Presentation is loading. Please wait.

Presentation is loading. Please wait.

File Systems Security File Systems Implementation.

Published byGeorge Shaw Modified over 8 years ago

Similar presentations

Presentation on theme: "File Systems Security File Systems Implementation."— Presentation transcript:

1 File Systems Security File Systems Implementation

2 2 File Protection File owner/creator should be able to control: –what can be done –by whom Types of access –Read –Write –Execute –Append –Delete –List

3 3 Categories of Users Individual user –Log in establishes a user-id –Might be just local on the computer or could be through interaction with a network service Groups to which the user belongs –For example, “ken” is in “csfaculty” –Again could just be automatic or could involve talking to a service that might assign, say, a temporary cryptographic key

4 4 Linux Access Rights Mode of access: read, write, execute Three classes of usersRWX a) owner access 7  1 1 1 RWX b) group access 6  1 1 0 RWX c) public access1  0 0 1 For a particular file (say game) or subdirectory, define an appropriate access. ownergrouppublic chmod761game

5 5 Issues with Linux Just a single owner, a single group and the public –Pro: Compact enough to fit in just a few bytes –Con: Not very expressive Access Control List: This is a per-file list that tells who can access that file –Pro: Highly expressive –Con: Harder to represent in a compact way

6 6 XP ACLs

7 7 Security and Remote File Systems Recall that we can “mount” a file system –Local: File systems on multiple disks/volumes –Remote: A means of accessing a file system on some other machine Local stub translates file system operations into messages, which it sends to a remote machine Over there, a service receives the message and does the operation, sends back the result Makes a remote file system look “local”

8 8 Unix Remote File System Security Since early days of Unix, NFS has had two modes –Secure mode: user, group-id’s authenticated each time you boot from a network service that hands out temporary keys –Insecure mode: trusts your computer to be truthful about user and group ids Most NFS systems run in insecure mode! –Because of US restrictions on exporting cryptographic code…

9 9 Spoofing Question: what stops you from “spoofing” by building NFS packets of your own that lie about id? Answer? –In insecure mode… nothing! –In fact people have written this kind of code –Many NFS systems are wide open to this form of attack, often only the firewall protects them

10 10 File System Implementation Change of topic… –How exactly are file systems implemented? –Comes down to: how do we represent Volumes Directories (link file names to file “structure”) The list of blocks containing the data Other information such as access control list or permissions, owner, time of access, etc? –And, can we be smart about layout?

11 11 File Control Block FCB has all the information about the file –Linix systems call these i-node structures

12 12 Files Open and Read

13 13 File System Layout File System is stored on disks –Disk is divided into 1 or more partitions –Sector 0 of disk called Master Boot Record –End of MBR has partition table (start & end address of partitions) First block of each partition has boot block –Loaded by MBR and executed on boot

14 14 Implementing Files Contiguous Allocation: allocate files contiguously on disk

15 15 Contiguous Allocation Pros: –Simple: state required per file is start block and size –Performance: entire file can be read with one seek Cons: –Fragmentation: external is bigger problem –Usability: user needs to know size of file Used in CDROMs, DVDs

16 16 Linked List Allocation Each file is stored as linked list of blocks –First word of each block points to next block –Rest of disk block is file data

17 17 Linked List Allocation Pros: –No space lost to external fragmentation –Disk only needs to maintain first block of each file Cons: –Random access is costly –Data stored in blocks is no longer a power of 2

18 18 Using an in-memory table Implement a linked list allocation using a table –Called File Allocation Table (FAT) –Take pointer away from blocks, store in this table

19 19 FAT Discussion Pros: –Entire block is available for data –Random access is faster since entire FAT is in memory Cons: –Entire FAT should be in memory For 20 GB disk, 1 KB block size, FAT has 20 million entries If 4 bytes used per entry  80 MB of main memory required for FS

20 20 I-nodes Index-node (I-node) is a per-file data structure –Lists attributes and disk addresses of file’s blocks –Pros: Space (max open files * size per I-node) –Cons: what if file expands beyond I-node address space?

