Chat with us, powered by LiveChat In addition to buffer overflows, programmers could leave back doors and privileges programs on an online system after its completion or termination, allowing an attacker to access your empl - NursingEssays

In addition to buffer overflows, programmers could leave back doors and privileges programs on an online system after its completion or termination, allowing an attacker to access your empl

In addition to buffer overflows, programmers could leave back doors and privileges programs on an online system after its completion or termination, allowing an attacker to access your employer’s online system.

>> Referring to page 7 of attached pdf, Figure 9.2, what process do you propose to the Computer Operation Manager to mitigate an attack on your employer’s online system?

Need 2 pages with peer-reviewed citations. No introduction or conclusion needed.

235

Chap ter 9 Se cu rity Vul ner a bil i ties, Threats, and Coun ter mea sures

THE CISSP EXAM TOP ICS COV ERED IN THIS CHAP TER IN CLUDE:

Do main 3: Se cu rity Ar chi tec ture and En gi neer ing 3.5 As sess and mit i gate the vul ner a bil i ties of se cu rity ar chi tec tures, de signs, and so lu tion el e ments

3.5.1 Client-based sys tems

3.5.2 Server-based sys tems

3.5.3 Data base sys tems

3.5.5 In dus trial con trol sys tems (ICS)

3.5.6 Cloud-based sys tems

3.5.7 Dis trib uted sys tems

3.5.8 In ter net of Things (IoT)

3.6 As sess and mit i gate vul ner a bil i ties in web-based sys tems

3.7 As sess and mit i gate vul ner a bil i ties in mo bile sys tems

3.8 As sess and mit i gate vul ner a bil i ties in em bed ded de vices

In pre vi ous chap ters of this book, we’ve cov ered ba sic se cu rity prin ci ples and the pro tec tive mech a nisms put in place to pre vent vi o la tion of them. We’ve also ex am ined some of the spe cific types of at tacks used by ma li cious in di vid u als seek ing to cir cum vent those pro tec tive mech a nisms. Un til this point, when dis cussing pre ven tive mea sures, we have fo cused on pol icy mea sures and the soft ware that runs on a sys tem. How ever, se cu rity pro fes sion als must also pay care ful at ten tion to the sys tem it self and en sure that their higher-level pro tec tive con trols are not built on a shaky foun da tion. Af ter all, the most se cure fire wall con fig u ra tion in the world won’t do a bit of good if the com puter it runs on has a fun da men tal se cu rity flaw that al lows ma li cious in di vid u als to sim ply by pass the fire wall com pletely.

In this chap ter, we’ll cover those un der ly ing se cu rity con cerns by con duct ing a brief sur vey of a field known as com puter ar chi tec ture: the phys i cal de sign of com put ers from var i ous com po nents. We’ll ex am ine each of the ma jor phys i cal com po nents of a com put ing sys tem—hard ware and firmware—from a se cu rity per spec tive. Ob vi ously, the de tailed anal y sis of a sys tem’s hard ware com po nents is not al ways a lux ury avail able to you be cause of re source and time con straints. How ever, all se cu rity pro fes sion als should have at least a ba sic un der stand ing of these con cepts in case they en counter a se cu rity in ci dent that reaches down to the sys tem de sign level.

The Se cu rity En gi neer ing do main ad dresses a wide range of con cerns and is sues, in clud ing se cure de sign el e ments, se cu rity ar chi tec ture, vul ner a bil i ties, threats, and as so ci ated coun ter mea sures. Ad di tional el e ments of this do main are dis cussed in var i ous chap ters: Chap ter 6, “Cryp tog ra phy and Sym met ric Key Al go rithms,” Chap ter 7, “PKI and Cryp to graphic Ap pli ca tions,” Chap ter 8, “Prin ci ples of Se cu rity Mod els, De sign, and Ca pa bil i ties,” and Chap ter 10, “Phys i cal Se cu rity Re quire ments.” Please be sure to re view all of these chap ters to have a com plete per spec tive on the top ics of this do main.

