Jawab :
a) Portable Operating System Interface for Unix – IEEE standard for
system interface Standardization process began circa 1985 –
necessary for system interoperability atau diperlukan untuk
interoperabilitas sistem
b) The purpose of the standard error stream is to separate error
messages from regular output. This is important in contexts such as
shell scripts, where the standard output might be sent to a pipe or to
a file. That redirection leaves standard error still going to a different
place — usually the terminal.
c) Karena process groups adalah kumpulan proses terkait, seperti shell
pipeline, yang semuanya telah diberi pengidentifikasi process group yang
sama. Pengidentifikasi process group sama dengan PID dari anggota awal
process group, dengan demikian pengidentifikasi process group berbagi
ruang nama pengidentifikasi proses. Ketika process group baru dibuat,
kernel mengalokasikan struktur process group untuk diasosiasikan
dengannya. Struktur process group ini dimasukkan ke dalam tabel hash
grup proses sehingga dapat ditemukan dengan cepat.
d) Scatter/gather I/O. Memungkinkan single call untuk membaca atau
menulis data ke many buffers sekaligus, berguna untuk menggabungkan
fields of different data structures ke form one I/O transaction
2. A mouse can have one, two or three buttons along with its scroll wheel.
All of them are in use. Does the hardware abstraction layer hide this
difference from the rest of the operating system ? Why or why not ?(3 points)
Jawab :
hardware abstraction adalah seperangkat rutinitas perangkat lunak yang
memungkinkan program untuk mengakses sumber daya perangkat keras melalui
antarmuka pemrograman. Antarmuka pemrograman memungkinkan Anda untuk
mengakses semua perangkat perangkat keras kelas C tertentu melalui antarmuka
yang sama, tetapi C berisi subkelas perangkat yang berbeda, masing-masing
menyediakan antarmuka perangkat keras yang berbeda.
Dengan kata lain, lapisan Hardware Abstraction Layer (HAL) menyembunyikan
perbedaan perangkat keras dari sistem operasi sehingga kode yang seragam
dapat digunakan untuk semua perangkat keras. Semua perangkat keras terlihat
sama di sistem operasi karena "melihat" perangkat keras melalui the filtered
glasses of the HAL.
3. The implementation of mutexes within the eCos kernel does not support recursive
locks. If a thread has locked a mutex and then attempts to lock the mutex again,
typically as a result of some recursive call in a complicated call graph, then either
an assertion failure will be reported or the thread will deadlock. Give me your
suggestion and your reason for this eCos policy ! (5 points)
Jawab :
This behaviour is delibrate when a thread has just locked a mutex associated with
some data structure it can assume that the data structure is in consistent state.
• Before unlocking the mutex again it must ensure that the data structure is
again in a consistent state
• Recursive mutex allow a thread to make arbitrary changes to a data
structure then in a recursive call lock the mutex again while the data
structure is still inconsistent.
• The net result is that code can no longer make any assumptions about data
structure consistency which defeat the purpose of using mutexes.
4. Operating systems often do naming at two different levels: external and internal.
What are the differences between these names with respect to : (1) Uniqueness ?
(2) Hierarchies ? (4 points)
Jawab :
1. Uniqueness = The names of the internal variables are unique while the
names of the external variables may be different. For example. in the UNIX
system. the same object can be pointed by two different names.
2. Hierarchies = The internal names are stored in the tables. Thus, a common
name space is used by internal names. On the other hand, an external name
uses a hierarchy.
5. Modern applications must save their state to disk every time the user switches
away from the application. This seems inefficient, as users may switch back to an
application many times and the application simply resumes running. Why does
the operating system require applications to save their state so often rather than
just giving them a chance at the point the application is actually going to be
terminated ? (3 points)
Jawab :
Sebuah program yang mengatur alokasi sumber daya komputer, terutama
% ls -l lookup.icn
-rw-r--r-- 1 lnp5jb 777 Dec 18 lookup.icn
The first set of characters in the output from the command (-rw-r--r--) gives the
permissions. The username in the middle of the line (lnp5jb) is the owner of the file. This
is user who created the file. The following fields tell you the number of characters in the
file, the date it was created and the name of the file.Note that the first character specifies
the file type. This is normally one of the following:
The following nine characters represent permissions for different classes of users. Users
on a Unix system are assigned to a group or groups, which might correspond to a
particular department, or research group in the real world. Members of a particular group
can be allowed access to files belonging to other members of the group.
