Prev Next

Archive for 2010

A Post Without Image

Multiprogramming and Time-sharing Security Issues



            As we define multiprogramming and time-sharing system individually it results to: Multiprogramming is a rudimentary form of parallel processing in which several programs are run at the same time on a uniprocessor. Since there is only one processor, it can’t be true that there is a simultaneous execution of different programs, but instead the operating system executes part of one program then part of another and so on. That’s why it appears to the user that all programs are executing at the same time. 
            On other hand, time-sharing system is an interactive (or hands-on) computer system that provides direct communication between the user and the system. It allows many users to share the computer simultaneously. Since each action or command in a time-shared system tends to be short, only a little CPU time is needed for each user.
            So, in a multiprogramming and time-sharing environment, several users share the system simultaneously. This situation can result in various security problems. Two of these problems are: 

Copying or Stealing one’s programs or data 

         Today, everyone depend their daily task mostly on computers. They do research; accounting; programs; create, print, delete , and search files; spend their leisure time through gaming and other activities that make computers the major requirements to attain these. In this case, in a multiprogramming and time-sharing environment where several users share the system simultaneously, there will be no assurance that each files, programs and data of each user will have the privacy or be restricted to other users especially when the user does not know how to make his files unexposed to other user. Two good examples of this situation are: when using Team Viewer or the built-in Remote Desktop Service (formerly Terminal Service). Both of them are used in the same way but differ on how they will execute. For instance the Remote Desktop Service, you can specify how many users can connect to your computer and also you can specify their limitations. Then when the user is now connected to your computer, he has the freedom on whatever he will do to your computer, whether he will create, delete or search for files. And worst, can copy and steal confidential information and data and transfer it to his computer. It is an illegal transfer of electronic data. This is possible because in a multiprogramming and time-sharing environment, you can run programs at the same time while doing a specific task. In general speaking, it is a multi-tasking activity. 

Using system resources (CPU, memory, disk space, peripherals) with improper accounting 

                When there are several users using the system simultaneously, it cannot be guaranteed that there will be a specific amount of space or limitations in using system resources. As the time goes by, each user occupies a number of bytes of memory and disk space, and an amount of programs process by the CPU and the amount of time that peripherals are being use. And as the time increases, the system resources will proportionally increase their capability and production. In this case, a great possibility that there will be a shortage in memory and disk  space most especially when it is not use with proper accounting or allocation. When this happens, all users sharing and connected to the system will now be interrupted and worst it will make their programs crashed and their paper works and the likes will not be save. But then there are solutions to ease this scenario. A good example is through virtualization which can make hosting of multiple virtualized environments within a single OS instance possible (VMware software is an example). 

      Now after the two problems discussed, can we ensure the same degree of security in a time-share machine as we have in a dedicated machine? 

      Probably not, why? We cannot ensure the same degree of security in a time-share machine as we have in a dedicated machine because time-share machine allows programs to run at the same time and allows many users to use it simultaneously. In this case, the degree of security is less compared to the security in a dedicated machine. Time-share machine has many programs to execute with and its focus has been divided to the numbers of programs as well as to the number of users using it. On the other hand, dedicated machine focuses for a specific task and programs to be executed and for this, this machine has the higher control compared to time-share in implementing policies regarding users’ accessibility and control to implement the degree of security. In general, any protection scheme devised by humans are expected to be broken also by humans, and as the more complex the scheme is, the more difficult to correct its implementation.

       


       


      A Post Without Image

      How Hand Held Computers Work?

       

      As technology exists and changes, we cannot deny the fact that high technology dominates our life. Why? Simple! Technology makes our daily tasks more convenient, faster and efficient for a short period of time. Products of technology vary according to its specific application and efficiency. One of these products is hand held computer. Hand held computer is a portable computer that is small enough to be held in one’s hand. It is a hardware designed for PDA (Personal Digital Assistant) devices running Windows CE. But how hand held computers work for a doctor (general practitioner) and a manager in a supermarket?


      A Doctor (General Practitioner)

                  A general practitioner is a medical doctor who provides comprehensive general care to patients, rather than focusing on a specific organ system, family of conditions, or type or medical issue. Also, known as family doctors who often a patient’s main doctor. They perform yearly check-ups, treat a variety of conditions and refer patients to specialists. With this coherent propositions, hand held computers should be their vital asset and equipment. But how?
                  
