Concepts with Symbian OS (779878), страница 40
Текст из файла (страница 40)
Thismeans that a hierarchical directory-based file system is desirable. Andwhile designers of mobile operating systems have many choices for filesystems, one more characteristic influences their choice: most mobilephones have storage media that can be shared with a Microsoft Windowsenvironment.If mobile phone systems did not have removable media, then anyfile system would be usable. In systems that use flash memory, there arespecial circumstances to consider.
Block sizes are typically from 512 bytesto 2 048 bytes. Flash memory cannot simply overwrite memory; it musterase first, then write. In addition, the unit of erasure is rather coarse:individual bytes cannot be erased; entire blocks must be erased at a time.Erase times for flash memory is relatively long.To accommodate these characteristics, flash memory works best whenthere are specifically designed file systems that spread writes over themedia and deal with the long erase times. The basic concept is that whenthe flash store is to be updated, the file system writes a new copy of thechanged data over to a fresh block, remaps the file pointers, then erasesthe old block later when it has time.One of the earliest flash file systems was Microsoft’s FFS2 for usewith MS-DOS in the early 1990s. When the PCMCIA industry groupapproved the Flash Translation Layer specification for flash memory in1994, flash devices could look like a FAT file system.
Linux also hasspecially designed file systems, from the Journaling Flash File System( JFFS) to the Yet Another Flash Filing System (YAFFS).However, mobile phone platforms must share their media with othercomputers, which demands that some form of compatibility be in place.SECURITY189Most often, FAT file systems are used. Specifically, FAT16 is used for itsshorter allocation table (than FAT32) and for its reduced need for longfiles.Being a mobile smartphone operating system, Symbian OS needs toimplement at least the FAT16 file system. Indeed, it provides support forFAT16 and uses that file system for most of its storage media. However,the Symbian OS file-server implementation is built on an abstractionmuch like Unix’s VFS. Object orientation allows objects that implementvarious operating systems to be plugged into the Symbian OS file server,thus allowing many different file-system implementations to be used.Different implementations may even co-exist in the same file server.Implementations of NFS and SMB file systems have been created forSymbian OS.8.4 SecuritySecurity is very important for file systems.
Since files are the basic units ofstorage, it is extremely important that they remain secure and protectedfrom malicious access. The remainder of the file system structure is alsovulnerable.Chapter 14 is dedicated to security. However, security issues are soimportant that we discuss them here as well – as they pertain to filesystems. In this section, we look at the issues with security and outlinethe attacks and protections that file systems can have.General Security IssuesAccess to a file system and the files it contains needs to be controlled.Allowing any and all access would be a mistake, because it invitesmalicious activity.
However, too many restrictions make file systemscumbersome to use. In addition to the proper security, we also need todecide what elements need security restrictions imposed on them.When an access is made to a file system, the fundamental assumptionis that the access is authorized or permissible. A fine-grained securitysystem would request authorization before each access. A coarse-grainedsecurity system would make a single validation that would verify allaccess.
Somewhere between the two extremes lies a system with enoughsecurity and a tolerable amount of overhead.190FILE SYSTEMS AND STORAGEAuthorization implies identification. File-system access cannot beauthorized for users if those users are not identified. Identifying usersis usually done by allowing them to log into a system or otherwise givinga user name or ID. Files are usually tagged with this user ID and specificpermissions are given to authorized user IDs.There are certain users that have all permissions to all files. Mostoften, these are termed superusers or root users. These users have allpermissions by design (note the assumption that the user has beenidentified and authorized).Using remote file systems can be a security issue. Consider the following scenario: user X is authorized to access a collection of files.
Whenthat collection of files is shared remotely to another computer system,what happens when user X does not exist on the remote system? Orworse, what happens when user X does exist on the remote system, butis a different user with the same user name?Typically, identification is verified on the system that the file systemcomes from before access is granted.
This means that identical usernames on two different systems would not result in an infraction ofsecurity, because verification of the user name (called ‘authorization’ inChapter 14) is done on the computer the file system comes from. Thatverification is unique and done in one place. When there are multipleservers serving up file systems, a centralized server for authentication isoften preferred. This can happen through a designated computer on thenetwork; this computer often runs an identity server to verify users.Security Failures: Flaws and AttacksSecurity advances often come from learning by mistakes or finding lapsesin security. There have been many security failures since file systemswere implemented.
An overview of some of these is appropriate beforewe discuss mechanisms used to protect files.Operating systems have long allowed access without user identification. In this type of system, there is no specific owner of a file andall access to all files is implicitly granted. With no user identification,there is essentially a single user of the computer. That user controls allsystem resources, including all files and file access. Most early operating systems – including early versions of Microsoft Windows – wereimplemented with this type of access.It is this environment that enabled the creation of viruses.
Viruses arefragments of data that are typically added to programs in such a waySECURITY191that they can be executed when the program is executed. This ‘infection’is passed from program to program by the executing virus code. Suchinfection is easy and permitted when no user identification is required toaccess files.Sometimes operating systems verify user identification but do not usethat identification to regulate access to files. These types of systems are‘gatekeepers’: once a user is validated – or passed through the gate – thatuser may do anything to the system and its data. In these systems, user validation usually serves to personalize the environment for users but is oftendiluted for security. Recent versions of Microsoft Windows – throughto Microsoft Windows 2000 – would set up access to files in such a waythat the default access rights would grant all permissions to all users.
Theresult was that, no matter what user you were, you could still access allfiles and have all privileges.Most operating systems in use today verify user identification anduse that identification for file access. These systems identify the type ofaccess allowed for various classes of users by identifying the user. Thesesystems are as vulnerable as their verification process. If a user can entera computer system with another user name, for example, then securityon files is meaningless. Access assumes authorization; if authorization iscompromised, so is file access.Unix has long had this type of security implementation.
As the nextsection describes, Unix file systems have the notion of user classes,which include ‘owner’, and users are classified by their user ID whenthey validate themselves to the system. This allows Unix to classify usersfurther, in groups or as ‘other’. Each of these classes has security settingsthat allow for file read, write and execute operations, with a file ownerbeing able to grant access to its file to particular user classes.Establishing and enforcing ownership on files is a great way to thwartvirus infection. When only an owner can modify a file, then a viruscan only infect a file if its executing process is identified as the owner.Sometimes, the owner can grant others ‘write’ permission by using ACLsor by giving groups of users access. Viruses can infect files in these casesif the executing process is identified as a user having permission to writeto a file.
Because owners are usually carefully controlled, Unix systemsare rarely infected with viruses.It is useful to note that some computer systems cannot establish useridentification and therefore must work to provide other forms of security192FILE SYSTEMS AND STORAGEsystems. Smartphones are a great example of this situation. It would beterribly inconvenient for the smartphone user to identify herself beforeeach use (imagine ‘logging in’ to a smartphone to answer a call).Protection MechanismsProtection of files starts with something outside of a file system: authentication.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
