Homework 6

22C:116, Fall 2000

Due Friday Sep 29, 2000, in class

Douglas W. Jones

  1. Background: Dreadco, the Dedalus Research and Development Company, has an operating systems group that is involved in two top-secret projects, one for the United States Army and one for the Iraqi Airforce, as well as the DreadcOS operating system development project, an internal project that must not be disclosed to any outsider.

    Dr. Alice Fisher is the department head; she has unlimited access to the departmental payroll and personnel records, unlimited access to DreadcOS, but no access to technical information about the Army or Iraqui projects. Alice Fisher directly supervises Ken Liu, who does most of the programming for DreadcOS. Dr Fisher also supervises Maria Santos, the department secretary. Maria has no access to technical information but handles the all administrative functions.

    Steve Price is the lead worker on the Army project and is in charge of major parts of DreadcOS. He supervises Jim Svenson, who works on the Army project.

    Aaron Halevi is the lead worker on the Iraqi project and is was the first to propose the development of DreadcOS. He supervises V. Patil and Mehmet Babaoglu who are working on the Iraqui project.

    Part a: Draw out the access matrix for Dreadco's resources, resource users, and access rights, to the extent they are documented in the above description.

    Part b: Give the capability lists that the describe your soultion to part a.

    Part c: Give the access control lists that the describe your soultion to part a.

  2. Background: Consider the DEC PDP-8 computer, one of the simplest computers ever sold that had an memory management unit able to offer any degree of security. The web reference given above is for your curiosity only. The following description is sufficient.

    On this machine, the MMU allows a running program to access any two fields of memory, one designated IF, the current instruction field, and the other designated DF, the current data field. Pointers 1 word long can point to any item in a single field; pointers to data objects are always interpreted in terms of the current data field. The instructions for changing IF and DF are privileged, as are all I/O instructions. The U bit, which is part of the system state, determines whether it is legal to execute a privileged instruction. An attempt to execute a privileged instruction when in user state (U=1) causes a trap. Physical memory consists of from 1 to 8 fields of memory. Field zero is dedicated entirely to the system. Traps reset U. The instruction sequence to return from trap may set U, if needed.

    Part a: Suppose our operating system runs user programs in user state. Functions in a user program that call other functions in the same program use the normal JSR instruction for the control transfer. How can a user program call a system function?

    Part b: User programs can easily pass two parameters to a function, one in the AC register and one in the MQ register. What if a user program needs to call a system function, passing a pointer to a buffer in it's data field to a system function. How can the system code access the buffer?

  3. Background: We want to build a PDP-8 operating system with the following memory model: Each user process may access up to 64 fields (but only 2 at a time). The system function far_jump(a,f) transfers control to address a in field f, so that field f becomes the instruction field, where f is any one of the 64 fields available to that process. The current data field is unchanged. If we can implement this, we can go on to implement the far_call(a,f) and change_data(f) system calls. Assume fields not currently in main memory are stored on disk, and assume the PDP-8 memory management details outlined in the previous problem.

    Part a: Outline the implementation of far_jump(a,f).

    Part b: Is this system based on capability lists, access control lists, or something else. Justify your answer!