               The patients’ safety is the most important issue on healthcare and medicine. Some research reported that 44,000-94000 deaths occur annually due to medical errors. The two major reasons for these errors are either lack of information about the patient or lack of knowledge about the medication or therapy. And for this matter, hand-held computers become popular as point of care reference tools. Its convergence as well as the internet and wireless networks will enable to assume more essential roles as mobile transmitters and receivers of digital medical information. With enhanced wireless connectivity, hand-held computers can be used at the point of patient care for charge capture, electronic prescribing, laboratory test ordering, laboratory result retrieval, web-access, e-mail communication and other clinical and administrative tasks. Hand-held computers help general practitioners to concentrate more on patient care and referrals for the patients to a designated specialist according to the patients’ condition, by minimizing the time spent on accessing, retrieving, and recording of clinical data. Also it can help in electronic prescribing by providing clinical decision support at the point-of-care. There are researches that signify the application’s vitality of hand-held computers not only for general practitioners but in the world of medicine contribute to efficiency and safety of each patient. Also, the accessibility of medical records, data, and other administrative and medical information through hand-held computers improve the patients’ safety and quality of care.

      A Manager in a Supermarket


                 A manager is a person tasked with overseeing one or more employees or departments to ensure these employees or departments carry out assigned duties as required. While a supermarket is a store that sells a wide variety of goods including food and alcohol, medicine, clothes, and other household products that are consumed regularly. So how can hand-held computers help the manager to efficiently manage a supermarket that sells a wide variety of foods and other basic needs?
                  Hand-held computer makes the work of a supermarket manager effective for a short period of time. It gives the manager an automatic track of all inventories that the supermarket has. Hand-held computer has been used as part of the checkout process, and hold information on what supplies are present in shelves, warehouse and what the company’s required inventory numbers are. Also it can help the manger to predict shortages and automatically order new inventory when necessary. In regards with marketing, it helps the manager to create better marketing plans through analyzing sales data. And for this, it will give the manager an idea on what is selling well, and organize the supermarket so these popular products are easier to find and are connected with promotions. An example of hand-held computer used in a supermarket is  SEC (Shelf Edge Computers) which are used for price changes, stock pictures (information on stock totals) and for forecasting deliveries.



      A Post Without Image

      Categories of Operating System


                  An operating system, or OS, is a software program that enables the computer hardware to communicate and operate with the computer software. Without a computer operating system, a computer would be useless. As computers have progressed and developed so have the types of operating systems. Below is a basic list of the different types of operating systems and a few examples of operating systems that fall into each of the categories. Many computer operating systems will fall into more than one of the below categories. 




      BATCH SYSTEM

      TORQUE Resource Manager 
      (Terascale Open-Source Resource and QUEue)

      An open-source distributed resource manager providing control over batch jobs and distributed compute nodes. It is a community effort based on the original PBS project and, with more than 1,200 patches, has incorporated significant advances in the areas of scalability, fault tolerance, and feature extensions contributed by NCSA, OSC, USC, the US DOE, Sandia, PNNL, UB, TeraGrid,  and many other leading edge HPC organizations. TORQUE can integrate with the open source Maui Cluster Scheduler or the commercial Moab Workload Manager to improve overall utilization, scheduling and administration on a cluster.

      TORQUE provides enhancements over standard OpenPBS in the following areas: 
      Fault Tolerance 
                --} Additional failure conditions checked/handled
                --} Node health check script support

      Scheduling Interface
                --} Extended query interface providing the scheduler with additional and more accurate
                      information
                --} Extended control interface allowing the scheduler increased control over job behavior
                      and attributes
                --} Allows the collection of statistics for completed jobs

      Scalability
                --} Significantly improved server to MOM communication model
                --} Ability to handle larger clusters (over 15 TF/2,500 processors)
                --} Ability to handle larger jobs (over 2000 processors)  
                --} Ability to support larger server messages 

      Usability
                --} Extensive logging additions 
                --} More human readable logging (i.e. no more 'error 15038 on command 42')

      It benefits are initiate and manage serial and parallel batch jobs remotely (create, route, execute, modify and/or delete jobs); define and implement resource policies that determine how much of each resource can be used by a job; apply jobs to resources across multiple servers to accelerate job completion time; and collects information about the nodes within the cluster to determine which are in use and which are available.


