1. Overview of the operating system
1. Operating system
(1) Concept
It is a system software of the computer system. It can effectively organize and manage hardware and software resources in the computer system, and organize computer workflows reasonably (fairly treat different user programs without "deadlocks" and "hunger"), control the execution of programs, and provide users with various service functions, so that users can use computers flexibly, conveniently and effectively, and enable the entire computer system to run efficiently; it is located above the hardware and supports the software (software preparation and maintenance).
A. The main function from an application perspective: to provide human-computer interaction interface (the interfaces provided to users are command input and system calls);
B. From a software development perspective: the basic platform for software development;
C. Function from the perspective of safety protection: the first line of safety defense;
D. Functions from the perspective of system development: virtual machines and expansion machines
(2) Features
A. Concurrency: There is a mutual restrictive relationship during execution; the program and the calculation no longer correspond one by one; the result does not reappear and the concurrency process loses its enclosure;
B. Sharing: CPU, internal and external memory, external devices;
C. Randomity (asynchronousness): When to exit? suspended animation? Interrupt? Shut down? Restart?
(3) Function
A. Process management: manage the CPU. Including process control (creating, undoing ending processes and controlling various state transitions during runtime), process synchronization (processing synchronization or mutual exclusion relationships between processes), inter-process communication (information exchange) and process scheduling (select a process from the ready queue according to a certain algorithm for the CPU to execute it);
B. Storage management: manages computer memory resources. Including recycling and allocating memory, storage protection (considering the possibility of program out of bounds) and memory expansion (with the help of virtual technology to logically increase process running space);
C. File management: management of file storage space (management/creation/deletion/naming files); file directory management; file system security (read, write and access permissions)
D. Device Management: All input and input devices except CPU and memory, complex external device allocation and troubleshooting. Technologies include: interrupt technology, channel technology, virtual device technology and buffering technology.
E. User access area (job management):
(4) Common operating systems
Ubuntu、Windows、Unix、DOS、BSD
2. Operating system classification
Use environment and functional characteristics by page
(1) Batch system: divided into single-channel batch system and multi-channel batch system, among which multi-channel batch processing efficiency and throughput are high but lack human-computer interaction; instructions have privileged instructions and general instructions;
(2) Time-sharing system: multiple users share and interactive use system; exclusiveness (user feelings); timeliness
(3) Real-time system: multiplexed, timely, interactive, reliability, overload protection capability
Classified by computer architecture
(1) Personal operating system
(2) Network operating system: the master-slave relationship is obvious; there are restrictions on sharing resources;
(3) Distributed operating system: unified configuration, all hosts use one operating system; resource sharing; communication with each other;
(4) Embedded operating system: low cost
An interactive system refers to the user's interactive request for commands to the system, the system accepts commands from each user, processes the service using a time slice rotation method, and displays the results to the user on the terminal through interactive methods. Multi-level feedback, time slice rotation and high priority are suitable for interactive operating systems.
3. Operating system structure
(1) Integral structure: functions are divided into multiple modules;
(2) Hierarchical structure: one-way call, not called at the same level;
(3) Microkernel structure (C/S structure): Most operating systems are implemented by user processes; divided into multiple parts, each part only deals with one aspect of functions, such as file services, process services and server communication; features: high reliability, high flexibility, suitable for distributed processing, strong portability, integrated into object-oriented technology, but low efficiency, and not suitable for frequent communication; microkernels have: thread scheduling, virtual storage, message delivery, device driver, kernel primitive operations and interrupt processing.
4. Instructions
(1) Privileged instructions: including output instructions, shutdown instructions, etc. Only in the monitoring program can execute privileged instructions, and can only run in the kernel state (management state) (block interrupts, shut down interrupts);
(2) General instructions: run in the user state (shutdown, read files, set time), and can also be executed in the managed state. If the user program executes privileged instructions in the user state (eigen state), it causes an access management interrupt, which is also the method for the CPU to convert from the user state to the core state.
5. Critical resources, rewriteable code and non-reusable resources
(1) Critical resources:
(2) Rewriteable code: hard disk, memory;
(3) Resources not reusable: time slices arrive, hardware clock arrives
6. Class three interfaces are available for users
(1) Command interface: Provide a set of commands for user to operate indirectly/directly;
(2) Program call: It consists of a set of system call commands, which is the only interface provided by the operating system to programmers, and the call commands are used by the user program; (User programming requires printout, and the command is provided: write())
(3) Image interface interface: icons, menus, windows, forming an intuitive and easy-to-understand computer operating environment, and the terminal window uses command lines.
7. In the device allocation algorithm, the data structure mainly contains four table allocation orders.
System equipment table (SDT), equipment control table (DCT), controller control table (COCT), channel control table (CHCT).
8. Program status word (PSW, special register indicating processor status)
(1) Including: CPU working status code (specify the pipe/ego status); condition code (instruction result); terminal mask code (whether interrupt is allowed);
(2) Status flags: CF (carry), ZF (zero), SF (symbol), OF (overflow), TF (trap), IF (interrupt masking), VIF (virtual interrupt), VIP (virtual self-destruction pending), IOPL (IO privilege level)
2. Operating system operation mechanism
Memory in
(1) User-visible registers: mainly used for various arithmetic logic instructions and access instructions (data registers, address registers, condition code registers)
(2) Control and Status Register: used to control the operation of the processor (program counter PC, instruction register IR, program status register PSW)
2. Classification of interrupts and exceptions
(1) Interrupt: (caused by external events) clock interrupt; input and output interrupt (keyboard input); console interrupt; hardware failure interrupt; data area on the network card full (data transmission is completed); (stack overflow); (disconnected by 0)
(2) Exception: (caused by internal events) procedural interrupt (result generated by execution of instructions); access management instruction interrupt (cleared);
3. System calls
(1) Concept: The called program runs in the user state (the CPU executes in the user program) in the system state (the CPU executes in the system program); system calls can be used in nested, that is, one called process can also be called during the execution of another process, generally it can be called multiple times but cannot be called unlimitedly;
(2) Classification: process control class (create/terminate process), file operation (open), process communication class, device management class (request/release device), information maintenance class (time and date);
(3) Parameter transfer: The parameters are brought by the trapped instruction (can only carry a few); the parameters are passed through registers (the memory is dedicated to the stack passing parameters);
(4) Generally, after the call is executed, the calling program will be returned directly to the calling program; when the system call ends, it will first perform priority analysis of the required process. If the calling process does not have high priority, rescheduling will occur;
3. Process thread model
1. Multi-program environment characteristics
Independence; randomness (input and output are random); resource sharing (resulting in execution speed constraints).