The second, third and fourth characters in the permissions string represent permissions
that apply to the owner of the file. The next three characters apply to members of the
owner's group. The last three apply to all other users. The file in this example therefore
has rw- for the owner, r-- for the group and r-- for others.
The three characters corresponding to each class of user each represent a different type
of permission. The first character represents 'read' permission. This means that a user has
permission to open a file and view the contents. If there is an r in this position then that
class of users has read permission. In this example all users have read permission. In this,
and in every case, a horizontal bar character (-) means that permission is denied.
The second position represents 'write' permission (the right to make changes to a file).
In the example, only the owner has write permission. Normally, you will not want others
to be allowed to make changes to your files, so write permission is only allowed to the
owner.
The third position represents 'execute permission'. This means permission to 'execute',
or run, a file that works like a command. In this example no-one has execute permission
for the file lookup.icn (it is an Icon program, and it would have to be compiled before it
could be executed, so execute permission would be useless).
8. One way to handle tables whose size is not known in advance is to make them
fixed, but when one fills up, to replace it with a bigger one, copy the old entries
over to the new one, then release the old one. What are the advantages and
disadvantages of making the new one twice the size of the original one, as
compared to making it only one and a half times as big ? (5 points)
Jawab :
Purging old data is a great example. Periodic purge jobs may need to remove quite
a bit of data, and doing this in one massive query could lock a lot of rows for a
long time, fill up transaction logs, hog resources, and block small queries that
shouldn’t be interrupted. Chopping up the DELETE statement and using
medium-size queries can improve performance considerably, and reduce
replication lag when a query is replicated
9. One disadvantage of Graphical Interchange Format is that the image must include
the color palette, which increases the file size. What is the minimum image size
for which an 8-bit-wide color palette breaks even ? And what is the minimum
image size for which a 16-bit-wide color palette breaks even ? (5 points)
Jawab :
Each color in a digital image is made up of the three primary colors – Red, Green &
Blue. Each of these is known as a color channel and can have any range of values of
color intensity depending on the bit depth. So here comes the main reason for the
confusion – since there are three channels in a digital color image (RGB = Red, Green
and Blue), a photo that is 8 bits/channel (bits per channel) would have 24 (8 x 3)
bits/pixel (bits per pixel) and the total of 16,777,216 colors available. A 16
bits/channel photo would have = 48 bits /pixel, and so on.
10. In Windows operating system, it is easy to implement facility where threads
running in the kernel can temporarily attach to the address space of a different
process. Why is this so much harder to implement in user mode ? Why might it
be interesting to do so ? (3 points)
Jawab :
Kernel thread and User The desired Kernel Thread (KT) yang diinginkan juga
dikenal sebagai Light Weight Process (LWP). Kernel yang diinginkan membuat
dan menjadwalkan KT. User Thread (UT) yang diinginkan tidak semahal
pembuatan dan pengelolaannya seperti KT. Membuat KT yang diinginkan
ditangani oleh Kernel dan spesifik untuk platform.
The threading library membuat user thread dan menjadwalkan pemanggilan
thread sesuai aplikasi yang mewarisi threading library. User Thread hanya
berjalan dalam mode pengguna. Ketika sebuah proses dijalankan oleh pengguna,
maka User Thread yang sesuai akan dibuat. User Thread bersifat portabel karena
spesifik untuk pengguna dan ditangani oleh aplikasi pengguna.
11. Give me your reason regarding why the eCos bitmap scheduler does not support
time slicing ! (5 points)
Jawab :
The bitmap scheduler does not support any time-slicing at all. because each level
has only one thread.and a lower priority thread cannot execute untill and unless
there is high priority thread for execution.
12. Give me the brief explanation regarding below problems : (6 points)
(a) What are the two broad categories of defenses against buffer over flow ?
(b) What are the differences between anomaly intrusion detection and signature
intrusion detection ?
