As a basis, please recall we studied generations of computers from a hardware perspective but I stated that there were equivalent advances in Operating Systems and Programming Languages that coincided with the advances in hardware. A nice quick summary of OS generations may be found here. Now most recently we have seen the emergence and quick evolution of mobile devices and their OS.
OS knowledge may be the most important knowledge you can possess since this is required for Security and you continually hear me state we think about security first. To further illustrate the importance of OS functionality knowledge let me ask, can you have more arithmetic precision with an 8 bit or 16 bit machine?
Now recall the basic model of computation is input => processing => output. It is the OS that controls or manages this computation as it provides an abstract interface to the raw hardware so never stop researching and learning about the OS.
Abstraction – referencing something as a general quality or rather than its characteristic, concrete realities, specific objects, or actual instances. In computing, establishes an acceptable interface allowing a person to interact with the system without fully knowing or understanding the complex details of the function (e.g. access an entire mp3 file rather than the various clusters where it is stored on the HD).
As previously stated, please reread the Linux Lab & readings we have performed to date as Linux provides us with the opportunity to apply our OS concepts. Lastly note the lecture recordings are located below but you need to read the remainder of this page’s content.
Lecture Capture Part 1
Lecture Capture Part 2
For the MS Windows Utilities Lecture Capture please see below.
For the File Format Forensics Lecture Capture please see the submenu.
System Software Classification
System Software can be further distinguished as the (1) Operating System and (2) System Utilities. Performance and functionality are the keys to the entire system but note there is no precise correct way to do things, just proven methods. With this basis, the OS can be distinguished or discussed according to its design goals and necessary functionality.
It is very important that everyone understands the Boot Sequence. To this extent please understand the POST, BIOS, EPROM, and Boot Loaders.
It is also worth exploring the Extensible Firmware Interface as this is the new standard: http://en.wikipedia.org/wiki/Extensible_Firmware_Interface
Now having read this, I urge you to explore the settings in your BIOS or UEFI. Now, what is the difference between a hard reboot and soft reboot? Also, why is a Boot Sector Virus so nasty?
OS Design Goals
OS design goals are a blend of convenience and efficiency noting that convenience and efficiency are a trade off and often negatively impact each other. As an example consider the Windows OS and its GUI which is designed for convenience and ease of use. In this regard Windows can never be as efficient as a Linux server that is optimized for efficiency and may not even have GUI (recall the GUI must be in memory so it consumes a critical resource – e.g. memory).
Ok, recall that the computer is a stored program device and without software the computer does nothing as software allows the computer to input, process and output information. To illustrate this recall the Boot Sequence where the first thing to be loaded and executed is the BIOS (please review the Boot Sequence as necessary and you should know the acronym BIOS).
OS is the Resource Manager (provides resource protection)
First and foremost, the OS is the resource manager (both logical and physical resources). In this capacity the OS provides system security and protection. To accomplish this the OS runs in kernel or SU mode whereas applications run in user mode. This is clearly evident when we use the “sudo” command in Ubuntu. Note security problems are exacerbated by networked/distributed systems.
OS provides transformation/abstraction
The computer (or machine) architecture provides the basic machine instruction set (e.g. store, move, retrieve, arithmetic, logic, etc.).
Recall the the Fetch Execute Cycle simulation I presented. The machine architecture is awkward to work with and varies from system to system (e.g. complex instruction set, memory organization, Input / Output, bus structure, etc.).
Operating Systems are critical system software in a computer system as they perform the intermediary or interface abstraction (i.e. transformation) between the complex hardware and agents (e.g. users/user agents and applications/processes).
Transformation performs abstraction by creating a logical resource from a physical resource. Put another way, the OS hides the complexity of the hardware by providing agents with a generic or uniform logical interface. This is the convenience introduced above as agents do not want to access the computer hardware and resources using the machine’s instruction set but instead want an standard consistent interface. To illustrate this you can walk up to a Windows 7 machine if you are familiar with the interface and operate it independent of the particular machine (e.g. Dell, HP, etc.). Note this transformation is also necessary for the OS to provide a consistent base for applications. To illustrate this from a mobile perspective, app developers would not want develop separate versions of ios Apps for the iPhone 4, 5, …. nor would Android app developers want to develop separate versions for Samsung, HTC, etc.
OS performs Multiplexing
Multiplexing extends transformation as it facilitates the creation of multiple logical resources from a single physical resource. Put another way the OS facilitates physical resource sharing by allocating and managing logical resources determining what agents (users and processes) have access and authorization to use which resources.
