共查询到20条相似文献,搜索用时 203 毫秒
1.
多个任务的并发执行是计算机操作系统的一个主要特征.为了满足Windows下分时多任务,或实时多任务应用系统的开发,给出通过C程序设计对操作系统中多任务并发执行设计模式开发,提出Windows下利用时钟中断方式进行多任务并发执行的方法。该模式实现系统内多任务在宏观上的“同时”运行,解决Windows环境下用户应用开发自己的分时,或实时多任务应用系统的一般方法和结构。 相似文献
2.
3.
采用构件化模型是当前操作系统设计新的发展趋势.构件化操作系统设计的关键技术集中反映在其内核的设计与实现中.本文首先介绍已有的内核结构以及操作系统新的抽象--服务体/执行流模型(SEFM),进而介绍基于SEFM的构件化操作系统Minicore中内核(核心服务体)的设计技术.最后以实际的测试数据验证了所采用技术的有效性. 相似文献
4.
《计算机应用与软件》2017,(2)
操作系统安全是计算机系统安全的基础保障和前提条件,而操作系统安全则主要依赖于系统内核的安全。针对内核的非控制数据攻击是指通过篡改内核中的某些关键数据结构,诱发内核出现漏洞和产生一系列稳定性问题,从而严重影响操作系统乃至整个计算机系统的安全。提出一种基于Kprobes内核调试机制和监视器内核线程的在线检测方法,前者用于监控内核关键函数的执行和检查相关动态性数据结构的一致性,后者通过设立专门的内核线程实现静态性内核数据结构的持续监测和不变性验证。然后在Linux平台上运用C语言设计实现了相应的内核非控制数据攻击在线检测器KNCDefender,进行了一系列验证实验和性能测试实验。实验结果表明,该方法是完全轻量级的,并能够及时检测出针对内核的各种非控制数据攻击。 相似文献
5.
以操作系统为中心的存储一致性模型--线程一致性模型 总被引:3,自引:0,他引:3
分布共享存储系统为保证程序的正确执行,必须通过存储一致性模型对共享存储访问顺序加以限制,而现有模型在可扩展性和操作系统级实现方面存在不足。结合多线程的特点,提出了一种以操作系统为中心的线程一致性模型,通过并行程序执行过程中线程状态的变化来观察和限制存储访问事件的正确顺序,有利于系统的可扩展性、一致性维护信息获取的方便性和完备性以及操作系统本身的设计和实现。分别从模型的定义、正确性证明、实现方案和性能分析等几个方面展开了论述。 相似文献
6.
在现代操作系统里,同一时间可能有多个内核执行流在执行,因此内核需要一些同步机制来同步各执行单元对共享数据的访问。尤其是在多处理器系统上,更需要一些同步机制来同步不同处理器上的执行单元对共享的数据的访问。同步通常是为了达到多线程协同的目的而设计的一种机制。在Linux内核中有相应的技术实现,包括原子操作、信号量、读写信号量、自旋锁和等待队列。 相似文献
7.
进程是让操作系统实现程序的并发执行,系统资源共享,用户随机使用系统等功能的重要概念。文章首先介绍进程在Linux内核中的表示方式,然后结合源代码深入分析进程的时间片轮转,先进先出,Round robin调度策略的具体实现,对我们进一步了解Linux内核的工作机制和学习编程均有较好的实用参考价值。 相似文献
8.
9.
SSDT挂钩:基于Windows内核的RootKit技术样本 总被引:3,自引:0,他引:3
NT操作系统结构是Windows操作系统稳定性和安全性的基石。该结构分层为用户层(UscrMode)和内核层(Kremel Mode)。内核层享有操作系统非常高的操作权限和自由度,其暴露的系统服务描述符表(SSDT)具有可修改性,是SSDT挂钩机制实现的基础;而系统服务函数所在内核组件模块的不可深入性,导致目前检测和清除SSDT挂钩尚有较大难度。本文研究SSDT挂钩机制对深入理解和应用RootKit技术具有典型意义。 相似文献
10.
首先介绍基于服务体/执行流模型的操作系统Minicore的基本特征,进而详细讨论了如何利用内核态功能实现二进制Linux应用代码的高效兼容运行方法,以及Minicore中Linux运行环境服务体设计的关键技术和解决方案,并给出了实验测试数据以说明所提出技术的有效性. 相似文献
11.
Contextual refinement is a compositional approach to compositional verification of concurrent objects.There has been much work designing program logics to prove the contextual refinement between the object implementation and its abstract specification.However,these program logics for contextual refinement verification cannot support objects with resource ownership transfer,which is a common pattern in many concurrent objects,such as the memory management module in OS kernels,which transfers the allocated memory block between the object and clients.In this paper,we propose a new approach to give abstract and implementation independent specifications to concurrent objects with ownership transfer.We also design a program logic to verify contextual refinement of concurrent objects w.r.t.their abstract specifications.We have successfully applied our logic to verifying an implementation of the memory management module,where the implementation is an appropriately simplified version of the original version from a real-world preemptive OS kernel. 相似文献
12.