2. Process
(1) Concept: A computer program (instructions, data composition) regarding a running activity on a data set is the basic unit of resource allocation;
(2) Features: parallelism; independence (independent resource allocation unit); asynchronousness (forward implementation of unpredictable speed); dynamicity; communication.
(3) Composition: three parts: PCB, instructions and data;
(4) Process Control Block (PCB)
A. Composition: process name, process number, storage information, process identifier, process priority, process current status, resource list, message queue pointer, process queue pointer, open current file and other scheduling information, and field information such as PSW, clock, boundary address register;
B. Organizational method: linear method, index method, link method, queue method (ready queue, waiting queue, run queue);
C. Features: It is the soul of the process; it must be resident in memory; the running state of the PCB can only be read through the operating system.
(5) Process control: The process is converted between various states in the entire life cycle through primitives; the primitives used for process control generally include creating a process, undoing a process, suspending a process, activating a process, blocking a process, waking a process, and changing process priorities, etc.
(6) Create process:
A. Steps: Apply for a blank PCB; allocate resources to the new process; initialize the PCB; insert the new process into the end of the ready queue.
B. Time to create a process: user login; system initialization; user system call; initialization of batch jobs.
3. Process status and transition
(1) Three state models: running state, ready state, waiting state (blocking state).
Among them, there are three possibilities for the running state to be switched to the ready state: the time slice is used up; the process creation is completed; the CPU is occupied by the scheduler (for non-compulsory, "a process runs over");
Running state transition blocking state: request system services, start some operation, new data has not arrived yet, and no new work can be done.
(2) Five state models: run, ready, block, create, and end.
There are five states of processes on Linux: running, interrupted, non-interruptible, zombie state, and stop state.
(3) Seven-state model; run, ready, block, create, end, activate (outside->inside), suspend (inside->outside).
4. Thread
(1) Concept: The entities in the process cannot exist independently of the process; they are the basic units of CPU scheduling and dispatch; different threads can execute the same program; each thread in the same process shares memory space; they do not own system resources, but only have a little essential resources in operation; each thread has an identifier and a thread description table, recording the registers and user stacks of thread execution;
(2) Features: less overhead, less time to switch, fast internal communication, and able to work independently;
(3) Meaning of thread operation:
pthread_join: Wait for a specific thread to exit; |
pthread_yield: The thread gives up the CPU (actively release); |
|---|---|
pthread_creat: Create thread library functions; |
pthread_exit: library function that ends a thread |
Scheduling classification
Advanced scheduling (create process), intermediate scheduling (record into memory), low-level scheduling (allocating CPU).
6. Scheduling
(1) Function: Record the execution status of all processes in the system; select a CPU from the ready queue to allocate it; select PCB's field information (PSW, general registers, etc.) and send it to the CPU's registers, so that it can occupy execution.
(2) Opportunity: CPU resources are not scheduled, and CPU resources are occupied by them must not be scheduled; the method of forcibly occupied (when a process with a high priority exists, schedule immediately and transfer CPU resources) and the method of forcibly occupied (the CPU is released only after the process is executed).
(3) Scheduling algorithm: first-come-first service FCFS (not forcibly occupied); shortest-time job algorithm SJF; rotation method RR; highest response ratio priority algorithm HRRF (a compromise algorithm between FCFS and SJF, that is, the waiting time is considered without making long jobs wait time too long); multi-level feedback queue. The operating system cannot dynamically change the process scheduling algorithm during operation.
4. Storage management plan
1. Solutions to process mutual exclusion
Competitive parties negotiate equally; introduce process managers
2. The resource sharing program in a computer can be divided into three levels
(1) Mutual Exclusion; the mutual exclusion method used to solve using hardware is simple, supports multiple critical areas, and has a wide range of applications; it cannot achieve "letting the right to wait";
(2) Deadlock:
(3) Hunger:
3. Critical resources are divided into four parts
(1) Enter area: (P primitive);while TS(&lock)
(2) Critical area: a piece of code that accesses critical resources;n=fetch(balance)
(3) Exit area: (V primitive)lock=FLASE
(4) Remaining area: the rest of the codeoutput(list)
4. Guidelines that process synchronization mechanism should follow
When you are free, when you are busy, when you are busy, when you are limited, and when you are given the right to wait.
5. Semaphore
(1) Only accessed through initialization and two standard primitives;
(2) Initialization can specify a non-negative integer value to represent the total number of free resources; if it is a negative value, its absolute value indicates the number of processes currently waiting for the critical area;P(empty) V(full)
(3) Synchronization: information amount empty, initial value K; semaphore full, initial value 0
Mutex: Semaphore mutex, initial value is 1. (occupancy is 1 and idle is 0)
(4) When the system communicates directly, the sending primitive:send(receiver,message)
6. Management process
(1) Defines a data structure and a set of operations that can be performed for concurrent processes. Processes can call processes in the management process whenever they need it, but they cannot directly access the management process data structure in processes outside the management process; management processes can ensure mutually exclusive execution of shared resources; it is a synchronization mechanism; encapsulate shared variables and operations on shared variables together.
(2) At any time, there is only one active process in the management process; if all critical areas are converted into management processes, only one process is allowed to use the code within the critical area. The management process itself cannot guarantee mutual exclusion;
(3) Pipeline object: a shared data structure and a set of operation processes.
(4) In order to solve the process synchronization relationship, condition variables are introduced and P and V operations are implemented on condition variables;
7. Communication between processes
(1) Shared memory: used for multiple processes to execute concurrently and communicate with each other, suitable for transmitting a large amount of information; set up a common memory area, one group writes to it, and one group reads from public memory; there is no need to generate multiple identical copies in the system.
(2) Message mechanism: use several cache areas in memory to organize into queues, relying on processes or basic frameworks to call the actual executed code; the buffer includes: message buffer, message pointer, mutually exclusive information, synchronous information, sending and receiving primitives.
(3) Pipeline communication: Open a shared file through two processes to realize communication between processes; character streaming connection is insufficient because the communication speed is slow.
(4) Mailbox communication: The sending process first creates a communication mechanism that links two processes, and then sends the torch information into the mechanism; the sending process and the receiving process do not directly contact, and the receiving process can retrieve information from the mechanism at any time.
operate
PV operation can realize the relationship between two processes mutual exclusion, process synchronization and process predecessor;
Disadvantages of PV synchronization mechanism: poor readability, unfavorable for modification and maintenance, poor accuracy; reduce one at a time of P operation, and add one at a time of V operation.
