Home Random Page


CATEGORIES:

BiologyChemistryConstructionCultureEcologyEconomyElectronicsFinanceGeographyHistoryInformaticsLawMathematicsMechanicsMedicineOtherPedagogyPhilosophyPhysicsPolicyPsychologySociologySportTourism






After text activity

V. Reading Exercises:

Exercise 1.Read and memorize using a dictionary:

Insight, multiuser system, access control list system, to handle the situation, to extend, superficially explored, arbitrary, to acquire information, emphasis, indirect, partition, mutually, uniformity, to demand, authority check

 

Exercise 2.Answer the questions:

1) What does a multiuser system do?

2) What does a model of protected subsystems allow?

3) What is information divided into?

4) What are the fundamental objects to be protected?

5) How authority check is usually implemented?

 

Exercise 4.Match the left part with the right:

1 Our first model is of a multiuser a) be lowered in a controlled way to allow limited sharing of information between users.
2. We shall then see how the logically perfect walls of that system can   b) system that completely isolates its users from one another.
3. Section II of this paper generalizes the mechanics of   c) dynamic situation in which authorizations can change under control of the programs running inside the system.
4. It then extends these two models to handle the d) sharing using two different models: the capability system and the access control list system.

 

THE SPEAKING MODULE

II. Speaking Exercises:

Exercise 1.Define the terms using the suggested words and expressionsas in example:

Information science Database management system Operating system CPU
discipline, deals with, processes, storing, transferring, information system quick search retrieval information from database software, keeps track, files, controls, processing computer programs principal, component, composed control unit, instruction-decoding unit, arithmetic-logic unit

 

EXAMPLE: Information science is a discipline that deals with the processes of storing and transferring information.

 

Exercise 2.Ask questions to the given answers:

1)Question: ___________________________________________ ?

Answer: Conceptually, then, it is necessary to build an impenetrable wall around each distinct object that warrants separate protection, construct a door in the wall through which access can be obtained, and post a guard at the door to control its use.

 

 

2) Question: ___________________________________________ ?

Answer: Control of use, however, requires that the guard have some way of knowing which users are authorized to have access, and that each user have some reliable way of identifying himself to the guard.

 

3)Question: ___________________________________________ ?

Answer: Both protection and authentication mechanisms can be viewed in terms of this general model.

 

 

THE WRITING MODULE

 

Writing exercises:

Exercise 1.Fill in the gaps with the suggested words:

Real, protection, concepts, ways, begin, approach

At this point we _____a development of the technical basis of information________ in modern computer systems. There are two____ to approach the subject: from the top down, emphasizing the abstract _______involved, or from the bottom up, identifying insights by, studying example systems. We shall follow the bottom-up____, introducing a series of models of systems as they are, (or could be) built in_____ life.

 

Exercise 2. Compose a story on one of the topics (up to 100 words):

1) The Essentials of Information Protection

2) Technical basis of information protection in modern computer systems

 

Lesson 6

The Reading Module

Read the text:

 

Before extending this model, we pause to consider two concrete examples, the multiplexing of a single computer system among several users and the authentication of a user's claimed identity. These initial examples are complete isolation systems--no sharing of information can happen. Later we will extend our model of guards and walls in the discussion of shared information.

3) An Isolated Virtual Machine: A typical computer consists of a processor, a linearly addressed memory system, and some collection of input/output devices associated with the processor. It is relatively easy to use a single computer to simulate several, each of which is completely unaware of the existence of the others, except that each runs more slowly than usual. Such a simulation is of interest, since during the intervals when one of the simulated (commonly called virtual) processors is waiting for an input or output operation to finish, another virtual processor may be able to progress at its normal rate. Thus a single processor may be able to take the place of several. Such a scheme is the essence of a multiprogramming system.

To allow each virtual processor to be unaware of the existence of the others, it is essential that some isolation mechanism be provided. One such mechanism is a special hardware register called a descriptor register, as in Fig. 1. In this figure, all memory references by the processor are checked by an extra piece of hardware that is interposed in the path to the memory. The descriptor register controls exactly which part of memory is accessible. The descriptor register contains two components: a base value and a bound value. The base is the lowest numbered address the program may use, and the bound is the number of locations beyond the base that may be used.11 We will call the value in the descriptor register a descriptor, as it describes an object (in this case, one program) stored in memory. The program controlling the processor has full access to everything in the base-bound range, by virtue of possession of its one descriptor. As we go on, we shall embellish the concept of a descriptor: it is central to most implementations of protection and of sharing of information.12

So far, we have not provided for the dynamics of a complete protection scheme: we have not discussed who loads the descriptor register. If any running program could load it with any arbitrary value, there would be no protection. The instruction that loads the descriptor register with a new descriptor must have some special controls--either on the values it will load or on who may use it. It is easier to control who may use the descriptor, and a common scheme is to introduce an additional bit in the processor state. This bit is called the privileged state bit.13 All attempts to load the descriptor register are checked against the value of the privileged state bit; the privileged state bit must be ON for the register to be changed. One program (named the supervisor--program S in Fig. 1) runs with the privileged state bit ON, and controls the simulation of the virtual processors for the other programs. All that is needed to make the scheme complete is to ensure that the privileged state bit cannot be changed by the user programs except, perhaps, by an instruction that simultaneously transfers control to the supervisor program at a planned entry location. (In most implementations, the descriptor register is not used in the privileged state.)

 

Date: 2016-01-03; view: 1031

<== previous page | next page ==>
After text activity | After text activity
doclecture.net - lectures - 2014-2024 year. Copyright infringement or personal data (0.007 sec.)