Liss L. Birk Y. Schuster A. 《Parallel and Distributed Systems, IEEE Transactions on》2005,16(9):830-840
The infiniband (IB) system area network (SAN) enables applications to access hardware directly from user level, reducing the overhead of user-kernel crossings during data transfer. However, distributed applications that exhibit close coupling between network and OS services may benefit from accessing IB from the kernel through IB's native verbs interface, which permits tight integration of these services. We assess this approach using a sequential-consistency distributed shared memory (DSM) system as an example. We first develop primitives that abstract the low-level communication and kernel details, and efficiently serve the application's communication, memory, and scheduling needs. Next, we combine the primitives to form a kernel DSM protocol. The approach is evaluated using our full-fledged Linux kernel DSM implementation over infiniband. We show that overheads are reduced substantially, and overall application performance is improved in terms of both absolute execution time and scalability relative to an entirely user level implementation. 相似文献
13.
在现代操作系统中,内核运行在最高特权层,管理底层硬件并向上层应用程序提供系统服务,因而安全敏感的应用程序很容易受到来自底层不可信内核的攻击.提出了一种在不可信操作系统内核中保护应用程序的方法AppFort.针对现有方法的高开销问题,AppFort结合x86硬件机制(操作数地址长度)、内核代码完整性保护和内核控制流完整性保护,对不可信内核的硬件操作和软件行为进行截获和验证,从而高效地保证应用程序的内存、控制流和文件I/O安全.实验结果表明:AppFort的开销极小,与现有工作相比明显提高了性能. 相似文献
14.
分析了网格系统的特点,根据网格系统的要求提出了网格支撑中间件——网格操作系统的层次结构,该结构将网格OS划分为核心层、构造模块层和集合模块层。然后根据网格计算和服务的特点对网格OS应该提供的模块和服务进行了研究和探讨,并以Globus Toolkit2.0为实例进行了分析和说明。最后对各模块所处的层次进行了说明并简单介绍了其最新发展。 相似文献
15.
论文首先从内核性能和安全性的角度分析驱动程序对微内核与单体内核的影响;然后讨论硬件抽象层对驱动抽象能力的影响以及与移植性及内核大小的关系;分析传统UNIX系列与Windows NT操作系统内核结构以及驱动模型优缺点;最后介绍一个构件化驱动模型的特点。该模型基于构件装配运行平台技术,运行在和欣2.0操作系统平台上。驱动模型底层是一个合适的硬件抽象层,方便移植,用户态程序可以灵活地调用驱动程序。 相似文献
16.
证书解析是证书应用的基础,目前已知的证书解析操作均运行于操作系统应用层。这种证书解析方法尽管具有较强的通用性,但代码复杂,占用系统资源较多。本文在研究证书格式的基础上,给出了一种适用于操作系统内核层、嵌入式系统等资源受限环境的解析方法,具有实现简单、占用资源少、运行速度快等特点。 相似文献
17.
18.
Luigi Catuogno Roberto Gassirà Michele Masullo Ivan Visconti 《Information Security Technical Report》2013,17(3):93-104
A smart card is a tamper-resistant miniature computer that performs some basic computations on input a secret information. So far, smart cards have been widely used for securing many digital transactions (e.g., pay television, ATM machines).We focus on the implementation of operating system security services leveraging on smart cards. This very challenging feature allows one to personalize some functionalities of the operating system by simply changing a smart card. Current solutions for integrating smart card features in operating system services require at least a partial execution of some of the operating system functionalities at “user level”. Unfortunately, system functionalities built on top of components lying at both kernel and user levels may negatively affect the overall system security, due to the introduction of multiple points of failure.In this work, we present the design and implementation of SmartK: a framework that integrates features of smart cards uniquely in the Linux kernel. In order to validate our approach, we propose a host of enhancements to the Linux operating system built on top of SmartK: 1) in-kernel clients' authentication with Kerberos; 2) execution of trusted code; 3) key management in secure network filesystems.In particular, we present an experimental Linux OS distribution (SalSA), which addresses the security issues related to downloading packages and to updating an operating system through the Internet. 相似文献
19.
RPC(Remote Procedure Call)协议有多个版本,分为内核态RPC与用户态RPC两类.开发人员根据设计需求选用合适的RPC版本,很多情况下会涉及跨内核态和用户态的通信.用户态RPC不如内核态RPC完善,缺少多线程机制、RDMA(Remote Direct Memory Access)机制等,需要优化以提高性能.结合此类需求,分析了用户态TI-RPC(Transport Independent Remote Procedure Call)运行机制,提出分层多线程的优化方法;利用TI-RPC底层接口重构RPC端口创建与服务启动;增加线程池机制,使TI-RPC在RPC层实现多线程并发服务.性能对比测试表明RPC内部多线程优化可将网络的利用率提高到网络满带宽的93%. 相似文献
20.
This paper presents a new language that integrates the real-time and distributed paradigms within the framework of a concurrent logic language. Concurrent logic languages (CLLs) are capable of expressing concurrence, communication and nondeterminism in a natural way. That is, the intrinsic parallel semantics of the concurrent logic languages makes them well-suited for distributed programming. The proposed language is particularly suitable for loosely coupled systems and it contains mechanisms for distributed and real-time process control. A new execution model for concurrent logic languages is presented, which enables efficient distributed execution and real-time control. The model is introduced by giving an operational semantics for the language and the new model's implementation is discussed, including the definition of a new abstract machine and its implementation on a network of Unix workstations. Although the sequential core is not optimized, some previous results are discussed, showing the feasibility of the language's execution model for distributed real-time systems. The language is currently being used as the kernel language for a distributed simulation and validation tool for communication protocols. 相似文献