9. Algorithms that can implement process mutually exclusive
Peterson algorithm, TS instructions, Swap or Exchange commands, semaphores;
10. The relationship between processes is
| Mutual perception | Interaction | The impact of one process on other processes | Potential control issues |
|---|---|---|---|
| Not perceived by each other | compete | The results of the two processes have no effect | Mutual Exclusion, Deadlock, Hunger |
| Direct perception | Communication and collaboration | One process depends on other processes | Deadlock, hunger |
| Indirect perception | Shared collaboration | One process depends on other processes | Mutual Exclusion, Deadlock, Hunger |
11. Address Relocation
Convert logical addresses to absolute addresses; dynamic relocation (when each instruction is executed; software and hardware need to cooperate with each other, where the hardware includes the base address register and an address conversion line) and static relocation (the address has been converted before the program is executed).
12. Memory Management
(1) Single user management: within one time, one user process exclusively occupies memory;
(2) Partition management: fixed partition; variable partition (free partitioning strategy: first adaptation algorithm, optimal adaptation algorithm, worst adaptation algorithm, next adaptation algorithm); can meet multiple programming design and the simplest design; insufficient memory usage, serious fragmentation, inability to provide virtual memory, and limited by insufficient physical memory.
Using mobile technology, fragmentation integration can be achieved; using switching technology, processes (code, PCB and data) that cannot be stored on the disk are stored, and then loaded into memory when needed, and are controlled by the operating system.
(3) Page management: store a logical address continuously and scattered into several discontinuous memory areas. The program segments and data of jobs or processes are not required to be continuously stored in memory, thereby effectively solving the problem of "fragments"; dynamic page management provides a virtual memory implementation method for unified management of memory and external memory, which improves storage space utilization; the page size can be changed, but the user cannot dynamically change the page size. Usually, the methods to manage free physical memory are: idle blockchain table method, bit diagram, and free page table.
A. Allocation and recycling of free blocks: the main memory allocation table, bit diagram and page table are adopted; in the page table, the memory block number corresponds to the page number one by one, and the first-level page table needs to access memory twice to complete data extraction; the second-level page table needs to access memory at least 3 times for each instruction executed by the second-level page table;
B. Fast table (TLB) is stored in the cache (memory between main memory and CPU, and information scheduling and transmission between the cache and memory is completed through hardware); page-based virtual storage management, some pages are in memory, and the rest are in external memory (disk file area), which requires: request call pages and pre-pitching page strategies.
C. Permutation strategies include: fixed allocation local replacement, variable allocation global replacement, variable allocation local replacement; (fixed/variable refers to: whether the number of blocks is variable; local/global: refers to inside or outside the job)
D. Page permutation algorithm:
FIFO: The Belady phenomenon will occur, and as the physical pages assigned to the process increase, the page failure rate increases;
LRU: The algorithm has not been used recently, and access bits are required;
LFU: The algorithm is least frequently used recently, with the fewest number of accesses at the current time and requires access to counters;
NRU: The page permutation algorithm has not been used recently, and access bits are required;
CLOCK: Clock algorithm, access bits are required;
Ideal page displacement algorithm
(4) Duan’s management: storage is divided by segments;
(5) Segment page management: first segmented, then paging, corresponding blocks for each page, can be stored continuously or discontinuously.
Among them, page-style, segment-style and segment-style management can be used in combination with virtual storage technology.
13. Link
A soft link that improves retrieval speed and saves storage space, connects and assembles all compiled target modules, and then connects them into a whole process with the function library.
14. Virtual page storage management
(1) There are problems: page jitter, Belady phenomenon, missing page interrupts, and page write errors.
(2) Solution: Using the working set algorithm can alleviate page jitter (the operating system keeps a working set for each process, and the working set changes with time, and each process provides a physical interface equal to the working set size)
(3) Necessary hardware support: large enough internal and external memory; virtual address to physical address mapping mechanism; page missing interrupt processing mechanism.
15. Fragments
(1) Internal fragmentation: Memory is allocated and not used. Fixed partition, page type, segmented page type
(2) External fragmentation: The memory space cannot meet the allocation requirements. Variable partitioning, virtual segmentation.
16. When the process is interrupted, when a page is selected for elimination, you only need to remove the page, modify the valid bit of the page, and the remaining flag bits remain unchanged;
When creating a new process and loading a page, the corresponding page table entry needs to be modified: memory number, resident bit, and access bit;
When the page is modified, the bits that need to be modified are: access bits, modification bits;
To adjust the page into memory, you need to modify the bits: memory number, residence bits, and access bits.
17. Virtual memory
(1) In the virtual storage system, some programs of the process can be run after being loaded;
(2) Virtual storage technology allows users to use larger storage space than physical memory;
(3) Virtual memory must be supported by hardware.
18
The locality of the program is divided into spatial locality and temporal locality. Spatial locality means that once the program accesses a certain storage unit, the nearby storage units will also be accessed, and the program code execution is sequential. Time locality refers to the locality law presented by a program when it is executed, that is, for a period of time, the execution of the entire program is limited to a certain part of the program.
5. File system design and implementation technology
1. File classification
(1) According to purpose: system files, user files, library function files;
(2) According to organizational form: ordinary files, directory files, and special files (I/O devices in Unix are regarded as special files);
(3) Protection methods: read-only files, read-write files, executable files, and unprotected files;
(4) Classification of actual storage limits: temporary documents, permanent documents, and archive documents;
(5) Organizational structure: logical files (visible by users; record trees composed of unstructured character streaming files, fixed-length record files and uncertain-length record files), physical files (storage on disk: sequential files, chain files, index files)
2. File physical structure
That is, the structure of file storage; sequential structure, link structure, index structure;
| Storage media | Tape | disk |
|---|---|---|
| Physical structure | Continuous structure | Continuous Link Index (multi-level index) |
| Access structure | order | Order Order Order |
| Random           Random |
3. Disk
(1) Search time: Search time (longest), delay time, transmission time (shortest);
(2) Disk scheduling: FCFS, SSTF (shortest search time, easy to cause hunger), SCAN (elevator algorithm, round-trip service), C-SCAN (cyclic scanning, one-way)
4. File directory
Implement access by name, including the file name and the starting address of the file to establish the correspondence between the file name (<255 characters) and the storage address; necessary information: FCB, file structure information and file management information.
(1) FCB includes: file name, file number, user name, file physical address, file length, password, modification/access/establishment time;
(2) Management forms are divided into: first-level directories, second-level directories, and tree-type directories (fast search; clear levels; solve the problem of not using user file renaming; users cannot create root directory)
(3) Path name search: full path name and relative path (speed up search);
5. Allocation and recycling of storage space (management method of file storage space)
Bit diagram, free block table, free linked list, group link table (UNIX).
6. File system
(1) Optimization: block cache; reasonable allocation of disk time; disk drive scheduling; directory item decomposition;
(2) FAT: is a file allocation table; link structure; FAT16 represents a 16-bit cluster number and supports 8-character file names;
(3) Security: Establish copy, timed transfer, and stipulate the access rights of documents.
