Operating System VISC lab Na Young Lee 09-20-02. Agenda Operating System UNIX (standard UNIX) Window (2000) Manage Window

Operating SystemOperating System

VISC labVISC lab

Na Young LeeNa Young Lee

09-20-0209-20-02

AgendaAgenda

Operating System Operating System UNIX (standard UNIX)UNIX (standard UNIX) Window (2000)Window (2000) Manage WindowManage Window

Operating System (OS)Operating System (OS)

Computer consists of Hardware and OSComputer consists of Hardware and OS What is OS?What is OS?

• ManagerManager• OS manages users, access rights and user OS manages users, access rights and user interaction.interaction.• OS manages resources OS manages resources

Files, directoriesFiles, directories DevicesDevices Processes Processes Memory Memory I/OI/O


To understand OS ~= wTo understand OS ~= whathat and how and how managemanage• ProcessProcess• Memory Memory • I/OI/O• File SystemFile System• SecuritySecurity


How manageHow manage• User interaction : command, GUIUser interaction : command, GUI• Device controllers : busDevice controllers : bus• Interrupts Interrupts • Tables : fdTables : fd• Signals, messages : systemSignals, messages : system

UNIX - InterfacesUNIX - Interfaces

Users

Standard Utility Program

Standard library

OS

Hardware

User mode

Kernel mode

UNIX-User interactionUNIX-User interaction

User interactionUser interaction• Shell : Command programming Shell : Command programming

language language providing an interface to the providing an interface to the

Unix OS.Unix OS.ModifiableModifiable

• compilercompiler• Kernel : Core of the OS.Kernel : Core of the OS.

Invoked by system callInvoked by system call

UNIX - KernelUNIX - Kernel

System callsSystem calls Interrupts and trapsInterrupts and traps

Terminal handlingTerminal handling SocketsSockets File File namingnaming

MappinMappingg

Signal Signal handlehandle

PreocesPreocess s

creation creation and and

terminaterminationtion

Raw ttyRaw tty Cooked Cooked ttytty

Network protocolNetwork protocol File File systemsystem

Virtual Virtual memormemor

yy

Line Line disciplindisciplin

eses

RoutingRouting Buffer Buffer cachecache

Character devicesCharacter devices Network device Network device driversdrivers

Disk device driverDisk device driver

HardwareHardware

UNIX – DeviceUNIX – Device

Device ControlDevice Control• Abstraction of the physical devicesAbstraction of the physical devices• Input : keyboard, mouse, CD-ROMInput : keyboard, mouse, CD-ROM• Output : Screen, printersOutput : Screen, printers• I/O : disk, tape, networkI/O : disk, tape, network

CommandsCommands• Lp, ioctl, sockio, streamio, tarLp, ioctl, sockio, streamio, tar

UNIX – processUNIX – process

Abstraction of running programAbstraction of running program Address space that contains data, Address space that contains data,

instruction, hardware resources.instruction, hardware resources.• Running, ready, block statusRunning, ready, block status• Interrupt from input (vector) – current Interrupt from input (vector) – current

process's info pushed to stack – process's info pushed to stack – hardware access the address to be hardware access the address to be assigned for interrupt device – after assigned for interrupt device – after process done, one of the processes in process done, one of the processes in the ready status is scheduled.the ready status is scheduled.


Process tableProcess table• Process status, program counter, stack Process status, program counter, stack

pointer, PIDpointer, PID• Scheduling parameters : process Scheduling parameters : process

priority, CPU running time, -> decide priority, CPU running time, -> decide next processnext process

• Memory info : how to find the process Memory info : how to find the process not in the memory (ready or block)not in the memory (ready or block)

• Signals : mask signal, effective signalSignals : mask signal, effective signal


Kernel process start a series of Kernel process start a series of processes processes

-Daemons (started at system -Daemons (started at system booting)booting)

• ttymon watches various terminals for ttymon watches various terminals for loginlogin

• ttymon starts new process for user shellttymon starts new process for user shell• CommandCommand

ps, exit, kill, fork, wait, bg, fg, signal, sigset, ps, exit, kill, fork, wait, bg, fg, signal, sigset, alarmalarm