(c) It was stated that the inclusion of the salt in the Unix password schemes
increases the difficulty of guessing by a factor of 4096. But the salt is stored in
plaintext in the same entry as the corresponding ciphertext password. Therefore,
those two characters are known to the attacker and need not be guessed. Why is
it asserted that the salt increases security ?
(d) Why are rootkits extremely difficult or almost impossible to detect as opposed
to viruses and worms ?
(e) Give me the name of two serious errors in below instuctions, especially while
the user did the following instructions for recovering from a virus attack, such as:
i. Boot the infected system. ii. Back up all files to an external medium. iii. Run
fdisk (or similar program) to format the disk. iv. Reinstall the operating system
from the original DVD-ROM media. v. Reload the files from the external
medium.
(f) The security implications of using the self-extracting archives, which contain
one or more compressed files packaged with an extraction program, were
frequently used to deliver programs or program updates !
Jawab :
a. Two major types of buffer overflow defenses are: compile-time defenses which
aim to harden programs against attacks in new programs; and enforcement
protections to detect and reverse attacks in existing programs.
b. Since signature-based IDS monitors packets over the network, it compares
those packets against a database of known IOCs or attack signatures to report
any suspicious behavior. On the other hand, anomaly-based intrusion detection
systems can alert you to unknown suspicious behavior.
c. Salting changes the hash of one password so that it does not match the
hash of another password. A salt and a password are concatenated and
processed by a cryptographic hash function. Salt prevents the use of
rainbows and hash tables to attack and crack passwords.
For example, a user has password "password000" and is subject to a
SHA1 hash. In a password database, all users with the password
"password000" will have the same hash, due to the nature of hash
functions. So if an attacker breaches the database and brute force the
password of the user mentioned above, he can search all the hashes that
match the original user's password and will know that their password is
also "password000".
By applying a salt, the password hashes will no longer be the same, even
if the actual password is still the same. This forces the attacker to go in
and try to force a second password (which has a different salt), even
though it may be the same as the first. In a nutshell, this prevents an
attacker from discovering one password and then discovering several
others.
d. Rootkit, a form of malware, or malicious software, that infects a
computer's hard drive and allows unauthorized access and control of the
computer at the "root level". Rootkits are difficult to detect because they
are designed to be hidden
e. Give me the name of two serious errors in below instuctions,
1. Boot the infected system.
2. Back up all files to an external medium.
3. Run fdisk (or similar program) to format the disk.
4. Reinstall the operating system from the original DVD-
ROM media.
5. Reload the files from the external medium.
Jawab :
1. Boot the infected system
2. Reinstall the operating system from the original DVD-ROOM media.
f. A self-extracting file is used to share a compressed file with a party that does
not necessarily have the software to decompress the file. Users can also use the
self-extracting feature to distribute their own software. For example, the
WinRAR installer is performed using the GUI RAR self-extracting graphical
module Default.sfx.
13. Give me the brief explanation regarding critical regions on code sections really
necessary in an symmetric multiprocessing program operating system to avoid
race conditions or will mutexes on data structures do the job as well ? (6 points)
Jawab :
The critical section is the part of the code that reads and writes shared memory
from multiple parallel contexts.
In the example above, the minimal critical section is starting with the counter
decrement and ending with checking the counter's value.
Once the critical section has been identified race conditions can be avoided by
using one of the following approaches:
14. Give me your argumentation regarding which service type is most appropriate for below
different types of network services table : (6 points)
Service Example
Reliable byte stream Remote
login Unreliable datagram Network
test packets
Request-reply Database
query
Reliable message stream Sequence of pages
of a book
Unreliable connection Digitized voice
Acknowledged datagram Registered mail
Jawab :
a. Downloading a web page.
- Login unreliable datagram | Network,
- test packets Request-reply | Database query
- dan juga Reliable message stream | Sequence of pages,
karena disaat mendownload web page, network sangat penting dalam membuat
unduhan karena untuk menjalankan suatu unduhan dibutuhkan adanya network
dan test packets atau database juga sangat penting karena didalam
mendownload ada semacam packets request untuk mengunduh website
tersebut dan juga sequence of pages sangat penting untuk mengetahui ada
berapa halaman atau tabs didalam web tersebut
b. Video on demand over the internet.
