role.
• A user is assigned to a role that enables him or
her to perform what is required for that role.
– But only while they are performing that role
Roles
 Roadmap
• Authentication
• Access Control
• Intrusion Detection
• Malware Defense
 Some Definitions
• Security intrusion:
– A security event in which an intruder gains access
to a system without authorization.
• Intrusion detection:
– A security service that monitors and analyzes
system events to find intrusions and provide alerts
 Intrusion Detection Systems (IDS)
• Host-based
– Monitors a single host
• Network-based
– Centrally monitors networks traffic, devices
 IDS Components
• Sensors
– Collect data and forward to the analyzer.
• Analyzers
– Determines if an intrusion has occurred
• User interface
– The user interface to an IDS enables a user to view
output from the system or control the behaviour
of the system.
 Roadmap
• Authentication
• Access Control
• Intrusion Detection
• Malware Defense
 Antivirus Approaches
• Ideal approach is prevention, don’t allow a
virus onto the system!
– Impossible in many cases.
• Next best approach requires:
– Detection
– Identification
– Removal
 Generic Decryption (GD)
Generic decryption (GD) technology enables the antivirus program to easily detect even the
most complex polymorphic viruses while maintaining fast scanning speeds

When a file containing a polymorphic virus is executed, the virus must decrypt itself to activate.

To detect such a structure, executable files are run through a GD scanner, which contains the
following elements:
CPU emulator:
• A software-based virtual computer.
• Instructions in an executable file are interpreted by the emulator rather than executed on
the underlying processor.
• The emulator includes software versions of all registers and other processor hardware, so
that the underlying processor is unaffected by programs interpreted on the emulator.

Virus signature scanner:

• A module that scans the target code looking for known virus signatures.

Emulation control module:

• Controls the execution of the target code.
 Behaviour Blocking Software
• Integrates with the operating system
– monitors program behavior in real time for
malicious actions and blocks them.
• Monitored behaviors may include:
– opening or modifying certain files
– formatting disk drives
– Modifications to executable files or macros
– Modification of critical system settings
– Network communication
Behavior-Blocking Software Operation