      INTERACTIVE SYSTEM

      Windows XP Professional



      An Automatic Teller Machine is a good example of a form-based program where users are given a tightly controlled set of possible actions. Data entry systems are frequently form-or dialog-oriented systems offering the user a limited set of choices but greatly relieving the memory demands of the earlier command line systems. Typical platforms previously used in ATM development include RMX or OS/2. Today the vast majority of ATMs worldwide use a Microsoft OS, primarily Windows XP Professional.



      Windows XP Professional is designed for business and power-users. Also, a number of features unavailable in the Home Edition, including:


                --} Ability to become part of a Windows Server domain; 
                --} Sophisticated access control scheme; 
                --} Remote desktop server, allowing the PC to be operated by another Windows CP user \
                     over a Local Area Network (LAN) or Internet; 
                --} Offline files and folders; encrypting file system;
                --} Centralized administration features, including Group Policies, Automatic Software 
                      Installation and Maintenance, Roaming User Profiles, and Remote Installation Service
                      (RIS);  
                --} Internet Information Services (IIS), Microsoft's HTTP and FTP Server; support for two 
                      physical central processing units (CPU), (Because the number of CPU cores and
                      Hyper-threading capabilities on modern CPUs are considered to be part of a single
                      physical processor, multicore CPUs are supported using XP Home Edition.); 
                --} Windows Management Instrumentation Console (WMIC): WMIC is a command-line 
                      tool designed to ease WMI information retrieval about a system by using simple 
                      keywords (aliases).   

      REAL-TIME SYSTEM

      pSOS (plug-in Silicon Operating System)

      A real-time operating system created in about 1982 by Alfred Chao. It had been develop and market for the first part of its life by his company Software Components Group. pSOS is a popular real-time operating system that is being primarily used in embedded applications. It is available from the Wind River Systems, a large player in the real-time operating system arena. pSOS is being used in several commercial embedded products. An example of its application is in the base stations of the cellular systems. pSOS rapidly became the RTOS of choice for all embedded systems based on Motorola 68000 family architecture, because it was written in 68000 assembler and was highly optimized from the start. Also modularized with early support for OS-aware debugging, plug-in device drivers, TCP/IP stacks, language libraries and disk subsystems.  Then came the source-level debugging, multi-processor support and further networking extensions.

      pSOS consists of 32 priority levels. In minimal configuration, the footprint of the operating system is only 12Kbytes. For sharing critical resources among real-time tasks, it supports priority inheritance and priority ceiling protocols. It support segmented memory management. It allocates tasks to memory regions. A memory region is a physically contiguous block of memory. A memory region is created by the operating system in response to a call from an application.  Most modern operating systems, the control jumps to the kernel when an interrupt occurs. pSOS takes a different approach. The device drivers are outside the kernel and can be loaded and removed at the run time. When an interrupt occurs, the processor jumps directly to the ISR (interrupt service routine) pointed to by the vector table. The intension is not only to gain speed, but also to give the application developer complete control over interrupt handling. 


      HYBRID SYSTEM

      WINDOWS SERVER 2008

      One of Microsoft Windows' server line of operating systems , successor to Windows Server 2003 that was release to manufacturing on February 4, 2008, and officially released on February 27, 2008. Then  Windows Server 2008 R2, was released to manufacturing on July 22, 2009. Like Windows Vista andWindows 7, Windows Server 2008 is built on Windows NT 6.x. 