- Login unreliable datagram | Network,
- Unreliable connection Digitized voice,
karena menonton video didalam internet atau youtube, itu juga memerlukan
network atau internet, dan juga digitized voice untuk mendengarkan video
tersebut.
c. Live video streaming over the internet.
- Login unreliable datagram | Network,
- Unreliable connection | Digitized voice,
- Reliable byte Stream | Remote,
- Acknowledged datagram | registered mail,
Karena didalam melakukan live stream itu harus membutuhkan kecepatan
internet yang besar, otomatis dalam melakukan livestream sudah pasti memakai
remote byte stream seperti OBS, streamlabs, dll dan juga kita harus memiliki akun
youtube yang sudah teregistered untuk melakukan livestream di youtube
15. Give me the brief explanation regarding critical regions on code sections really
necessary in an symmetric multiprocessing program operating system to avoid
race conditions or will mutexes on data structures do the job as well ? (6 points)
Jawab :
16. Give me your output from Unix console and your full copy of your configuration files and their
complete paths, when you execute the following commands after you have configured your
Berkeley internet name domain name service application from Unix FreeBSD ports. (4 points)
(a)
# service named restart
# ps -ax | grep named
(b)
# top
(d)
# ping dns1.siapasihnamakamu.com 1
# ping siapasihnamakamu.com 2
Jawab :
a) A worm virus operates more or less independently of other files, whereas a virus
depends on a host program to spread itself. viruses overwrite other programs with
copies of themselves, which destroys the host program altogether. Viruses spread
when the software or document they are attached to is transferred from one
computer to another using the network, a disk, file sharing, or infected email
attachments.
b) When the host code is executed, the viral code is executed as well. Normally, the
host program keeps functioning after it is infected by the virus. A computer virus
is a type of malware that propagates by inserting a copy of itself into and
becoming part of another program. It spreads from one computer to another,
leaving infections as it travels. Viruses can range in severity from causing mildly
annoying effects to damaging data or software and causing denial-of-service (DoS)
conditions.
19. Based on the paper entitled Extending the QUIC Protocol to Support Live Container
Migration at the Edge, of 2021 IEEE 22nd International Symposium on a World of
Wireless, Mobile and Multimedia Networks (WoWMoM proceeding-attached), give
me your explanation in conjunction with the following questions ! (18 points)
(a) What are gathered problems which addressed the writers in their paper ?
(b) What are their strategies and their approaches in answering the challenge that
covered in their paper ?
(c) What are their contributions that reflected in their paper ?
(d) What are the goals in their proposal which stated in their paper ?
(e) What are the definition of QUIC and its advantages which stated in their paper ?
(f) Which of their reference paper did the stop of container with an active TCP
connection and resume both the container execution and TCP connection on the same
machine ? Give me the reference titles and their authors !
(g) How did they describe the implementation of aioquic extension for supporting their
proposal which stated in their paper ?
(h) What are the results of their research which stated in their paper ?
(i) What are their future works which are not covered in their paper yet ?
Jawab :
a. Container migration is used for several reasons, one of which being to
maintain proximity between edge computing services and mobile users.
When migrating containers, however, it is important to consider that they
typically have ongoing communications with other endpoints, e.g., users’
applications. Moreover, in case of connection-oriented protocols,
communicating endpoints share a state (i.e., the connection), which needs to
be migrated as well. Connection-oriented protocols like TCP were not
designed having connection migration in mind, thus their connections
cannot survive a change of IP address or port number.
carried out experiments with increasing values of the pool size (i.e., from
one to three addresses). We recall that the QUIC client randomly selects
addresses for probing and may also probe the old address of the server (see
Section III.C). This means that a pool of M addresses may lead to a
maximum of M+1 addresses being probed. As we can see, the PoA strategy
performs worse than the Explicit strategy, on average. This is also true in
case of a one-address pool, which sometimes leads to two addresses being
probed. Furthermore, the greater the pool size is, the worse is the
performance of the PoA strategy because more addresses are probed on
average. Besides, we noticed that a pool with four or more addresses often
caused the connection-migration process to fail and the QUIC connection to
be prematurely closed. This is because QUIC client increases a timer for
sending the next probe every time in which probing fails, as part of the loss
detection mechanism in QUIC.
i. For future work, we plan to evaluate our solution based on QUIC against
other protocols.