Operating System
VISC lab
Na Young Lee
09-20-02
Agenda
Operating System
 UNIX (standard UNIX)
 Window (2000)
 Manage Window

Operating System (OS)


Computer consists of Hardware and OS
What is OS?
• Manager
• OS manages users, access rights and user
interaction.
• OS manages resources
Files, directories
 Devices
 Processes
 Memory
 I/O

Operating System (OS)

To understand OS ~= what and how
manage
• Process
• Memory
• I/O
• File System
• Security
Operating System (OS)

How manage
• User interaction : command, GUI
• Device controllers : bus
• Interrupts
• Tables : fd
• Signals, messages : system
UNIX - Interfaces
Users
Standard Utility Program
User
mode
Standard library
OS
Hardware
Kernel
mode
UNIX-User interaction

User interaction
• Shell : Command programming
language
providing an interface to the Unix
OS.
Modifiable
• compiler
• Kernel : Core of the OS.
Invoked by system call
UNIX - Kernel
System calls
Terminal handling
Raw tty
Interrupts and traps
Sockets
File
naming
Mappin
g
Cooked
tty
Network protocol
File
system
Virtual
memor
y
Line
disciplin
es
Routing
Buffer
cache
Character devices
Network device
drivers
Disk device driver
Hardware
Signal
handle
Preoces
s
creation
and
termina
tion
UNIX – Device

Device Control
• Abstraction of the physical devices
• Input : keyboard, mouse, CD-ROM
• Output : Screen, printers
• I/O : disk, tape, network

Commands
• Lp, ioctl, sockio, streamio, tar
UNIX – process
Abstraction of running program
 Address space that contains data,
instruction, hardware resources.

• Running, ready, block status
• Interrupt from input (vector) – current
process's info pushed to stack –
hardware access the address to be
assigned for interrupt device – after
process done, one of the processes in
the ready status is scheduled.
UNIX – process

Process table
• Process status, program counter, stack
pointer, PID
• Scheduling parameters : process
priority, CPU running time, -> decide
next process
• Memory info : how to find the process
not in the memory (ready or block)
• Signals : mask signal, effective signal
UNIX – process

Kernel process start a series of
processes
-Daemons (started at system booting)
• ttymon watches various terminals for
login
• ttymon starts new process for user shell
• Command

ps, exit, kill, fork, wait, bg, fg, signal, sigset,
alarm
UNIX – File System

Hierarchical File System
/
System binary
sbin
var
dev
usr
etc
Device file
mail
spool
tmp
tmp
home
kernel
Data of sa
bin
Binary file
sbin
user1
System files
user2
UNIX – File System

Command
• mkdir, link, mount, cd, rmdir, cp, mv, rm
• Create/open, close, read/write, pipe

NFS (Network File System)
UNIX - Security

UNIX is designed for multi-user
system
• UID (user ID) , GID (group ID)
each process, file, and folder
 File and folder permission 9 bit

• SETUID

Set on the program by superuser (root)
• chmod, setuid, setgid

owner, superuser
UNIX - Security

Login is program with SETUID root
• Login asks the username and password
• Hash function h (username)
• Call setuid and setgid system call
• Open keyboard (fd 0), screen (fd 1),
screen error (fd 2), start user shell
(UID), and terminate
• All processes forked by shell inherit the
UID
Windows – OS Structure

Operating System Structure
Win32 program
Win32 subsystem
System Interface
System Service
Obj ProcessMemorySecurity Cache Power Config
Kernel
HAL
Hardware
Windows – OS Structure

Kernel mode
• HAL : present rest OS with abstract
hardware device
(winnt/system32/hal.dll)
ex) map device address to logical
system address (bus)
interrupt service set the
priority on
the device
Windows – OS Structure
• Kernel : present complete hardware
independency
ex) save the CPU register,
flush CPU table
• System service : accept windows
system calls
Windows – OS Structure

User mode : provide each user
process with system call interface
• Environment Subsystems ~= win32 API
(application programming interface)
• System Interface : DLL (dynamic link
libraries)
• Service processes
Window - Manage




Interrupt
Direct
memory
access
I/O
Memory
Window - Registry

Registry
• Don’t change if
you have a plan
to use machine
again.
• Directory (key)
• Entry : name, type,
value
Window - Registry
• All the win32 application include
win32API functions
( RegCreateKeyEx, _Delete_, _Open_,
etc)
• All the registry file is in the
winnt/system32/confg
• Some file can not open, but if you
succeed opening file (?), you can see
the file start “regf…”
Windows

Booting
• Boot sector : first sector of the partition
having the bootable OS and has ntldr
• ntldr look up boot.ini file to get the info
on configuration
• ntoskrnl.exe, and bootvid.dll are loaded.
• Finally ntldr load all the drives needed
to finish booting ( like mouse, keyboard)
and load smass.exe
• winlogin.exe,
Windows - Security
Winlogin.exe create lass.exe
(authentication manager) and
services.exe (look in registry and
start services)
 Services : Printer server, File server,
Telnet Daemon, DNS
resolver,
Event logger, Plug-and-play
manager