(4) File storage space: allocate unit data blocks;
(5) From the user's perspective: the goal of establishing a file system is to achieve "access by name";
          From a system perspective: the file system mainly focuses on file storage location;
7. When opening the file, the system needs to complete it
(1) Find the directory according to the file name and find the FCB; (The first step to open the file, continueopen()Operation, write FCB to memory)
(2) According to the opening method, share instructions and user identity checks, and access qualifications;
(3) Open the file table according to the file number to see if the file is opened;
(4) Take a blank table entry in the user's open file, fill in the opening method, etc., and point to the system to open the table entry corresponding to the file table;
8. Physical structure
It is the conversion of the logical block of the file to disk number;
9. External storage access process
Read state –> Setting data –> Setting address –> Setting control –> Read state
10. File creation operation process
Check whether the file name is legal; whether it is a duplicate name in the same directory; whether there is an idle location in the directory; fill in the contents of the directory item (file name, user name, access permissions, zero length, first address);
11. File descriptor
The kernel uses file descriptors to access files. The file descriptor is a non-negative integer. When opening an existing file or creating a new file, the kernel will return a file descriptor. Reading and writing files also requires using the file descriptor to specify the file to be read and written. In fact, it is an index value that points to the record table of the file that the kernel opens for each process maintained by the process. When a program opens an existing file or creates a new file, the kernel returns a file descriptor to the process.
2. Operation on files
(1) Close file operation: The system searches for the FCB based on the file name/file identifier provided by the user; makes modifications to the relevant content of the FCB; sets the FCB to "inactive"; writes it back to disk.
(2) Delete file operations: find the file; check the legality of deletion; reclaim FCB resources; reclaim file storage space.
(3) Access files: The file path name is usually accessed for the first time, and then the file descriptor is usually used for the file access.
VI. I/O equipment management
1. Equipment classification
(1) According to shared attributes: exclusive device, shared device (disk), virtual device;
(2) Classification by information organization method: block equipment (disk/tape, generally 512B-4KB); character equipment (keyboard, monitor, printer);
/O Hardware
CPU and main memory (central part); interface; peripheral device controller (with registers); peripheral device
/O equipment data transmission control method
(1) Direct control method of program: "Busy-Wait"
(2) Interrupt control method: realizes parallel work between the host and peripheral devices; does the CPU run to see if the data can be input and output; it is suitable for keyboard reading in characters; key hardware interrupt controller, address bus and data bus, and device controller;
(3) DMA: The input/output device is completed by DMA. Under the action of the DMA controller, data exchange can be batched between the device and the main memory without CPU intervention; "stealing" bus control rights; suitable for access to block devices; DMA controller, address bus and data bus;
(4) Channel control method: Working in memory; realizing unified management of peripheral devices and data transmission between peripheral devices and memory; requiring less CPU intervention; it can realize parallel operation between CPU, channel and input and output devices; it is suitable for large amounts of data exchange in modern computers; it is mainly limited to instructions and programs related to I/O operation; channel controller, address bus, data bus, device controller and channel program code; channel selection channels, byte multiple channels and array multiple channels are selected by data.
/O Software Layer
Interrupt handler (device hardware); device driver; device-independent system software (device independent layer); user control I/O software (user layer)
5. Device-independent layer implementation functions (providing consistent system calls)
(1) Unified naming: realize the conversion between logical device naming and physical device;
(2) Equipment protection;
(3) Buffer: Use buffers to match devices of different speeds;
(4) Provide logical blocks that are independent of the device;
(5) Distribution and release of exclusive equipment;
(6) Error handling: Report the error handling situation to the user;
(7) Block allocation of storage devices.
/O Equipment Management
(1) Device table: Establish a correspondence relationship between logical devices and physical devices;
(2) Equipment management tasks: buffer management, device allocation (need to consider: device inherent attributes; device allocation algorithm; device allocation security; device independence), device processing, virtual equipment and realizing device independence.
(3) Introduced technologies: buffering technology, equipment distribution technology, SPLOOING technology, DMA technology, and channel technology.
(4) Buffer pool management: realizes process access buffer synchronization.
composition
Input wells and output wells, input process and output process, input buffer and output buffer.
7. Dead lock
1. Deadlock
Incorrect management, allocation and use of resources will lead to deadlocks;
(1) Causes: competitive resources; unreasonable process advancement order. (There is no reason for "unreasonable scheduling")
(2) The necessary conditions are generated: mutually exclusive conditions (mutually exclusive use of resources); inalienable conditions (allocated resources are inalienable); request and maintain conditions (apply to occupy part of the resources, continue to occupy the allocated resources, and part of the allocated resources); loop waiting conditions (the previous process owns the resources requested by the latter process, and the resource application forms a loop);
(3) Enter the blocking state and cannot be awakened.
2. Hunger
When the waiting time process is delayed and response has a significant impact;
3. Live lock
"Busy Waiting" has no blockage and can be mobilized, but no progress (does not actively give up the CPU);
Hunger: "blocking state", no blocking, but after being pushed infinitely, (actively give up the CPU);
4. Solution to deadlock
(1) Prevent deadlocks: "orderly resource allocation method"; establishment of SPOOLing system; allocating all resources at once; depriving other processes of resources. (static allocation, locking when allocating)
(2) Avoid deadlocks: banker algorithm;
(3) Deadlock detection: run resource analysis program regularly;
(4) Resource deprivation law, process revocation method and restart.
5. Several deadlock types
(1) Deadlock of similar resources: "P1 applies for one page of memory, P2 applies for one page of resources...";
(2) Different types of resource deadlocks: "P1 owns device A and requests device B, and P2 owns device B and requests A";
(3) PV operation mutually exclusive deadlock: "P1 and P2 first perform synchronous semaphore P operation, and then perform mutex semaphore P operation";
(4) Temporary resource deadlock: "P1 waits for P2 to send a letter Q and then sends a letter R to P2, and P2 waits for P1 to send a letter R and then sends a letter Q to P1".
Computer network
1. Network technology foundation
1. Network classification
(1) Broadband metropolitan area network (MAN): dual-ring fiber transmission; FDDI; (2) Wireless LAN (WLAN); (3) Wireless ad hoc network (Ad hoc) (self-organization; peering; wireless network); (4) Wireless sensor network (WSN): Ad hoc combined with sensor technology; (5) Wireless mesh network (WMN): used to expand the range; supplement to Wimax and WLAN
2. Operating system
(1) Unix operating system: minicomputer, C language (the first version is compiled by assembly language), partially open source; centralized, multi-user, multi-tasking, time-sharing operating system; developed by Bell Company;
IBM—AIX SUN—Solaris HP—HP-UN
(2) Linux operating system: inherits Unix's network-centric design, with core parts: kernel; open source operating system; many versions; managed and maintained by different organizations; not a variant of Unix operating system.
