Assignment 12, due Nov. 30

Part of the homework for 22C:112, Fall 2012
by Douglas W. Jones
THE UNIVERSITY OF IOWA Department of Computer Science

On every assignment, write your name legibly as it appears on your University ID and on the class list! Assignments are due at the start of class on the day indicated (usually Friday). Exceptions will be by advance arrangement unless there is what lawyers call "an act of God" (something outside your control). Homework must be turned in on paper, either in class or in the teaching assistant's mailbox. Never push late work under someone's door!

Background: In a paged memory virtual memory system, the page table is indexed by the page number field of the virtual address, and each page-table entry contains the location of a page (what page frame is it in) and the access rights for that page.
The Unix file model uses an open-file table indexed by file descriptor (a small integer), where each open-tile table entry contains a pointer to an open-file data structure and the user's access rights to that file.
The link table of a Demos task, indexed by link ID, holds links, where each link enables the task that holds it to send messages to some destination task and has associated rights such as the right to duplicate a link.
These are all examples of capability-based security models. The page table, the open file table, and the link table can all be considered to be capability lists.
a) What are the primitive operations on pages, open files, and links? (Exclude composite operations, where operation c is the same as operation a followed by operation b; these composites typically exist because of the high expense of kernel calls). (0.5 points)
b) What are the access rights typically applicable to pages, to open files, and to links? (0.5 points)
c) With reference to your answers to parts a) and b), is there any sense in which these systems are distinct from each other? That is, does one support operations on capabilities that are essentially different from the others in some way, or does one have a different relation between the sets of operations and the sets of rights than the other has? (0.5 points)
Background: In a system that uses access-control lists that include both entries for individual users and entries for sets of users (such as a wildcard entry for others or entries for groups of users), there are two obvious ways to search for a given user's rights:
- Linear search through the access-control list, stopping when the first entry is found that matches the user attempting to gain access. The rights in that entry are the rights for the user. The order of the entries in the access control list matters!
- Take the union of the rights in all of the entries that match the given user, and grant those to the user. The order of the access control list entries is irrelevant.
A question: Whis system does the rudimentary access-controlo-list mechanism of Unix use? The easiest way to do this is to use the chmod shell command to set the user, group and other rights on an example file created for the purpose of the experiment, and see what rights you end up with for the file. (0.5 points)
A question: Demos is an excellent example of an operating system with what is now sometimes described as a microkernel in order to distinguish it from the much larger kernel in systems like Unix or Linux. Which of the following commonplace kernel calls in Unix or Linux correspond to single kernel calls in a system such as Demos, which would be implemented by Demos server processes instead of the kernel, and which would be impossible to support in a Demos system:
1. fork()
2. execve()
3. exit()
4. read()
5. write()
6. close()
7. mmap()
8. mount()
9. signal()
10. sigaction()
Hint: Feel free to use man 2 command to get the definitions of any Unix kernel commands you might not previously have encountered. (1.0 point)