Download Chapter 4

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
Document related concepts

Plan 9 from Bell Labs wikipedia , lookup

Mobile operating system wikipedia , lookup

DNIX wikipedia , lookup

RSTS/E wikipedia , lookup

Spring (operating system) wikipedia , lookup

Copland (operating system) wikipedia , lookup

VS/9 wikipedia , lookup

Security-focused operating system wikipedia , lookup

Unix security wikipedia , lookup

Distributed operating system wikipedia , lookup

Process management (computing) wikipedia , lookup

Paging wikipedia , lookup

CP/M wikipedia , lookup

Burroughs MCP wikipedia , lookup

Transcript 
Topic 5a
Operating System Fundamentals
What is an operating system?
• a computer is comprised of various types
of software
•
•
•
•
•
•
device drivers (storage, I/O, etc.)
process and control software
memory management
user interface software
utility software
application software
Early computers (1940-1960's) required
all of these types of software to be loaded
every time an application was run
• this was early 'batch' processing
The 'operating system' became the set of
software that
•
•
•
•
initialize the computer
run diagnostic checks
provide for device management
prepare the computer for an application
As operating systems evolved through the 19601980's they gained more functions
•
•
•
•
•
provide graphic user interface
provide set of user utility programs
manage multiple processes and users
provide network functionality
some operating systems are special-purpose
An important base function of the operating
system is to provide an interface between the
application software and the hardware
•
today, this set of low-level OS
functions is called the OS 'kernel‘
• An OS kernel is typically always kept
in memory – for greatest speed
• Many OS’s today are built on top of
the Linux kernel, or some variation
There are many operating systems - not all are current
• the forensics examiner must be on the lookout for
older, obsolete operating systems
• a criminal might try using these hoping to
thwart an investigation
Here is a listing of scores of operating systems with
pointers to more information
http://en.wikipedia.org/wiki/List_of_operating_systems
the most important operating systems for the forensic
examiner today are:
- Microsoft Windows (and DOS)
- Macintosh OSX
- Unix/Linux
- Android
- Apple iOS
many forensics labs will need to have hardware and
software to deal with these
there may be the occasion to locate hardware/software
for an older OS
• example OS9 - unix-like OS for 8-bit Motorola
6809 based micros
As much as 50% of all system vulnerabilities
are in the OS
• system devices such as routers, IDS's and
firewalls also have operating systems
• the most effective mitigation strategy is to
• harden the OS
• ensure that security patches are
installed as soon as they are available
Hardening an operating system
- installation/configuration measures that
can reduce the OS exposure
- closing unneeded ports
- turning off (or not installing) unneeded
services
- removing auto-response banner messages
- note: there are many more hardening
steps – most of these are OS or
application specific
patch management
- applying security patches as soon as they are
available
- servers, network appliances, workstations,
etc.
- having a back-down strategy if needed
- many applications may need to be tested
after a patch is applied
- zero-day vulnerability - one for which a
patch is not available
processes (tasks) and states
- early computers were single-process
systems
- could only run a single program
(task) at a time
- the DOS operating system worked
like this
- switching tasks had to be done
manually
processes (tasks) and states
- later computer operating systems introduced
the concept of multi-processing (multi-tasking)
- a single user could have multiple tasks
running simultaneously
- a given task could have multiple
sub-tasks (threads)
- the OS manages process memory
(memory management) and other resources
and would switch between tasks as needed
- for example, listening to music while
writing a paper while having a chat
window open while having a browser
window open
Process (task) management
requires that the OS properly
handle the memory/resource
management of the various tasks
and threads
- various ways to do this
include system calls, message
passing, stacks/heaps
Processes have various states
- running, waiting, created, terminated,
etc.
- the process management function of the
OS ensures that memory is adjusted,
that resources are available, and that
processes run when appropriate
Process privilege and priority
- some processes require greater privileges
(such as root or administrtator)
- this should be done only when
absolutely needed
- a popular way to attack a system is to
exploit a vulnerability in a process that
has root privs
- using an LPA is one way to restrict
privileges
- sandboxing is another approach
Processes may be prioritized
- real-time processes typically have
greater priority
- note: process management today is
typically called 'task' management
- the early term for computers able to
manage multiple tasks on a single
processor was 'multi-processing‘
- today we call it 'multi-tasking‘
- multi-processing is used to
describe situations where there are
multiple CPUs available
Memory management
- process/task management requires
that the memory associated
with a task be available in the
address space where it is requested
- one can think of this as like a
sliding window
- memory may be swapped to/from
storage
- this is called virtual memory
- gives the illusion of having more
real memory than you actually
have
File systems
- this determines how the bits of files are
mapped onto storage devices.
- examples include FAT, NTFS, EXT3, etc.
- it is extremely relevant to cyber-forensics,
since file system features (like slack space)
can be exploited to hide data
- we will cover file systems in more detail in
subsequent topics
Virtualization
- this refers to running an instance of an operating
system as a process
- possible since, in theory, any UTM (Universal
Turing Machine) can simulate any other UTM
- for example, running Mac OSX in a VM on a
Windows computer, or running Unbuntu Linux
in a VM on a windows computer
Virtualization:
- the actual program run is called a 'virtual
machine'
- it is a simulation of a processor, with
specific resources
- the OS is installed on the virtual
machine
- the program that creates or manages
VMs is called a 'hypervisor'
- virtualization has many uses in
cyber-forensics, we will discuss this
in greater depth later
Fundamental security design principles:
- domain separation
- separating tasks from resources
- the hypervisor or OS would mediate
resource access
- sandboxing is an example of this
Fundamental security design principles:
- process isolation
- preventing processes/tasks from
communicating with each other
or sharing resources such as memory
- resource encapsulation
- methods used to protect a resource
- for example, specific system calls and
specific privilege requirements
Related documents
Chapter 4
Chapter 4
lecture 14: virtualization
lecture 14: virtualization
Virtualization Technologies
Virtualization Technologies
Virtualization Group
Virtualization Group
Storage Management
Storage Management
IES VILLABLANCA TECHNOLOGY DEPARTMENT Name
IES VILLABLANCA TECHNOLOGY DEPARTMENT Name
Virtual Machines
Virtual Machines
Operating Systems CSLO - Barbara Hecker
Operating Systems CSLO - Barbara Hecker
Chapter 14 Virtual Machines Operating Systems:
Chapter 14 Virtual Machines Operating Systems:
Unit OS2: Operating Systems Principles
Unit OS2: Operating Systems Principles
virtual machine
virtual machine
CENG334 Introduction to Operating Systems
CENG334 Introduction to Operating Systems
2. An Operating System, What For?
2. An Operating System, What For?
virtualization
virtualization
Virtualization in HPC
Virtualization in HPC
Virtual Machines
Virtual Machines
Unit I Operating Systems in Distributed Environments
Unit I Operating Systems in Distributed Environments
UNIT – II – Virtualization
UNIT – II – Virtualization
The New Drug Patch Treatment
The New Drug Patch Treatment
Unit I Introduction
Unit I Introduction
Lecture 3.1 - Host
Lecture 3.1 - Host
11-Operating Systems Security
11-Operating Systems Security