Red Hat
(3) Windows NT is a closed source system developed by Microsoft; it adopts a 32-bit operating system, which can provide comprehensive network service functions; based on an aparative structure, it is divided into Windows NT Sever and Windows NT Workstation.
3. Topology
(1) Ring topology: transmission delay determination;
(2) Mesh topology: WAN is widely used;
4. Datagram method and virtual circuit method
(1) Datagram method (packet storage and forwarding): Different packets of the same message can pass through different transmission paths; different packets may experience out of order, duplication and discarding; packets all carry source and destination addresses; large delays are not suitable for message conversational style;
(2) Virtual circuit method: Before transmission, a logical connection is established between the source node and the destination node; each node can establish multiple virtual circuit connections with any node, and no routing is required; all packets are transmitted in sequence through the virtual circuit at one time, and the packets do not need to carry information such as the destination address and the source address; the nodes only perform error correction.
5. Network architecture
(1) OSI (Open System Interconnection) model established by ISO:
A. Physical layer (transparent transmission bitstream), data link layer (MAC&LLC), network layer (select routing IPSec), transport layer (end to end service), session layer, presentation layer (encryption/decryption), application layer (providing application process switching and remote operation);
(2) TCP/IP model: formulated by IETF
A. Host-network layer, interconnection layer (IP/ARP/ICMP), transport layer (TCP\UDP),
Application layer (FTP\HTTP\RIP\NFS\SMTP\Telnet\SNMP\CIMP\PGP\S/MIME\)
B. Open network protocol standard; irrelevant to network hardware; each layer serves one layer
6. Computer network
A collection of autonomous computer systems that can be interconnected in a way that can share resources with each other.
The founder of the Internet is a wide area network worldwide. It is the first packet switching network developed in the world (packet switching network technology) and a network studied by the U.S. Department of Defense Advanced Research Projects Agency.
2. LAN technology
1. Three elements of LAN
(1) Network topology: bus type, ring type, star type;
(2) Transmission media: twisted pair, coaxial cable (earliest), optical fiber and wireless channels;
(3) Media access: It is divided into shared media and switched LAN according to the media access control method. in:
Shared media (bus LAN: use CSMA/CD to avoid conflicts; ring LAN: use token ring to control conflicts)
802
(1) Object: OSI's physical layer and data link layer. Specializes in the standardization of LANs. (In different LANs, the MAC and physical layers can be different, and the LLC (media access control layer) must be the same)
(2) Category:
802.3: Define CSMA/CD bus type media access MAC and physical layer standards (Ethernet standard);
802.4: Define the protocol standards for token ring network;
802.11: Wireless LAN standard;
802.15: Wireless personal area network media access MAC and physical layer standards;
802.16: Broadband wireless LAN.
3. Share Ethernet
(1) Concept: The core is the hub; ALOHA network is the foundation; bus LAN; core technology: CSMA/CD;
(2) Frame structure:
Inter-guidance code 7B pre-frame delimiter 1B|destination address 6B source address 6B type 2B|data 46-1500B check bit 4B (CRC)
(Receive synchronization, no frame header) (Frame header; type: network layer protocol) (Frame length 64-1518B)
(3) Ethernet physical address: length 48 bits, hexadecimal, two-tongue, a total of 6 groups; the first three groups of production companies, the last three groups of manufacturers allocate the flow number, and the address can be assigned 2^47, and the first digit 1 is group/broadcast; only if it is 0, it can be assigned to the manufacturer.
4. High-speed LAN standard (MAC layer is compatible with the original standard, only physical layer standards are defined)
(1) 802.3u: Fast Ethernet, 100-megabit Ethernet;
(2) 802.3z: Gigabit Ethernet, Gigabit Ethernet, defines multimode fiber or shielded twisted pair;
802.3ab: Gigabit Ethernet, Gigabit Ethernet, defines single-mode fiber or unshielded twisted pair;
GMII is used to separate the physical layer and the MAC layer; it is consistent with the frame format of traditional Ethernet;
(3) 802.3ae:10Gigabit Ethernet, 10 Gigabit Ethernet, uses optical fiber transmission, only full duplex mode, no media access control, and the transmission distance is not restricted by conflict detection.
(4) 802.3ba: 40/100Gigabit Ethernet (40Gbps network uses wavelength division multiplexing technology, 100GPS physical interface type)
5. Switched LAN
(1) Concept: Typical is switched Ethernet, core equipment: Ethernet switch (dedicated/shared port); multiple concurrent connections can be established between multiple ports to realize concurrent connections between multiple nodes.
(2) Frame forwarding method: direct exchange; storage and forwarding; improved direct exchange (receive 64B before one frame, detection is performed by the host);
(3) Virtual LAN (VLAN) networking method: defined by switch port; defined by MAC address; defined based on network layer address (IP); defined based on broadcast group.
6. Wireless LAN
(1) Classification by physical layer transmission method: infrared, direct sequence spread spectrum, frequency hopping broadcast, microwave;
(2) Infrared wireless LAN IR, frequency hopping spread spectrum FSSS (dividing the frequency band into multiple channels, using the 2.5GHZ ISM band), direct sequence spread spectrum DSSS (all accepted results use the same frequency band communication), narrowband microwave wireless LAN.
(3) Two access methods defined in 802.11: contention-free service and contention service; the MAC layer adopts CSMA/CA to avoid conflicts; supports AP access mode and roaming access mode; the 802.11 management frame is a detection frame and an authenticated frame; the hierarchical structure model is adopted; the main function of the MAC layer is access control of the wireless environment; the physical layer defines data transmission standards for infrared, frequency modulation spread spectrum and direct sequence spread spectrum.
(4) 802.11 protocol family:
| 802.11a: | 5HZ | 54M |
|---|---|---|
| 802.11b: | 2.4HZ | 11M (frequency hopping) |
| 802.11g: | 2.4HZ | 54M |
| 802.11n: | 5G | 100M |
(5) The network structure is: end station (user node with wireless network card), access point (AP), access controller (AC acts as a gateway between WLAN and external network), AAA server (billing, authentication, authorization; there are three types of 802.11 authentication: authentication based on IEEE 802.1x, authentication based on PPoE and authentication based on Web)
(6) 1000BASE-SX: Multimode fiber
1000BASE-CX: Shielded twisted pair wire
1000BASE-LX: Single-mode fiber
1000BASE-T: Unshielded twisted pair wire
100BASE-FX: Single/Multimode fiber
7. Reasons for not being able to communicate
Not in a virtual subnet; not in a subnet.