As sess and Mit i gate Se cu rity Vul ner a bil i ties Com puter ar chi tec ture is an en gi neer ing dis ci pline con cerned with the de sign and con struc tion of

com put ing sys tems at a log i cal level. Many col lege-level com puter en gi neer ing and com puter sci ence pro grams find it dif fi cult to cover all the ba sic prin ci ples of com puter ar chi tec ture in a sin gle se mes ter, so this ma te rial is of ten di vided into two one-se mes ter cour ses for un der grad u ates. Com puter ar chi tec ture cour ses delve into the de sign of cen tral pro cess ing unit (CPU) com po nents, mem ory de vices, de vice com mu ni ca tions, and sim i lar top ics at the bit level, defin ing pro cess ing paths for in di vid ual logic de vices that make sim ple “0 or 1” de ci sions. Most se cu rity pro fes sion als do not need that level of knowl edge, which is well be yond the scope

236

of this book and the CISSP exam. How ever, if you will be in volved in the se cu rity as pects of the de sign of com put ing sys tems at this level, you would be well ad vised to con duct a more thor ough study of this field.

This ini tial dis cus sion of com puter ar chi tec ture may seem at first to be ir rel e vant to CISSP, but most of the se cu rity ar chi tec tures and de sign el e ments are based on a solid un der stand ing and im ple men ta tion of com puter hard ware.

The more com plex a sys tem, the less as sur ance it pro vides. More com plex ity means that

more ar eas for vul ner a bil i ties ex ist and more ar eas must be se cured against threats. More vul ner a bil i ties and more threats mean that the sub se quent se cu rity pro vided by the sys tem is less trust wor thy.

Hard ware Any com put ing pro fes sional is fa mil iar with the con cept of hard ware. As in the con struc tion in dus try,

hard ware is the phys i cal “stuff” that makes up a com puter. The term hard ware en com passes any tan gi ble part of a com puter that you can ac tu ally reach out and touch, from the key board and mon i tor to its CPU(s), stor age me dia, and mem ory chips. Take care ful note that al though the phys i cal por tion of a stor age de vice (such as a hard disk or flash mem ory) may be con sid ered hard ware, the con tents of those de vices—the col lec tions of 0s and 1s that make up the soft ware and data stored within them—may not. Af ter all, you can’t reach in side the com puter and pull out a hand ful of bits and bytes!

Pro ces sor

The cen tral pro cess ing unit (CPU), gen er ally called the pro ces sor or the mi cro pro ces sor, is the com puter’s nerve cen ter—it is the chip (or chips in a mul ti pro ces sor sys tem) that gov erns all ma jor op er a tions and ei ther di rectly per forms or co or di nates the com plex sym phony of cal cu la tions that al lows a com puter to per form its in tended tasks. Sur pris ingly, the CPU is ca pa ble of per form ing only a lim ited set of com pu ta tional and log i cal op er a tions, de spite the com plex ity of the tasks it al lows the com puter to per form. It is the re spon si bil ity of the op er at ing sys tem and com pil ers to trans late high-level pro gram ming lan guages used to de sign soft ware into sim ple as sem bly lan guage in struc tions that a CPU un der stands. This lim ited range of func tion al ity is in ten tional—it al lows a CPU to per form com pu ta tional and log i cal op er a tions at blaz ing speeds.

For an idea of the mag ni tude of the progress in com put ing tech nol ogy over the years, view

the Moore’s Law ar ti cle at http://en.wikipedia.org/wiki/Moore’s_law.

Ex e cu tion Types

As com puter pro cess ing power in creased, users de manded more ad vanced fea tures to en able these sys tems to process in for ma tion at greater rates and to man age mul ti ple func tions si mul ta ne ously. Com puter en gi neers de vised sev eral meth ods to meet these de mands:

At first blush, the terms mul ti task ing, mul ti core, mul ti pro cess ing, mul ti pro gram ming, and

mul ti thread ing may seem nearly iden ti cal. How ever, they de scribe very dif fer ent ways of ap proach ing the “do ing two things at once” prob lem. We strongly ad vise that you take the time to re view the dis tinc tions be tween these terms un til you feel com fort able with them.

Mul ti task ing In com put ing, mul ti task ing means han dling two or more tasks si mul ta ne ously. In the past, most sys tems did not truly mul ti task be cause they re lied on the op er at ing sys tem to sim u late mul ti task ing by care fully struc tur ing the se quence of com mands sent to the CPU for ex e cu tion. When a pro ces sor was hum ming along at mul ti ple gi ga hertz, it was hard to tell that it was switch ing be tween tasks rather than work ing on two tasks at once. A sin gle-core mul ti task ing sys tem is able to jug gle more than one task or process at any given time.