The OS performs space multiplexing by dividing up and allocating memory to processes and storage to users and files. The OS performs time multiplexing by giving processes CPU time slices. Also think about your single WiFi or Ethernet connection (e.g. physical NIC) that supports multiple (multiplexed) logical connections as you can have multiple Web browsers open, your SSH connection to the HVCC AcadNX server, an email client etc. open at the same time all multiplexed into/through a single physical network connection. Note multiplexing is a core concept in networking so we will see it again in networking
If the system has a single CPU (single core) space multiplexing and time multiplexing facilitates multi-tasking where several processes can be in memory and the OS gives the user the appearance that several programs are running concurrently. Note that multi-processing takes this one step further but requires multiple CPUs or CPU cores so that processes can be run concurrently.
OS System Components => File Manager + Memory Manager + Scheduler + Device Manager + Utilities
File System (File Manager)
The file manager implements the storage abstraction by mapping a filename to collection of physical blocks and storage devices it uses device drivers to read and write blocks to particular devices. The file manager provides provides a spectrum of commands for file and directory management and most importantly it provides protection which is absolutely necessary in a multi-user environment.
File system multiplexing and transformation provides the abstraction that links blocks of the storage system together into logical files users and programmers can access. Now as IT professionals we need to recall all transfers are performed in blocks (sectors) and that data must be in memory to be operated on. As an example, if data in storage needs to be modified it needs to be read into memory, processed and written back to storage. Looking at this more discretely, when data is written to the storage device, the application’s data structure it is flattened into a byte stream by OS and this stream is stored as a set of blocks (sectors). When data is read from a device it is read block by block and converted into a stream of bytes and converted back into an application level or OS executable data structure.
As a basis, a file is named collection of data stored on a device both the OS and applications rely on the presence of structure in the data. The file system is probably the most visible OS component to users as it is the structured mechanism by which users save information from 1 session to another. Now of course Apple ios has changed the model since users cannot directly access the file system. This left me uncomfortable at first since I have always had access to the file system but I quickly saw the inherent security improvement as requiring all access to the file system to go through a managed iTunes interface can improve security (i.e. Apple approves ios Apps). Again, recall my statement that security is 75% policy.
To illustrate the import of files, consider the vast majority of programs read information from a file, process the information, and write back to a file. As an example a compiler reads a source program file, translates the program into machine code (i.e. into the OS’s executable file structure) and writes a relocatable file and a report. This model is so prevalent it is built into the UNIX/Linux process model. In Linux, at process creation time, a Linux process automatically has access to 3 files: stdin (the default references communication device), stdout (the default references communication device) and stderr (again the default references communication device).
A directory is a user determined set of logically associated files and other directories of files. Directories are mechanism by which humans organize sets of files as it segments the namespace (i.e. it is no longer flat or single namespace).
A RAM Disk can dramatically improve the performance of your Windows system by running applications as if they were stored in RAM (virtual hard drive). In a nutshell here is a way to get SSD HD performance even if you don’t have a SSD HD.
Question: Now, what is Apple’s ios doing with respect to file management? Can you access the file system directly? What impact does this have?
Recall a program is a static entity as we install a program on storage. When the program is invoked or loaded into memory it becomes a process and the OS allocates memory to the process. This process’s memory will be further distinguished as a Code Segment, Data Segment, and Stack Segment. The OS must ensure that a process’s memory is protected from other processes.
Virtual Memory creates a larger memory space by utilizing secondary storage and the OS transfers data between main memory and secondary virtual memory as required.
You can also use a USB drive for virtual memory which is much faster than mechanical/magnetic HDs. Instructions can be found here: http://www.orclage.com/how-to-use-usb-flash-drive-as-ram-in-windows-8-7-and-xp-pendrive/
Scheduler (plus some terms)
Scheduler allocates the CPU to processes/threads. (A thread is a light-weight process)
Multiprogramming – A computer with more than one program in memory at a time sharing a single CPU.
Multitasking – an extension of multi programming but adds the concurrent or interleaved execution of two or more jobs by a single CPU. Note this can be preemptive or non-preemptive (requires cooperation).
Multiprocessing – extends multitasking and uses more than one CPU at a time.
Responsible for connecting and managing (allocate, monitor, deallocate) all connected devices (e.g. printers, ports, disk drives, etc.). Some important concepts follow:
Programmed I/O (PIO) requires CPU involvement
Direct Memory Access (DMA) does not require the CPU as the device performs the transfer to and from memory.
Buffering overlaps a single process’s computation w its own I/O
Spooling overlaps I/O across process execution by placing items in a buffer so they can be retrieved by the appropriate device when needed
Note this area can be fuzzy but generally includes compilers, editors and shell utilities (e.g. compression and disk utilities).
MS Windows 7 File Utilities, DOS & msconfig Presentation
Distributed Computing is a software system in which components located on networked computers communicate and coordinate their actions by passing messages (BTW – How is all computation performed in object-oriented systems… by passing messages). Examples of distributed systems include Service Oriented Architectures (SOA), massively multiplayer online games and peer-to-peer applications (e.g. Napster, Torrents, Windows Homegroup, etc.) (adapted from Wikipedia).