1 / 44

Operating System

Operating System. VISC lab Na Young Lee 09-20-02. Agenda. Operating System UNIX (standard UNIX) Window (2000) Manage Window. Operating System (OS). Computer consists of Hardware and OS What is OS? Manager OS manages users, access rights and user interaction.

durin
Download Presentation

Operating System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Operating System VISC lab Na Young Lee 09-20-02

  2. Agenda • Operating System • UNIX (standard UNIX) • Window (2000) • Manage Window

  3. Operating System (OS) • Computer consists of Hardware and OS • What is OS? • Manager • OS manages users, access rights and user interaction. • OS manages resources • Files, directories • Devices • Processes • Memory • I/O

  4. Operating System (OS) • To understand OS ~= what and how manage • Process • Memory • I/O • File System • Security

  5. Operating System (OS) • How manage • User interaction : command, GUI • Device controllers : bus • Interrupts • Tables : fd • Signals, messages : system

  6. UNIX - Interfaces Users User mode Standard Utility Program Standard library OS Kernel mode Hardware

  7. UNIX-User interaction • User interaction • Shell : Command programming language providing an interface to the Unix OS. Modifiable • compiler • Kernel : Core of the OS. Invoked by system call

  8. UNIX - Kernel

  9. UNIX – Device • Device Control • Abstraction of the physical devices • Input : keyboard, mouse, CD-ROM • Output : Screen, printers • I/O : disk, tape, network • Commands • Lp, ioctl, sockio, streamio, tar

  10. UNIX – process • Abstraction of running program • Address space that contains data, instruction, hardware resources. • Running, ready, block status • Interrupt from input (vector) – current process's info pushed to stack – hardware access the address to be assigned for interrupt device – after process done, one of the processes in the ready status is scheduled.

  11. UNIX – process • Process table • Process status, program counter, stack pointer, PID • Scheduling parameters : process priority, CPU running time, -> decide next process • Memory info : how to find the process not in the memory (ready or block) • Signals : mask signal, effective signal

  12. UNIX – process • Kernel process start a series of processes -Daemons (started at system booting) • ttymon watches various terminals for login • ttymon starts new process for user shell • Command • ps, exit, kill, fork, wait, bg, fg, signal, sigset, alarm

  13. UNIX – File System • Hierarchical File System / System binary sbin var dev usr etc tmp home kernel Device file Data of sa mail spool tmp bin sbin user1 user2 Binary file System files

  14. UNIX – File System • Command • mkdir, link, mount, cd, rmdir, cp, mv, rm • Create/open, close, read/write, pipe • NFS (Network File System)

  15. UNIX - Security • UNIX is designed for multi-user system • UID (user ID) , GID (group ID) • each process, file, and folder • File and folder permission 9 bit • SETUID • Set on the program by superuser (root) • chmod, setuid, setgid • owner, superuser

  16. UNIX - Security • Login is program with SETUID root • Login asks the username and password • Hash function h (username) • Call setuid and setgid system call • Open keyboard (fd 0), screen (fd 1), screen error (fd 2), start user shell (UID), and terminate • All processes forked by shell inherit the UID

  17. Windows – OS Structure • Operating System Structure Win32 program Win32 subsystem System Interface System Service Obj Process Memory Security Cache Power Config Kernel HAL Hardware

  18. Windows – OS Structure • Kernel mode • HAL : present rest OS with abstract hardware device (winnt/system32/hal.dll) ex) map device address to logical system address (bus) interrupt service set the priority on the device

  19. Windows – OS Structure • Kernel : present complete hardware independency ex) save the CPU register, flush CPU table • System service : accept windows system calls

  20. Windows – OS Structure • User mode : provide each user process with system call interface • Environment Subsystems ~= win32 API (application programming interface) • System Interface : DLL (dynamic link libraries) • Service processes

  21. Window - Manage • Interrupt • Direct memory access • I/O • Memory

  22. Registry Don’t change if you have a plan to use machine again. Directory (key) Entry : name, type, value Window - Registry

  23. Window - Registry • All the win32 application include win32API functions ( RegCreateKeyEx, _Delete_, _Open_, etc) • All the registry file is in the winnt/system32/confg • Some file can not open, but if you succeed opening file (?), you can see the file start “regf…”

  24. Windows • Booting • Boot sector : first sector of the partition having the bootable OS and has ntldr • ntldr look up boot.ini file to get the info on configuration • ntoskrnl.exe, and bootvid.dll are loaded. • Finally ntldr load all the drives needed to finish booting ( like mouse, keyboard) and load smass.exe • winlogin.exe,

  25. Windows - Security • Winlogin.exe create lass.exe (authentication manager) and services.exe (look in registry and start services) • Services : Printer server, File server, Telnet Daemon, DNS resolver, Event logger, Plug-and-play manager