Mul ti core To day, most CPUs are mul ti core. This means that what was pre vi ously a sin gle CPU or mi cro pro ces sor chip is now a chip con tain ing two, four, eight, or po ten tially dozens of in de pen dent ex e cu tion cores that can op er ate si mul ta ne ously.

Mul ti pro cess ing In a mul ti pro cess ing en vi ron ment, a mul ti pro ces sor com put ing sys tem (that is, one with more than one CPU) har nesses the power of more than one pro ces sor to com plete the ex e cu tion of a mul ti threaded ap pli ca tion. For ex am ple, a data base server might run on a sys tem that con tains four, six, or more pro ces sors. If the data base ap pli ca tion re ceives a num ber of sep a rate queries si mul ta ne ously, it might send each query to a sep a rate pro ces sor for ex e cu tion.

237

Two types of mul ti pro cess ing are most com mon in mod ern sys tems with mul ti ple CPUs. The sce nario just de scribed, where a sin gle com puter con tains mul ti ple pro ces sors that are treated equally and con trolled by a sin gle op er at ing sys tem, is called sym met ric mul ti pro cess ing (SMP). In SMP, pro ces sors share not only a com mon op er at ing sys tem but also a com mon data bus and mem ory re sources. In this type of ar range ment, sys tems may use a large num ber of pro ces sors. For tu nately, this type of com put ing power is more than suf fi cient to drive most sys tems.

Some com pu ta tion ally in ten sive op er a tions, such as those that sup port the re search of sci en tists and math e ma ti cians, re quire more pro cess ing power than a sin gle op er at ing sys tem can de liver. Such op er a tions may be best served by a tech nol ogy known as mas sively par al lel pro cess ing (MPP). MPP sys tems house hun dreds or even thou sands of pro ces sors, each of which has its own op er at ing sys tem and mem ory/bus re sources. When the soft ware that co or di nates the en tire sys tem’s ac tiv i ties and sched ules them for pro cess ing en coun ters a com pu ta tion ally in ten sive task, it as signs re spon si bil ity for the task to a sin gle pro ces sor. This pro ces sor in turn breaks the task up into man age able parts and dis trib utes them to other pro ces sors for ex e cu tion. Those pro ces sors re turn their re sults to the co or di nat ing pro ces sor, where they are as sem bled and re turned to the re quest ing ap pli ca tion. MPP sys tems are ex tremely pow er ful (not to men tion ex tremely ex pen sive!) and are used in a great deal of com put ing or com pu ta tional-based re search.

Both types of mul ti pro cess ing pro vide unique ad van tages and are suit able for dif fer ent types of sit u a tions. SMP sys tems are adept at pro cess ing sim ple op er a tions at ex tremely high rates, whereas MPP sys tems are uniquely suited for pro cess ing very large, com plex, com pu ta tion ally in ten sive tasks that lend them selves to de com po si tion and dis tri bu tion into a num ber of sub or di nate parts.

Mul ti pro gram ming Mul ti pro gram ming is sim i lar to mul ti task ing. It in volves the pseu dosi mul ta ne ous ex e cu tion of two tasks on a sin gle pro ces sor co or di nated by the op er at ing sys tem as a way to in crease op er a tional ef fi ciency. For the most part, mul ti pro gram ming is a way to batch or se ri al ize mul ti ple pro cesses so that when one process stops to wait on a pe riph eral, its state is saved and the next process in line be gins to process. The first pro gram does not re turn to pro cess ing un til all other pro cesses in the batch have had their chance to ex e cute and they in turn stop for a pe riph eral. For any sin gle pro gram, this method ol ogy causes sig nif i cant de lays in com plet ing a task. How ever, across all pro cesses in the batch, the to tal time to com plete all tasks is re duced.

Mul ti pro gram ming is con sid ered a rel a tively ob so lete tech nol ogy and is rarely found in use to day ex cept in legacy sys tems. There are two main dif fer ences be tween mul ti pro gram ming and mul ti task ing:

Mul ti pro gram ming usu ally takes place on large-scale sys tems, such as main frames, whereas mul ti task ing takes place on per sonal com puter (PC) op er at ing sys tems, such as Win dows and Linux.