Windows - Security
User SID (security ID)
 Process has access token

Header
Expiration
time
Groups
Default
CACL
User
SID
Group
SID
Restricted
SID
Privilege
Windows - Security

Security descriptor
Owner’s SID
Group SID
DACL
SACL

Implementation
Deny access List
System Access
Control List
• Winlogon.exe give initial process access token

lass.exe decides success of login and lookup registry to get
correct user profile and start services.exe with access
token
• Subsequent processes inherit parent’s access token.
• Thread usually inherit the process’s access token.
Manage Windows

Why have to protect windows?
• Bugs : Every software contains bugs
• Intruders : Crackers find a vulnerability
in the OS and exploit it to break into
and control
• Virus Infections : antivirus software
• Violation of your privacy : spyware
(software to collect data about you and
secretly send it home)
Manage Windows

How to protect windows
• Service pack
• Windows update
• Installing Hotfixes
• Microsoft Baseline Security Analyzer
• Virus protection
• Firewall protection
• Malicious Script Protection
Manage Windows

Service packs
• contain hundreds of bug and security
fixes and enable you to apply these
fixes in one fell swoop
• Check the service pack version and
download the newest version

Windows Update
• Updates are being released constantly
• http://windowsupdate.microsoft.com/
Manage Windows

Installing hotfixs
• additional patches
• subscribe to Microsoft's Security Bulletin http://www.microsoft.com/technet/security/bu
lletin/notify.asp - or the CERT Advisory Mailing
List http://www.cert.org/contact_cert/certmaillist.h
tml. You will receive regular e-mail
notifications about vulnerabilities and fixes you
might need to apply to your system.
Manage Windows

Microsoft Baseline
Security Analyzer
• MBSA allows you to
check your Windows
NT4, 2000, or XP
installation for a
number of security
issues, i.e. Windows
vulnerabilities, weak
passwords, IIS
vulnerabilities, SQL
vulnerabilities, and
missing hotfixes
Manage Windows

Virus protection
• Anti-virus program : known virus , update
virus definition
• Common sense
unknown virus
 DON'T OPEN ATTACHMENTS FROM UNKNOWN
SOURCES!
 DELETE IT!
 e-mail with an attachment from a person you
know but didn't expect it - DO NOT OPEN IT DELETE IT!

Manage Windows

Firewall Protection
• Internet connetion : exposed to world
• DSL or cable modem with static IP
• Find out how vulnerable your machine is
• http://grc.com/default.htm
click on Shield's UP!.
• Do Test My Shields! and Probe My Ports!.
Check for obvious vulnerabilities of your PC.
Chances are you have a number of open and/or
visible ports that can make your machine a
target for crackers
Manage Windows
• Firewall protects machine by closing these
security holes.
• Firewall software monitors your Internet
connection and filters all traffic to keep
undesired traffic out and only allow legitimate
traffic through.
• recommend is ZoneLab's Zone Alarm
• http://www.zonelabs.com.
• After installing Zone Alarm, and perform
another Shields UP! test and Port Probe.
Manage Windows

Spyware Protection
• What is Spyware




come in form of software installed on your machine
with or without your knowledge
tracks and collects data about you and your computer
and sends it back to a central database for
processing and analyzing
Lavasoft's Ad-aware http://www.lavasoftusa.com/.
After installing this software you can scan your entire
system including hard drives and registry for any
traces of spyware.
Manage Windows

Lavasoft's Ad-aware
Manage Windows

Malicious Script Protection
• A lot of e-mail viruses are scripts.
• In order to function, they need to be executed.
• Prevent you from accidentally launching a
malicious script that was not caught by your
antivirus software by installing script
monitoring software
• AnalogX's Script Defender
http://www.analogx.com/contents/download/s
ystem/sdefend.htm
Manage Windows

Malicious Script Protection
Manage Windows

Email
• If possible, set the format as plain /text :HTML mail is a
potential risk and allows for snooping and malicious code
infection
• Disable to running ActiveX , script
• ActiveX applets (or "controls" as they are called) are
downloadable programs that are run by your system.
Unlike the normal EXE files, ActiveX can be run
transparently in your Internet Explorer to perform any
action such as erasing files or stealing your passwords.
• Do not open EXE, BAT, VBS, and SCR type attachments
ever
• Consider using a plain text (non-HTML) e-mail reader
such as Eudora or The Bat!
• DOC file can be opened up in like WordPad to view the
text contents without the risk of a macro virus infection.
Manage Windows
Perform frequent data backups.
 Disable file sharing.
 Create an emergency boot disk.

Manage Windows -VISC

Secure Shell
Manage Windows - VISC
Reference
Modern operating systems – Andrew
S. Tanenbaum
 A practical Guide to Solaris –Mark G.
Sobell
 Lecture 2 – Dr. Spring