  26. Windows - Security • User SID (security ID) • Process has access token Expiration time Groups Default CACL User SID Group SID Restricted SID Header Privilege

  27. Windows - Security • Security descriptor • Implementation • Winlogon.exe give initial process access token • lass.exe decides success of login and lookup registry to get correct user profile and start services.exe with access token • Subsequent processes inherit parent’s access token. • Thread usually inherit the process’s access token. Owner’s SID GroupSID DACL Deny access List SACL System Access Control List

  28. Manage Windows • Why have to protect windows? • Bugs : Every software contains bugs • Intruders : Crackers find a vulnerability in the OS and exploit it to break into and control • Virus Infections : antivirus software • Violation of your privacy : spyware (software to collect data about you and secretly send it home)

  29. Manage Windows • How to protect windows • Service pack • Windows update • Installing Hotfixes • Microsoft Baseline Security Analyzer • Virus protection • Firewall protection • Malicious Script Protection

  30. Manage Windows • Service packs • contain hundreds of bug and security fixes and enable you to apply these fixes in one fell swoop • Check the service pack version and download the newest version • Windows Update • Updates are being released constantly • http://windowsupdate.microsoft.com/

  31. Manage Windows • Installing hotfixs • additional patches • subscribe to Microsoft's Security Bulletin - http://www.microsoft.com/technet/security/bulletin/notify.asp - or the CERT Advisory Mailing List - http://www.cert.org/contact_cert/certmaillist.html. You will receive regular e-mail notifications about vulnerabilities and fixes you might need to apply to your system.

  32. Manage Windows • Microsoft Baseline Security Analyzer • MBSA allows you to check your Windows NT4, 2000, or XP installation for a number of security issues, i.e. Windows vulnerabilities, weak passwords, IIS vulnerabilities, SQL vulnerabilities, and missing hotfixes

  33. Manage Windows • Virus protection • Anti-virus program : known virus , update virus definition • Common sense • unknown virus • DON'T OPEN ATTACHMENTS FROM UNKNOWN SOURCES! • DELETE IT! • e-mail with an attachment from a person you know but didn't expect it - DO NOT OPEN IT - DELETE IT!

  34. Manage Windows • Firewall Protection • Internet connetion : exposed to world • DSL or cable modem with static IP • Find out how vulnerable your machine is • http://grc.com/default.htm click on Shield's UP!. • Do Test My Shields! and Probe My Ports!. Check for obvious vulnerabilities of your PC. Chances are you have a number of open and/or visible ports that can make your machine a target for crackers

  35. Manage Windows • Firewall protects machine by closing these security holes. • Firewall software monitors your Internet connection and filters all traffic to keep undesired traffic out and only allow legitimate traffic through. • recommend is ZoneLab's Zone Alarm • http://www.zonelabs.com. • After installing Zone Alarm, and perform another Shields UP! test and Port Probe.

  36. Manage Windows • Spyware Protection • What is Spyware • come in form of software installed on your machine with or without your knowledge • tracks and collects data about you and your computer and sends it back to a central database for processing and analyzing • Lavasoft's Ad-aware http://www.lavasoftusa.com/. • After installing this software you can scan your entire system including hard drives and registry for any traces of spyware.

  37. Manage Windows • Lavasoft's Ad-aware

  38. Manage Windows • Malicious Script Protection • A lot of e-mail viruses are scripts. • In order to function, they need to be executed. • Prevent you from accidentally launching a malicious script that was not caught by your antivirus software by installing script monitoring software • AnalogX's Script Defender http://www.analogx.com/contents/download/system/sdefend.htm

  39. Manage Windows • Malicious Script Protection

  40. Manage Windows • Email • If possible, set the format as plain /text :HTML mail is a potential risk and allows for snooping and malicious code infection • Disable to running ActiveX , script • ActiveX applets (or "controls" as they are called) are downloadable programs that are run by your system. Unlike the normal EXE files, ActiveX can be run transparently in your Internet Explorer to perform any action such as erasing files or stealing your passwords. • Do not open EXE, BAT, VBS, and SCR type attachments ever • Consider using a plain text (non-HTML) e-mail reader such as Eudora or The Bat! • DOC file can be opened up in like WordPad to view the text contents without the risk of a macro virus infection.

  41. Manage Windows • Perform frequent data backups. • Disable file sharing. • Create an emergency boot disk.

  42. Manage Windows -VISC • Secure Shell

  43. Manage Windows - VISC

  44. Reference • Modern operating systems – Andrew S. Tanenbaum • A practical Guide to Solaris –Mark G. Sobell • Lecture 2 – Dr. Spring

More Related