Mul ti task ing is nor mally co or di nated by the op er at ing sys tem, whereas mul ti pro gram ming re quires spe cially writ ten soft ware that co or di nates its own ac tiv i ties and ex e cu tion through the op er at ing sys tem.

Mul ti thread ing Mul ti thread ing per mits mul ti ple con cur rent tasks to be per formed within a sin gle process. Un like mul ti task ing, where mul ti ple tasks oc cupy mul ti ple pro cesses, mul ti thread ing per mits mul ti ple tasks to op er ate within a sin gle process. A thread is a self-con tained se quence of in struc tions that can ex e cute in par al lel with other threads that are part of the same par ent process. Mul ti thread ing is of ten used in ap pli ca tions where fre quent con text switch ing be tween mul ti ple ac tive pro cesses con sumes ex ces sive over head and re duces ef fi ciency. In mul ti thread ing, switch ing be tween threads in curs far less over head and is there fore more ef fi cient. Many In tel CPUs since the 2002 re lease of Xeon in cluded the pro pri etary mul ti thread ing tech nol ogy known as hy per thread ing, which is the abil ity to vir tu al ize two pro ces sors per phys i cal core in or der to al low for the con cur rent sched ul ing of tasks. In mod ern Win dows im ple men ta tions, for ex am ple, the over head in volved in switch ing from one thread to an other within a sin gle process is on the or der of 40 to 50 in struc tions, with no sub stan tial mem ory trans fers needed. By con trast, switch ing from one process to an other in volves 1,000 in struc tions or more and re quires sub stan tial mem ory trans fers as well.

A good ex am ple of mul ti thread ing oc curs when mul ti ple doc u ments are opened at the same time in a word pro cess ing pro gram. In that sit u a tion, you do not ac tu ally run mul ti ple in stances of the word pro ces sor—this would place far too great a de mand on the sys tem. In stead, each doc u ment is treated as a sin gle thread within a sin gle word pro ces sor process, and the soft ware chooses which thread it works on at any given mo ment.

Sym met ric mul ti pro cess ing sys tems use thread ing at the op er at ing sys tem level. As in the word pro cess ing ex am ple just de scribed, the op er at ing sys tem also con tains a num ber of threads that con trol the tasks as signed to it. In a sin gle-pro ces sor sys tem, the op er at ing sys tem (OS) sends one thread at a time to the pro ces sor for ex e cu tion. SMP sys tems send one thread to each avail able pro ces sor for si mul ta ne ous ex e cu tion.

Pro cess ing Types

Many high-se cu rity sys tems con trol the pro cess ing of in for ma tion as signed to var i ous se cu rity lev els, such as the clas si fi ca tion lev els of un clas si fied, sen si tive, con fi den tial, se cret, and top se cret that the U.S. gov ern ment as signs to in for ma tion re lated to na tional de fense. Com put ers must be de signed so that they do not—ide ally, so that they can not—in ad ver tently dis close in for ma tion to unau tho rized re cip i ents.

238

Com puter ar chi tects and se cu rity pol icy ad min is tra tors have ad dressed this prob lem at the pro ces sor level in two dif fer ent ways. One is through a pol icy mech a nism, whereas the other is through a hard ware so lu tion. The fol low ing list ex plores each of those op tions:

Sin gle State Sin gle-state sys tems re quire the use of pol icy mech a nisms to man age in for ma tion at dif fer ent lev els. In this type of ar range ment, se cu rity ad min is tra tors ap prove a pro ces sor and sys tem to han dle only one se cu rity level at a time. For ex am ple, a sys tem might be la beled to han dle only se cret in for ma tion. All users of that sys tem must then be ap proved to han dle in for ma tion at the se cret level. This shifts the bur den of pro tect ing the in for ma tion be ing pro cessed on a sys tem away from the hard ware and op er at ing sys tem and onto the ad min is tra tors who con trol ac cess to the sys tem.