8. Characteristics of bus LAN
All nodes are connected to the bus as a public medium through a network card, and usually use twisted pair or coaxial cable as the transmission medium; all nodes can send or receive data, but only one node is allowed to send data through the bus (i.e., half-duplex form); when one node passes through the bus in a "broadcast" manner, other nodes can only receive data in a "listening" manner; because the bus is shared by multiple nodes as a public transmission medium, conflicts will occur.
3. Internet Basics
1. Internet composition
Communication lines (basic equipment), routers (main equipment, main functions: maintain routing table information; forward IP datagrams; select the best path), hosts (carriers of information resources and services) and information resources. The IP protocol is the main protocol in the Internet.
Access method
(1) Telephone line access;
(2) ADSL access: Use telephone lines to complete the asymmetric data user line, ADSL modem: has the functions of bridge, router and modem;
(3) HFC access: cable TV network access (hybrid fiber/coaxial cable), asymmetric digital user line;
(4) Data communication line access: (high cost)
protocol
(1) Definition: IP datagram format, data addressing and routing, datagram sharding and reorganization, error control and processing, etc.
(2) Features of IP service: unreliable service; connection-free; delivery to the best of your efforts; (usually, packets are not discarded at will)
(3) Characteristics of IP networks: hide the details of the underlying physical network; do not formulate topological structures and do not require all interconnection between networks; forward data between physical networks, and information can be transmitted across networks; treat each network in the Internet fairly; use the same address description method.
Address (A\B\C\D\E Class Address)
(1) Special IP address: network address; broadcast address (direct broadcast/limited broadcast: 255.255.255.255); loopback address (127.0.0.0); local address (A: 10.0.0.0/8; B: 172.16.0.0/12; C: 192.168.0.0/16)
(2) To send a broadcast: the source address is the local machine, the destination address: the network number remains unchanged, and the host number is all 1.
5. Address Resolution Protocol ARP
(1) Working at the interconnection layer, it can realize IP-to-MAC analysis;
(2) Working principle: send request messages (ARP requests) in broadcast form, and unicast response;
(3) Use cache technology to avoid a large number of request packets and improve effectiveness; the purpose of having a timer is to ensure the correctness of the host ARP table.
Datagram format
(1) Composition: header area and data area;
(2) Each field of the datagram and its functions: version and protocol type; length; service type; survival cycle; header checksum field (guaranteed header integrity, no data area check words);
(3) Header length: 32bit double bytes in units; the total length is in units of 8bit bytes. Contains related to sharding and reorganization: identification (who is the original data), flag (whether it is the last slice), and slice offset (sequential reorganization)
Packaging, sharding (MTU: the largest transmission unit, carrying the maximum amount of data that can be carried in one frame.) and reorganization.
Datagram Options
(1) Purpose: control and testing;
(2) Option data:
A. Source routing: Strict routing (strictly forwarded according to the path); loose routing (specify the main route);
B. Record routing: record all route IPs passing through;
C. Time stamp
9. Error and Control
An ICMP message corresponds to a datagram
(1) ICMP error control packets: congestion control (source suppression packets), routing control (redirection packets);
(2) Request/reply: Respond to request and reply (used to test the accessibility of the host or router in the purpose), timestamp request and reply (synchronization time), mask request and reply;
(3) ICMP features: no priority and no special reliability; reports are discarded with them; packets contain IP data headers and the first 64 bits of data.
(4) When the router receives the IP datagram, it detects the IP datagram. When it is found that there is an error in the datagram after verifying its header, the datagram will be discarded.
10. Router and selection
(1) Special routing: default route, pending host route (design the arrival host)
(2) RIP protocol (router information protocol): adopts V-D algorithm (distance-vector algorithm), simple, small and medium-sized networks, multi-path, dynamic IP Internet environment; distance is calculated by hop number; slow convergence (solution: limiting the maximum distance of the path; horizontal segmentation countermeasures; maintaining strategies; toxic reversal countermeasures with trigger refresh)
(3) OSPF protocol: adopts L-S algorithm (link-state algorithm), large network, multi-path, dynamic IP Internet environment; each route has an LSA, and finally obtains an LSDB (link state data graph), which converges faster than the V-D algorithm.
Multicast technology
(1) Features: Use group address (class D address); dynamic multicast address, and members are also dynamic; not only through the IP layer, but also need to support functions with the underlying hardware.
(2) Related protocols: Multicast Management Protocol (IGMP, CGMP), multicast routing protocol.
IGMP: The Internet is formulated. On the one hand, the host actively joins through the local router; on the other hand, the ICMP protocol router will query periodically. The multicast routing consists of: source address, group address, incoming interface and outgoing interface (the first three are matched).
12.IPv6
(1) Address: 128 bits (IPv4:32 bits); return address (0:0:0:0:0:0:0:0:0:0:0:1);
(2) Datagram format: consists of a basic header (fixed 40B), multiple extension headers and a high-level protocol data unit.
(3) Extended header types: hop-by-hop option header; purpose option header; routing header (force datagrams to pass through specified routes); shard header;
With UDP
(1) TCP: Object-oriented, reliable, full duplex. (Use window mechanism for traffic control; RTT algorithm for data loss and retransmission; connection port is represented in 12-bit binary)
(2) UDP: non-connection-oriented, unreliable, and highly efficient. (The application provides reliability guarantee)
Internal and external network address translation. Category: Static NAT, Dynamic NAT, Network Address Port Translation NAPT (multiple intranet hosts share a global IP address and access external networks at the same time)
1500 bytes; generally the IP header is 20 bytes, the UDP header is 8 bytes, and the payload part of the data is reserved at 1472 bytes; if 1472 bytes exceeds, sharding will occur.
4. Basic Internet services
1. Classification of application process response concurrent requests
(1) Repeat the server: "first in first out" principle;
(2) Concurrent server: create a child process for each request.
2. Basic structure of peer-to-peer computer model (P2P)
(1) Centralized (Napster, servers usually only store directory and index information); (2) Distributed unstructured (no center nodes; random graphs; support complex queries; fuzzy queries; use TTL mechanism to control flooding; Gnutella); (3) Distributed structured (no center nodes; use distributed hash table DHT; support precise keyword matching query; scalable; maintain complexity; pastry; tapestry; chord; CAN); (4) Hybrid structure (index nodes maintain search nodes in searching user nodes; skype; BT; pplive)
3. Domain name resolution method
(1) Classification: recursive analysis (completed in one go), repeated analysis (hierarchical multiple analysis);
(2) Each domain name server can only resolve the IP address of the root server at least and its IP service address of the parent node server. (local domain name server IP address)
(3) Improve the efficiency of domain name resolution: parsing starts with the local domain name server; use cache technology on the domain name server; and use cache technology on the host.
