CSci 555 / Neuman-Kim Fall 2001
Directions for completing exam
 

1. (15 points) RAID - Five different levels of RAID were discussed during the classes:
   • RAID level 1: does mirroring
   • RAID level 2: striped data disks + ECC disks
   • RAID level 3: striped data disks + parity disk
   • RAID level 4: striped data disks + parity disk, but the minimum unit on each disk is a block
   • RAID level 5: No dedicated parity disk is present, parity blocks are distributed over all disks

   In addition, RAID level 0 is defined as the following: Data is striped over an array of disks without any redundancy. In other words, it is similar to the level 5, but RAID level 0 does not include the parity information.

   Consider RAID levels from 0 to 5 for the following questions.

   Which level of RAID would you use for the following applications or environments?

   • Banking (financial) application
   • Web server for USC
   • Video editing application

   Justify your answer.

2. (10 points) Leases
   • How do leases improve performance?
   • How do leases improve reliability?

3. (20 points) Coherence in heterogeneous computing environment

   List, discuss, and provide examples for different levels of coherence to support heterogeneity.

4. (25 Points) File Systems How do concurrent updates affect the cache consistency for the following file systems? Explain your answer.
   • NFS
   • Sprite
   • AFS
   • Coda
   • Leases
5. (30 points) Security

   There have recently been calls for the creation of a national identity card in the United States. These calls have been met with equal objections by individuals concerned about the privacy issues that such a card might raise. A national identity card could provide a stronger means of proving ones identity than the current system of drivers' licenses issued by 50+ states, but many of the same problems managing the issuance of drivers' licences could make a national identity card no more secure than our current system of identification.

   From the privacy perspective, the creation of a single national identifier would provide yet another identifier to be abused, as has happened with the social security number. More alarming would be the creation of an "on-line" infrastructure to validate the card, creating a way to track activities of an individual in real-time.

   As a technical consultant to a congressional staffer, you have been asked to examine the issues, both pro and con, and propose some guidelines and suggest implementation strategies for the creation and use of such a card that might avoid some of the negative consequences of the use of a card while maximizing the benefit.

   For each question below be sure to explain the reason for any design choices you make.

   1. (10 points) What data will be stored on the card, and what data will reside in either a central or distributed repository? Where would you place the servers and the databases needed for these functions to increase availability. What techniques would you use to increase scalability? What are the particular design issues you need to consider when using each of these techniques?
   2. (10 points) How do you propose data to be read from the card? Would there be a magnetic stripe, bar code, electronic chip, or some combination? What technical means will prevent forgery of this data? Is it necessary to prevent copying of this data, or copying of the card?
   3. (5 points) How will the card's owner be authenticated as the individual identified by the card? Possession of the card is an obvious element, but what prevents someone from using a stolen card? Will this authentication step require only data on the card itself, or will it require interaction with a central/distributed authority? What are the privacy, operational, and reliability implications of your choice?
   4. (5 points) How will stolen cards be disabled or revoked, or alternatively, explain why they won't need to be? In answering this question consider the difference between authentication and authorization? Consider also the case of revocation because a card is stolen vs. revocation because a card should never have been issued in the first place.