Mul ti state Mul ti state sys tems are ca pa ble of im ple ment ing a much higher level of se cu rity. These sys tems are cer ti fied to han dle mul ti ple se cu rity lev els si mul ta ne ously by us ing spe cial ized se cu rity mech a nisms such as those de scribed in the next sec tion, “Pro tec tion Mech a nisms.” These mech a nisms are de signed to pre vent in for ma tion from cross ing be tween se cu rity lev els. One user might be us ing a mul ti state sys tem to process se cret in for ma tion, while an other user is pro cess ing top-se cret in for ma tion at the same time. Tech ni cal mech a nisms pre vent in for ma tion from cross ing be tween the two users and thereby cross ing be tween se cu rity lev els.

In ac tual prac tice, mul ti state sys tems are rel a tively un com mon ow ing to the ex pense of im ple ment ing the nec es sary tech ni cal mech a nisms. This ex pense is some times jus ti fied; how ever, when you’re deal ing with a very ex pen sive re source, such as a mas sively par al lel sys tem, the cost of ob tain ing mul ti ple sys tems far ex ceeds the cost of im ple ment ing the ad di tional se cu rity con trols nec es sary to en able mul ti state op er a tion on a sin gle such sys tem.

Pro tec tion Mech a nisms

If a com puter isn’t run ning, it’s an in ert lump of plas tic, sil i con, and metal do ing noth ing. When a com puter is run ning, it op er ates a run time en vi ron ment that rep re sents the com bi na tion of the op er at ing sys tem and what ever ap pli ca tions may be ac tive. When run ning, the com puter also has the ca pa bil ity to ac cess files and other data as the user’s se cu rity per mis sions al low. Within that run time en vi ron ment, it’s nec es sary to in te grate se cu rity in for ma tion and con trols to pro tect the in tegrity of the op er at ing sys tem it self, to man age which users are al lowed to ac cess spe cific data items, to au tho rize or deny op er a tions re quested against such data, and so forth. The ways in which run ning com put ers im ple ment and han dle se cu rity at run time may be broadly de scribed as a col lec tion of pro tec tion mech a nisms. What fol lows are de scrip tions of var i ous pro tec tion mech a nisms such as pro tec tion rings, op er a tional states, and se cu rity modes.

Be cause the ways in which com put ers im ple ment and use pro tec tion mech a nisms are so

im por tant to main tain ing and con trol ling se cu rity, you should un der stand how all three mech a nisms cov ered here—rings, op er a tional states, and se cu rity modes—are de fined and how they be have. Don’t be sur prised to see exam ques tions about specifics in all three ar eas be cause this is such im por tant stuff!

Pro tec tion Rings The ring pro tec tion scheme is an oldie but a goodie. It dates all the way back to work on the Mul tics op er at ing sys tem. This ex per i men tal op er at ing sys tem was de signed and built be tween 1963 and 1969 through the col lab o ra tion of Bell Labs, MIT, and Gen eral Elec tric. It saw com mer cial use in im ple men ta tions from Hon ey well. Mul tics has left two en dur ing lega cies in the com put ing world. First, it in spired the cre ation of a sim pler, less in tri cate op er at ing sys tem called Unix (a play on the word mul tics), and sec ond, it in tro duced the idea of pro tec tion rings to OS de sign.

From a se cu rity stand point, pro tec tion rings or ga nize code and com po nents in an op er at ing sys tem (as well as ap pli ca tions, util i ties, or other code that runs un der the op er at ing sys tem’s con trol) into con cen tric rings, as shown in Fig ure 9.1. The deeper in side the cir cle you go, the higher the priv i lege level as so ci ated with the code that oc cu pies a spe cific ring. Though the orig i nal Mul tics im ple men ta tion al lowed up to seven rings (num bered 0 through 6), most mod ern op er at ing sys tems use a four-ring model (num bered 0 through 3).

As the in ner most ring, 0 has the high est level of priv i lege and can ba si cally ac cess any re source, file, or mem ory lo ca tion. The part of an op er at ing sys tem that al ways re mains res i dent in mem ory (so that it can run on de mand at any time) is called the ker nel. It oc cu pies ring 0 and can pre empt code run ning at any other ring. The re main ing parts of the op er at ing sys tem—those that come and go as var i ous tasks are re quested, op er a tions per formed, pro cesses switched, and so forth—oc cupy ring 1. Ring 2 is also some what priv i leged in that it’s where I/O driv ers and sys tem util i ties re side; these are able to ac cess pe riph eral de vices, spe cial files, and so forth that ap pli ca tions and other pro grams can not them selves ac cess di rectly. Those ap pli ca tions and pro grams oc cupy the out er most ring, ring 3.