4. Domain name object type
A—host; MX—mail exchange; PTR—pointer; CNAME—alias; SOA—authorization start;
HINFO—Describe host information
5. During remote login, the network virtual terminal uses the NVT format to unify different user local terminals.
Serve
(1) C/S model, using TCP to establish bidirectional connections (one control connection/one data connection);
(2) Establish contact information: active mode (the server actively uses the PORT command to send the port to the server); passive mode (the server passive, sends PASV command to the server)
(3) FTP file format transmission method: text file transfer (ASCII); binary file transfer (BINARY, no changes to the file format are made, and it is transmitted in a continuous bit stream according to the same bit order as the original file);
(4) FTP password description: delete—delete the file command on the remote host; pwd—displays the current working directory of the remote host;
7. Email system
(1) SMTP: delivery between servers; the main purpose is to achieve sending emails.
(2) POP3/IMAP: Read to the mail server (authentication stage, transaction processing, and update stage Quit);
(3) Email message format: RFC822, MIME.
(4) Commands: PASS—user mail password (authentication); STAT—query the total number and length of packets; REST—reset, delete the mark, abort the current operation; NOOP—no operation (transaction processing)
Serve
(1) HTML: page specification, interpretation unit, able to translate pages on requests and returns and display content;
(2) HTTP: The transmission protocol between the client and the server is established on the TCP connection, an object-oriented protocol, and precisely defines the request/corresponding message;
(3) URL: page address, unified resource locator;
(4) Security: SSL protocol (works in the transport layer protocol; is located between the TCP/IP protocol and various application layer protocols) (browser security) (prevent third parties from peeking at content; prevent third parties from tampering); CA certificate (Web server) (prove itself)
(5) Browser composition: control unit (interpretation keyboard/mouse input command), client unit, interpretation unit. The web server not only needs to save a large number of web pages, but also needs to accept and process browser requests to implement HTTP server functions. The web server does not have the function of editing web pages.
9. Security
(1) How to protect your computer: The browser divides the Internet world into several areas;
(2) How to verify the authenticity of the site: use the certificates sent from the Web site;
(3) How to avoid others pretending to be themselves: Users can apply for their own certificates at the CA Security Certification Center and place them in the browser;
(4) How to avoid third-party tampering or peeping when interacting with the Web: Use secure socket layer technology SSL technology;
(5) Ensure transmission confidentiality: Putting the Web site into a trusted site area can ensure the confidentiality of information transmission;
(6) Prevent virus transmission: Use SSL technology.
9. Network Worm
Independent, through vulnerability propagation, early use of email propagation, self-replication and active propagation; *s do not have the ability to replicate.
V. New network applications
1. Instant Communication (IM)
(1) Proposed by the IMPP Working Group; approved by the IETF to become a formal RFC document; it has the RFC2778 file description function; this document is not proposed even if the communication system must use the same standard.
(2) Mode: Client/Server; Client/Client
(1) Two types of chat modes for the client: UDP primary/TCP secondary; server transfer (no direct communication);
(2) Use your own private instant communication protocol;
(3) Each time the client logs in, the client obtains a session key from the server.
3. Instant communication protocol (SIMPLE based on SIP; XMPP based on JABBER)
(1) SIP: Works at the application layer; IEFT proposes; can be transmitted on TCP/UDP; supports multiple information types (files, videos, images); is used to create, modify and release one or more user sessions; classification (user agent, proxy server, redefine server (used to plan SIP path server, can coexist with other servers in one device), register server); SIP message composition (start line, message header, a blank line that marks message header, message body); 6 types of request messages defined by SIP (INVITE: Invite the user/server to participate in a session; ACK; OPTIONS: Obtain server-related capabilities; BYE: Terminate a session; CANCLE: Cancel the call; REGISTER); SIP messages can usually be divided into two categories, request messages from client to server and response messages from server to client.
(2) SIMPLE: Based on SIP, no need to establish a session, and supports multimedia sessions; IEFT's SIMPEL working group is formulated; IM messages are transmitted using message commands as carrier, and each IM is transmitted by a separate message command, independent of each other.
(3) XMPP: Works at the application layer; is based on the JABBER protocol; is formulated by IEFT; consists of 4 RFC documents; continues the E-mail system in design; includes user client, XMPP server, and XMPP protocol network management; XML is its core, and the unified site selection scheme, and the entity address is called JID.
(4) Basic services: presentation services and instant messaging services.
4. Network file sharing
(1) NFS (network file system): It can be used on Linux\Windows; it has nothing to do with the host operating system; it adopts a C/S structure; if you want to remotely calculate a certain file system of B: "mount:B:/usr/lib (remote host directory)/usr/lib (native directory)"
(2) The files or directories shared by the NFS server are recorded in the /etc/exports file.
LAN file sharing
Systems before Windows 2000 use the NetBIOS protocol; later use the CIFS protocol
6.P2P file sharing
(1) P2P: Originated from Napster; BT (central server tracker stores user information; seed file: .torrent, containing information storing user information and shared files); originated from MIT open source system; added to DHT to realize text transmission without tracker servers; based on "Six Degrees Separation Theory", "World's Minimum Theory", and "Wast Leadership Theory".
(2) Maze: supports instant communication; refer to the Kerberos mechanism; online resource search and file directory view; supports multi-point download and breakpoint continuous transmission; resource trading system based on accumulation points; seed mechanism; distributed authentication mechanism (similar to credit card mechanism); similar URLs to indicate file location; hybrid P2P system; including centralized user management server (registration, login), directory collection server, search server, heartbeat server and seed server.
(3) P2P does not support seed mechanism; BT system does not support point accumulation mechanism; P2P can realize direct transmission between users; BT later system can realize file transfer without a Tracker server; P2P and BT are incompatible with each other.
(1) Service types: Near-on-demand (NVOD, multiple video streams send the same content at intervals in sequence), Real-on-demand TV (TVOD), and Interactive on-demand (IVOD);
(2) Media Content Distribution (MCDN) technology composition:
A. Content release: With the help of relevant technology, the content is published or delivered to the remote service point closest to the user;
B. Content routing: network load balancing technology, redirecting the router to request the response of the latest content source;
C. Content exchange: Use application-layer switching technology to intelligently balance load traffic based on content availability, server availability, etc.;
D. Performance management: Ensure the network is in the best state and measure the end-to-end performance of content release.
(Voice transmission technology based on IP network)
(1) Composition: terminal equipment, gateway (number query, communication establishment, signal modulation, compression and decompression, routing addressing), multi-point control unit (multi-terminal), gatekeeper (central control entity, responsible for user registration and management; message control center; determination of gateway address; billing management; retaining call detailed records)
(2) Skype: uses VOIP and P2P technology; hybrid network structure; AES algorithm as key, with a key length of 256bit; encrypted and saved friend list; supports free multi-party communication; uses iLBS and iSAC encoding technology; SNs are dynamically generated in the system; NAT crossing can be performed.