21 21 Implementing Directories When a file is opened, OS uses path name to find dir –Directory has information about the file’s disk blocks Whole file (contiguous), first block (linked-list) or I-node –Directory also has attributes of each file Directory: map ASCII file name to file attributes & location 2 options: entries have all attributes, or point to file I-node

22 22 Implementing Directories What if files have large, variable-length names? Solution: –Limit file name length, say 255 chars, and use previous scheme Pros: Simple Cons: wastes space –Directory entry comprises fixed and variable portion Fixed part starts with entry size, followed by attributes Variable part has the file name Pros: saves space Cons: holes on removal, page fault on file read, word boundaries –Directory entries are fixed in length, pointer to file name in heap Pros: easy removal, no space wasted for word boundaries Cons: manage heap, page faults on file names

23 23 Managing file names: Example

24 24 Directory Search Simple Linear search can be slow Alternatives: –Use a per-directory hash table Could use hash of file name to store entry for file Pros: faster lookup Cons: More complex management –Caching: cache the most recent searches Look in cache before searching FS

25 25 Shared Files If B wants to share a file owned by C –One Solution: copy disk addresses in B’s directory entry –Problem: modification by one not reflected in other user’s view

26 26 Sharing Files: Solutions 2 approaches: –Use i-nodes to store file information in directories Cons: What happens if owner deletes file? –Symbolic links: B links to C’s file by creating a file in its directory The new Link file contains path name of file being linked Cons: read overhead

27 27 Disk Space Management Files stored as fixed-size blocks What is a good block size? (sector, track, cylinder?) –If 131,072 bytes/track, rotation time 8.33 ms, seek time 10 ms –To read k bytes block: 10+ 4.165 + (k/131072)*8.33 ms –Median file size: 2 KB Block size

28 28 Managing Free Disk Space 2 approaches to keep track of free disk blocks –Linked list and bitmap approach

29 29 Tracking free space Storing free blocks in a Linked List –Only one block need to be kept in memory –Bad scenario: Solution (c) Storing bitmaps –Lesser storage in most cases –Allocated disk blocks are closer to each other

Download ppt "File Systems Security File Systems Implementation."

Similar presentations

Chapter 12: File System Implementation

Chapter 12: File System Implementation
File Management.

File Management.
FILE SYSTEM IMPLEMENTATION

FILE SYSTEM IMPLEMENTATION
File Systems.

File Systems.
Part IV: Memory Management

Part IV: Memory Management
Chapter 4 : File Systems What is a file system?

Chapter 4 : File Systems What is a file system?
File Management.

File Management.
File Systems.

File Systems.
File Systems Examples.

File Systems Examples.
Chapter 10: File-System Interface

Chapter 10: File-System Interface
1 Chapter 11: File-System Interface  File Concept  Access Methods  Directory Structure  File System Mounting  File Sharing  Protection  Chapter.

1 Chapter 11: File-System Interface  File Concept  Access Methods  Directory Structure  File System Mounting  File Sharing  Protection  Chapter.
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 File-System Interface.

Dr. Kalpakis CMSC 421, Operating Systems. Fall File-System Interface.
04/02/2004CSCI 315 Operating Systems Design1 File System Interface.

04/02/2004CSCI 315 Operating Systems Design1 File System Interface.
File System Implementation Issues

File System Implementation Issues
Ken Birman. Storing Information We often need to store information Sometimes, the stored form has a life its own Pictures of your friends, videos, songs.

Ken Birman. Storing Information We often need to store information Sometimes, the stored form has a life its own Pictures of your friends, videos, songs.
Operating Systems File Systems CNS 3060.

Operating Systems File Systems CNS 3060.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 10: File-System Interface.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 10: File-System Interface.
File System Implementation

File System Implementation
File System Implementation: beyond the user’s view A possible file system layout on a disk.

File System Implementation: beyond the user’s view A possible file system layout on a disk.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition File-System Interface.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition File-System Interface.

Similar presentations

Ads by Google