239

FIG URE 9.1 In the com monly used four-ring model, pro tec tion rings seg re gate the op er at ing sys tem into ker nel, com po nents, and driv ers in rings 0 through 2 and ap pli ca tions and pro grams run at ring 3.

The essence of the ring model lies in pri or ity, priv i lege, and mem ory seg men ta tion. Any process that wants to ex e cute must get in line (a pend ing process queue). The process as so ci ated with the low est ring num ber al ways runs be fore pro cesses as so ci ated with higher-num bered rings. Pro cesses in lower-num bered rings can ac cess more re sources and in ter act with the op er at ing sys tem more di rectly than those in higher-num bered rings. Those pro cesses that run in higher-num bered rings must gen er ally ask a han dler or a driver in a lower- num bered ring for ser vices they need; this is some times called a me di ated-ac cess model. In its strictest im ple men ta tion, each ring has its own as so ci ated mem ory seg ment. Thus, any re quest from a process in a higher-num bered ring for an ad dress in a lower-num bered ring must call on a helper process in the ring as so ci ated with that ad dress. In prac tice, many mod ern op er at ing sys tems break mem ory into only two seg ments: one for sys tem-level ac cess (rings 0 through 2), of ten called ker nel mode or priv i leged mode, and one for user-level pro grams and ap pli ca tions (ring 3), of ten called user mode.

From a se cu rity stand point, the ring model en ables an op er at ing sys tem to pro tect and in su late it self from users and ap pli ca tions. It also per mits the en force ment of strict bound aries be tween highly priv i leged op er at ing sys tem com po nents (such as the ker nel) and less priv i leged parts of the op er at ing sys tem (such as other parts of the op er at ing sys tem, plus driv ers and util i ties). Within this model, di rect ac cess to spe cific re sources is pos si ble only within cer tain rings; like wise, cer tain op er a tions (such as process switch ing, ter mi na tion, and sched ul ing) are al lowed only within cer tain rings.

The ring that a process oc cu pies de ter mines its ac cess level to sys tem re sources (and de ter mines what kinds of re sources it must re quest from pro cesses in lower-num bered, more priv i leged rings). Pro cesses may ac cess ob jects di rectly only if they re side within their own ring or within some ring out side its cur rent bound aries (in nu mer i cal terms, for ex am ple, this means a process at ring 1 can ac cess its own re sources di rectly, plus any as so ci ated with rings 2 and 3, but it can’t ac cess any re sources as so ci ated only with ring 0). The mech a nism whereby me di ated ac cess oc curs—that is, the driver or han dler re quest men tioned pre vi ously —is usu ally known as a sys tem call and usu ally in volves in vo ca tion of a spe cific sys tem or pro gram ming in ter face de signed to pass the re quest to an in ner ring for ser vice. Be fore any such re quest can be hon ored,

240

how ever, the called ring must check to make sure that the call ing process has the right cre den tials and au tho riza tion to ac cess the data and to per form the op er a tion(s) in volved in sat is fy ing the re quest.

Process States Also known as op er at ing states, process states are var i ous forms of ex e cu tion in which a process may run. Where the op er at ing sys tem is con cerned, it can be in one of two modes at any given mo ment: op er at ing in a priv i leged, all-ac cess mode known as su per vi sor state or op er at ing in what’s called the prob lem state as so ci ated with user mode, where priv i leges are low and all ac cess re quests must be checked against cre den tials for au tho riza tion be fore they are granted or de nied. The lat ter is called the prob lem state not be cause prob lems are guar an teed to oc cur but be cause the un priv i leged na ture of user ac cess means that prob lems can oc cur and the sys tem must take ap pro pri ate mea sures to pro tect se cu rity, in tegrity, and con fi den tial ity.