7. Search engine composition
Searcher, searcher, indexer, user interface.
, AOL adopts OSCAR communication protocol.
9. Network Management Model
(Generally, network manager-network management agent model is used. The manager is actually a set of applications running on the computer operating system. The agent is located inside the managed device. One manager can exchange information between multiple agents)
(1) Organizational model describes the components of the network management system;
(2) The information model describes the object naming of the network management system;
(3) The communication model describes the management protocol of the network management system;
6. Network Management and Network Security
1. Network Management
(1) Management objects: physical media, computer equipment and network interconnection equipment (hardware resources); operating systems, application software and communication software (software resources);
(2) Objectives: Users and operators' effectiveness, reliability, openness, comprehensiveness, security and economicality of the network. (3) Model: Centralized management and distributed management (good timeliness)
2. Network management functions
(1) Configuration management: includes two stages: the initial configuration management stage of the initial network operation and the working configuration management stage of the normal network operation; responsible for network construction, business development and configuration maintenance to achieve optimal network performance; including: setting parameters related to routing operations in the system, name management of managed objects, initializing or closing managed objects, collecting relevant information about the current status of the system according to requirements, obtaining important system changes information, changing system configuration, and generating network topology.
(2) Fault management: discover and troubleshooting; maintain and monitor error logs; receive error responses; track and identify errors;
(3) Performance management: computer network performance; collect statistical information; monitor network usage status; maintain network usage status;
(4) Billing management
(5) Security management: management of authorization mechanism, access control, encryption and decryption keywords.
3. Network Management Protocol
(1) CMIS and CMIP: formulated by IOS; all functions used must be mapped to the application layer; adopt a reporting mechanism (delegation management system); implement complex and expensive;
(2) SNMP: Works at the application layer; IETF formulates; follows the ISO management model, which can be applied to TCP/IP environment; the data collection methods include polling (continuously collected, stored in MIB in order, low timeliness) and interrupts based on (high timeliness, requiring forwarding a large amount of information, consume time for management equipment resources, and improve: trap); the first version of SNMP has poor security; the second version provides verification, encryption and time synchronization mechanisms, and improves in terms of security and more effective transmission of management information;
4. Information security level
(1)Development by the United States (DOD5200.28-STD):
Non-security protection category: D (client system); autonomous protection category: C1, C2 (access control, in units of users)
Mandatory security protection category: B1 (marked security protection) B2 (structured security protection) B3 (security domain mechanism protection) A1
(2) China formulates: independent protection level, guidance protection level, supervision protection level, mandatory protection level, specialized protection level, specialized protection level
Security attack types in Security Framework (X.800)
(1) Passive attack: no change of information, eavesdropping detection, content leakage, traffic analysis (focus on prevention);
(2) Active attacks: change information, message tampering, DOS attack, message replay, rejection, disguise (focus on detection);
(3) Service attack: targeting specific service attacks; mail bombs; port attacks; distributed denial of service attacks;
(4) Non-service attacks: vulnerability attacks based on network layer or underlying protocols; source routing attacks, address spoofing, and NetXray attacks.
6. Symmetric password
(1) DES: packet length 64 bits, packet permutation, key length 56 bits; adopted by NIST in the United States;
(2) Triple DES: Multiple keys encrypt the DES three times;
(3) Advanced encryption (AES): packet length 128, packet permutation, key length 128, 192 or 256 bits, and triple DES performance is not low;
(4) Blowfish algorithm: variable length key, packet length 64;
(5) RC5: Both the packet length and the key length change.
7. Asymmetric key (public key password)
(1) RSA algorithm: inventor's name; packet password; encryption strength depends on the key length (probability encryption method); the larger the prime value, the more difficult it is to crack;
(2) ElGamal algorithm: public key cryptography system and elliptic curve encryption system; based on discrete logarithm; often used for digital signatures; ciphertext is twice as good as plaintext.
(3) Backpack encryption algorithm: The backpack is not safe at this time;
8. Key verification
Authentication Center (CA), verifying the identity of the entity; generates a certificate to bind the public key and identity; the certificate is digitally signed by the CA; the public key is issued after authentication without restrictions; custody of the user's public key;
9. Certification technology
(1) Methods of message authentication: authentication source; integrity of authentication information; serial number and time of authentication information.
(2) Authentication mode: one-way and two-way;
(3) Authentication function: information encryption function; information authentication code; hash function (Hush, message digest is generated through hash function. MD5 synchronization processing can obtain 128-bit digest)
(4) Digital signature: Prevent debating
(5) Identity authentication: password authentication, certification authentication and biometric identification; protocols include Kerberos (symmetric key; TCP/IP environment; MIT in the United States), X.509 (public key system; CCITT formulation)
10.Secure Email (Application Layer)
(1) PGP: Digital signature adopts DSS/SHA or RSA/SHA; compression: ZIP; compatibility: 64-BASE
(2) S/MIME: supports data encryption and digital signature;
Network layer security protocol; transforming the interconnect layer into a layer of logical connections; mainly includes the Identity Authentication Header (AH) protocol (providing source identity authentication and data integrity for the sender, without providing secrets) and the Encapsulated Security Load (ESP) protocol (providing source identity authentication and data integrity, providing secrets); the source host shakes hands with the network host and establishes a network logical connection, and this logical channel becomes a security protocol (SA); the logical connection defined by SA is simple, triple.
12. Firewall classification
(1) Packet filtering router: process it according to the IP data packet and decide to forward or discard it;
(2) Application-level gateway: proxy server;
(3) Circuit-level gateway: End-to-end direct TCP connection is not allowed;
(4) Fortress host.
13. The security infrastructure established by public key encryption and digital signature technology is: PKI
14. Key Distribution Center (KDI)
It is an independent trusted server; symmetric key; knows the ciphertext of each user, and can be transmitted with the client through the ciphertext.
15.Safe electronic trading protocol SET
Secure electronic transaction protocol SET is a secure electronic delivery protocol based on credit card in the Internet environment. It provides a set of electronic transaction process specifications. Through the SET protocol, encryption, authentication, key management mechanisms, etc. in e-commerce transactions can be realized, ensuring the security of using credit cards for e-shopping on the Internet. The main purpose is to solve the security and guaranteeing problems of electronic payments on credit cards, which include: ensuring the confidentiality of information, ensuring the secure transmission of information, and not being eavesdropped. Only the recipient can obtain and decrypt the information. (Commonly used in e-commerce applications; prevent transaction data from being tampered with; require support from certification centers; verify the identity of both parties to the transaction)