CSci 555 / Neuman-Obraczka Fall 2000
Directions for completing exam
 

1. ( 15 points) The Log-Structured File System (LFS) was originally built as an extension to the Sprite file system.
   • (10 points) What feature of Sprite FS makes it a particularly good fit for LFS? Explain.
   • (5 points) If you were to use LFS in a RAID system, what RAID level(s) would you use? Explain.

2. ( 10 points) List advantages and disadvantages of implemententing capabilities a la Mach. Propose an alternative strategy and explain the tradeoffs between the two schemes (ie, Mach's and yours).

3. ( 10 points) First generation extensible kernels like SPIN allow extensions to be loaded into the kernel in response to the needs of applications.
   • What is the problem of using this approach in a general-purpose computing environment like the one on campus?
   • How would you solve this problem?

4. ( 20 points) In a network of sensors, there are two different types of devices: sensing and processing nodes. Sensing nodes are very limited in terms of their processing and communication capabilities. They simply sense the environment (e.g., measure temperature) and transmit the resulting information. Processing nodes collect data emanating from sensors and process it (e.g., generating temperatute maps).
   • ( 5 points) Given the trends in kernel design discussed in class, what type of kernel would you choose? Why?
   • ( 10 points) Would you use the same kernel for all components of the system? Why or why not?
   • ( 5 points) What services will be provided in and outside the kernel? Justify.

5. ( 45 points) You are working for a company that is proposing to develop a new electronic election system to replace the systems currently in use throughout the United States. One goal of this system is to speed up the vote talying phase of an election, providing almost instantaneous results. It also hopes to eliminate, except in very clearly defined cases, the need for a manual recount. Voters must be able to vote from any official poling place in their state of residence. Please note that you are not being asked to allow voting from home - as there are many non-technical issues that make voting from home problematic.

   Among the functions to be provided by this system are the managing of voter lists, determining which ballots each voter is to receive, presenting that ballot to the voter, and recording the votes. The system must maintain voter privacy to the greatest extent possible, but the accurate and auditable tally of votes takes precedence. For example, if a voter shows up but is not listed as a registered voter, the voter must be provided with a means to cast a "provisional" ballot, so that their vote may be counted after the legitimacy of the voter can be ascertained.

   The tallying of the results of the election must be scalable. More importantly, the casting of votes must be scalable and highly available, so that no one is prevented from voting during the period of the election. The system must be resistant to denial of service attacks intended to prevent voters at particular voting places from casting there votes - and even more imporantly - from having their votes not-counted once they have been cast.

   • (10 points) Describe the atomicity requirements for your system. What constitutes a transaction in the system? What is the commit point of each transaction. How would you preserve the permanence of a vote once it has been cast and committed?

   • (10 points) Where will ballots (the forms to be filled in) be stored in your system. Where will details of the voted balots be stored? Explain your reasons for your choice? How does your choice affect the performance, availability, and security of the system?

   • (10 points) List the data to be protected in your system, and the kinds of protection needed for the different kinds of data. List the threats posed to such data and describe countermeasures appropriate for defending against those threats.

   • (10 points) The software you develop will be certified and distributed to equipment at the poling places. How will you design the system as a whole to prevent modifications to the software that might compromise the integrity of the election?

   • (5 points) There is the possibility that the software for accepting ballots may have bugs, or might still have been modified despite your best measures described in parts (a) through (c). What means might you provide in the system for going back and looking at the individual votes cast and performing a "re-count" if such problems are found in the program upon examination after the election. Which of the security service described in class does this ability relate to?