Pro cesses line up for ex e cu tion in an op er at ing sys tem in a pro cess ing queue, where they will be sched uled to run as a pro ces sor be comes avail able. Be cause many op er at ing sys tems al low pro cesses to con sume pro ces sor time only in fixed in cre ments or chunks, when a new process is cre ated, it en ters the pro cess ing queue for the first time; should a process con sume its en tire chunk of pro cess ing time (called a time slice) with out com plet ing, it re turns to the pro cess ing queue for an other time slice the next time its turn comes around. Also, the process sched uler usu ally se lects the high est-pri or ity process for ex e cu tion, so reach ing the front of the line doesn’t al ways guar an tee ac cess to the CPU (be cause a process may be pre empted at the last in stant by an other process with higher pri or ity).

Ac cord ing to whether a process is run ning, it can op er ate in one of sev eral states:

Ready In the ready state, a process is ready to re sume or be gin pro cess ing as soon as it is sched uled for ex e cu tion. If the CPU is avail able when the process reaches this state, it will tran si tion di rectly into the run ning state; oth er wise, it sits in the ready state un til its turn comes up. This means the process has all the mem ory and other re sources it needs to be gin ex e cut ing im me di ately.

Wait ing Wait ing can also be un der stood as “wait ing for a re source”—that is, the process is ready for con tin ued ex e cu tion but is wait ing for a de vice or ac cess re quest (an in ter rupt of some kind) to be ser viced be fore it can con tinue pro cess ing (for ex am ple, a data base ap pli ca tion that asks to read records from a file must wait for that file to be lo cated and opened and for the right set of records to be found). Some ref er ences la bel this state as a blocked state be cause the process could be said to be blocked from fur ther ex e cu tion un til an ex ter nal event oc curs.

The run ning state is also of ten called the prob lem state. How ever, don’t as so ciate the word

prob lem with an er ror. In stead, think of the prob lem state as you would think of a math prob lem be ing solved to ob tain the an swer. But keep in mind that it is called the prob lem state be cause it is pos si ble for prob lems or er rors to oc cur, just as you could do a math prob lem in cor rectly. The prob lem state is sep a rated from the su per vi sory state so that any er rors that might oc cur do not eas ily af fect the sta bil ity of the over all sys tem; they af fect only the process that ex pe ri enced the er ror.

Run ning The run ning process ex e cutes on the CPU and keeps go ing un til it fin ishes, its time slice ex pires, or it is blocked for some rea son (usu ally be cause it has gen er ated an in ter rupt for ac cess to a de vice or the net work and is wait ing for that in ter rupt to be ser viced). If the time slice ends and the process isn’t com pleted, it re turns to the ready state (and queue); if the process blocks while wait ing for a re source to be come avail able, it goes into the wait ing state (and queue).

Su per vi sory The su per vi sory state is used when the process must per form an ac tion that re quires priv i leges that are greater than the prob lem state’s set of priv i leges, in clud ing mod i fy ing sys tem con fig u ra tion, in stalling de vice driv ers, or mod i fy ing se cu rity set tings. Ba si cally, any func tion not oc cur ring in the user mode (ring 3) or prob lem state takes place in the su per vi sory mode.

Stopped When a process fin ishes or must be ter mi nated (be cause an er ror oc curs, a re quired re source is not avail able, or a re source re quest can’t be met), it goes into a stopped state. At this point, the op er at ing sys tem can re cover all mem ory and other re sources al lo cated to the process and re use them for other pro cesses as needed.

Fig ure 9.2 shows a di a gram of how these var i ous states re late to one an other. New pro cesses al ways tran si tion into the ready state. From there, ready pro cesses al ways tran si tion into the run ning state. While run ning, a process can tran si tion into the stopped state if it com pletes or is ter mi nated, re turn to the ready state for an other time slice, or tran si tion to the wait ing state un til its pend ing re source re quest is met. When the op er at ing sys tem de cides which process to run next, it checks the wait ing queue and the ready queue and takes the high est-pri or ity job that’s ready to run (so that only wait ing jobs whose pend ing re quests have been ser viced, or are ready to ser vice, are el i gi ble in this con sid er a tion). A spe cial part of the ker nel, called the pro gram ex ec u tive or the process sched uler, is al ways around (wait ing in mem ory) so that when a process state tran si tion must oc cur, it can step in and han dle the me chan ics in volved.

Are you struggling with this assignment?

Our team of qualified writers will write an original paper for you. Good grades guaranteed! Complete paper delivered straight to your email.

Place Order Now