Stopped When a process finishes or must be terminated because an error occurs, a required resource is not available, or a resource request can’t be met, it goes into a stopped state. At this point, the operating system can recover all memory and other resources allocated to the process and reuse them for other processes as needed. Figure 11.2 shows a diagram of how these various states relate to one another. New pro- cesses always transition into the ready state. From there, ready processes always transition into the running state. While running, a process can transition into the stopped state if it completes or is terminated, return to the ready state for another time slice, or transition to the waiting state until its pending resource request is met. When the operating system decides which process to run next, it checks the waiting queue and the ready queue and takes the highest-priority job that’s ready to run so that only waiting jobs whose pending requests have been serviced, or are ready to service, are eligible in this consideration. A special part of the kernel, called the pro- gram executive or the process scheduler, is always around waiting in memory so that when a process state transition must occur, it can step in and handle the mechanics involved. F I G U R E 1 1 . 2 The process scheduler In Figure 11.2, the process scheduler manages the processes awaiting execution in the ready and waiting states and decides what happens to running processes when they transition into another state ready, waiting, or stopped. SECURITY MODES The U.S. government has designated four approved security modes for systems that process clas- sified information. These are described in the following sections. In Chapter 5, “Security Man- agement Concepts and Principles,” we reviewed the classification system used by the federal government and the concepts of security clearances and access approval. The only new term in this context is need-to-know, which refers to an access authorization scheme in which a subject’s right to access an object takes into consideration not just a privilege level, but also the relevance of the data involved to the role the subject plays or the job they perform. Need-to-know indicates that the subject requires access to the object to perform their job properly, or to fill some specific role. Those with no need-to-know may not access the object, no matter what level of privilege they hold. If you need a refresher on those concepts, please review them before proceeding. Process needs another time slice New processes Ready If CPU is available Stopped When process finishes, or terminates Unblocked Running Block for IO, resources Waiting