      Powered by  Microsoft NT kernel (best known example of a hybrid kernel), Windows Server 2008 is built from the same code base as Windows Vista; therefore, it shares much of the same architecture and functionality. Since the code base is common, it automatically comes with most of the technical, security, management and administrative features new to Windows Vista such as the rewritten networking stack (native IPv6, native wireless, speed and security improvements); improved image-based installation, deployment and recovery; improved diagnostics, monitoring, event logging and reporting tools; new security features such as BitLocker and ASLR; improved Windows Firewall with secure default configuration; .NET Framework 3.0 technologies, specifically Windows Communication Foundation,Microsoft Message Queuing and Windows Workflow Foundation; and the core kernel, memory and file system improvements. Processors and memory devices are modeled as Plug and Play devices, to allow hot-plugging of these devices. This allows the system resources to be partitioned dynamically using Dynamic Hardware Partitioning; each partition has its own memory, processor and I/O host bridge devices independent of other partitions. Server 2008 includes a variation of features including:  


                --} Server Core (significantly scaled-back installation where no Windows Explorer shell 
                     is installed)
                --} Active Directory roles (expanded with identity, certificate, and rights management 
                     services)
                --} Failover Clustering (through this Windows Server 2008 offers high-availability to 
                     services and applications)
                --} Self-healing NTFS (ocalized fix-up of damaged data structures without locking out the 
                     entire volume and needing the server to be taken down)
                --} Hyper-V (a hypervisor-based virtualization system, forming a core part of 
                     Microsoft's virtualization strategy)
                --} Windows System Resource Manager (provides resource management and 
                     can be used to control the amount of resources a process or a user can use based on 
                     business priorities)
                --} Server Manager (a combination of Manage Your Server and Security 
                     Configuration Wizard from Windows Server 2003)
                --} Core OS improvements (Fully multi-componentized operating system)
                --} Active Directory improvements (A new "Read-Only Domain Controller" operation 
                     mode in Active Directory)
               --} Policy related improvements (improved branch management and enhanced end 
                    user collaboration)
               --} Disk management and file storage improvements (ability to resize hard disk partitions 
                    without stopping the server, even the system partition) 
               --} Protocol and cryptography improvements (Support for 128- and 256-bit AES encryption 
                    for the Kerberos authentication protocol)  


      EMBEDDED SYSTEM 


      Cisco IOS (Internetwork Operating System)

      Software used on vast majority of Cisco Systems routers and current Cisco network switches. (Note that earlier switches ran CatOS). IOS is a package of routing, switching, internetworking and telecommunications functions tightly integrated with a multitasking operating system. In all versions of Cisco IOS, packet routing and forwarding (switching) are distinct functions. Routing and other protocols run as Cisco IOS processes and contribute to the Routing Information Base (RIB). This is processed to generate the final IP forwarding table (FIB, Forwarding Information Base), which is used by the forwarding function of the router. On router platforms with software-only forwarding (e.g., Cisco 7200) most traffic handling, including access control list filtering and forwarding, is done at interrupt level using Cisco Express Forwarding (CEF) or dCEF (Distributed CEF). This means IOS does not have to do a process context switch to forward a packet. Routing functions such as OSPF or BGP run at the process level. In routers with hardware-based forwarding, such as the Cisco 12000 series, IOS computes the FIB in software and loads it into the forwarding hardware (such as an ASIC or network processor), which performs the actual packet forwarding function.

      Cisco IOS has a characteristic of command line interface (CLI), whose style has been widely copied by other networking products. IOS CLI provides a fixed set of multiple-word commands — the set available is determined by the "mode" and the privilege level of the current user. "Global configuration mode" provides commands to change the system's configuration, and "interface configuration mode" provides commands to change the configuration of a specific interface. All commands are assigned a privilege level, from 0 to 15, and can only be accessed by users with the necessary privilege. Through the CLI, the commands available to each privilege level can be defined. Most Cisco products that run IOS also have one or more "feature sets" or "packages", typically eight packages for Cisco routers and five packages for Cisco network switches. Each individual package corresponds to one service category: IP data; converged voice and data; security and VPN (Virtual Private Network). Beginning with the 1900, 2900 and 3900 series of ISR Routers, Cisco have revised the licensing model of IOS. Routers come with IP Base installed, and additional feature pack licenses can be installed as bolt-on additions to expand the feature set of the device. The available feature packs are:


                --} Data adds features like BFD, IP SLAs, IPX, L2TPv3, Mobile IP, MPLS.
                --} Security adds features like VPN, Firewall, IP SLAs, NAC.
                --} Unified Comms adds features like CallManager Express, Gatekeeper, H.323, 
                    IP SLAs, MGCP, SIP, VoIP.