UNIX – File SystemUNIX – File System

Hierarchical File SystemHierarchical File System

sbin homevar usr tmp

mail

etc kernel

spool

dev

/

tmp user2user1sbinbin

System binary

Device file Data of sa

Binary file System files

UNIX – File SystemUNIX – File System

CommandCommand• mkdir, link, mount, cd, rmdir, cp, mv, rmmkdir, link, mount, cd, rmdir, cp, mv, rm• Create/open, close, read/write, pipeCreate/open, close, read/write, pipe

NFS (Network File System)NFS (Network File System)

UNIXUNIX - Security - Security

UNIX UNIX is designed for multi-user is designed for multi-user systemsystem• UID (user ID) , GID (group ID)UID (user ID) , GID (group ID)

each process, file, and foldereach process, file, and folder File and folder permission 9 bitFile and folder permission 9 bit

• SETUIDSETUID Set on the program by superuser (root)Set on the program by superuser (root)

• chmod, setuid, setgidchmod, setuid, setgid owner, superuserowner, superuser

UNIX - SecurityUNIX - Security

Login is program with SETUID rootLogin is program with SETUID root• Login asks the username and passwordLogin asks the username and password• Hash function h (username) Hash function h (username) • Call setuid and setgid system callCall setuid and setgid system call• Open keyboard (fd 0), screen (fd 1), Open keyboard (fd 0), screen (fd 1),

screen error (fd 2), start user shell (UID), screen error (fd 2), start user shell (UID), and terminateand terminate

• All processes forked by shell inherit the All processes forked by shell inherit the UIDUID

Windows – OS StructureWindows – OS Structure

Operating System StructureOperating System Structure

Hardware

Kernel

Obj ConfigProcessMemorySecurityCache Power

System Service

System Interface

Win32 program Win32 subsystem

HAL


Kernel modeKernel mode• HAL : present rest OS with abstract HAL : present rest OS with abstract

hardware device hardware device (winnt/system32/hal.dll) (winnt/system32/hal.dll)

ex) map device address to ex) map device address to logical logical system address system address (bus) (bus)

interrupt service set the interrupt service set the priority on priority on the device the device


• Kernel : present complete hardware Kernel : present complete hardware independencyindependency

ex) save the CPU register,ex) save the CPU register,

flush CPU tableflush CPU table• System service : accept windows system System service : accept windows system

callscalls


User mode : provide each user User mode : provide each user process with system call interfaceprocess with system call interface• Environment Subsystems ~= win32 API Environment Subsystems ~= win32 API

(application programming interface)(application programming interface)• System Interface : DLL (dynamic link System Interface : DLL (dynamic link

libraries)libraries)• Service processesService processes

Window - ManageWindow - Manage

InterruptInterrupt Direct Direct

memorymemory

accessaccess I/OI/O MemoryMemory

Window - RegistryWindow - Registry

RegistryRegistry• Don’t change if Don’t change if

you have a plan you have a plan to use machine to use machine againagain..

• Directory (key)Directory (key)• Entry : name, type, Entry : name, type,

valuevalue

Window - RegistryWindow - Registry

• All the win32 application include All the win32 application include win32API functions win32API functions

( RegCreateKeyEx, _Delete_, _Open_, ( RegCreateKeyEx, _Delete_, _Open_, etc)etc)

• All the registry file is in the All the registry file is in the winnt/system32/confgwinnt/system32/confg

• Some file can not open, but if you Some file can not open, but if you succeed opening file (?), you can see the succeed opening file (?), you can see the file start “regf…” file start “regf…”

WindowsWindows Booting Booting

• Boot sector : first sector of the partition Boot sector : first sector of the partition having the bootable OS and has ntldrhaving the bootable OS and has ntldr

• ntldr look up boot.ini file to get the info ntldr look up boot.ini file to get the info on configuration on configuration

• ntoskrnl.exe, and bootvid.dll are loaded.ntoskrnl.exe, and bootvid.dll are loaded.• Finally ntldr load all the drives needed Finally ntldr load all the drives needed

to finish booting ( like mouse, keyboard) to finish booting ( like mouse, keyboard) and load smass.exeand load smass.exe

• winlogin.exe, winlogin.exe,

Windows - SecurityWindows - Security

Winlogin.exe create lass.exe Winlogin.exe create lass.exe (authentication manager) and (authentication manager) and services.exe (look in registry and services.exe (look in registry and start services)start services)

Services : Printer server, File server, Services : Printer server, File server, Telnet Daemon, DNS Telnet Daemon, DNS

resolver,resolver, Event logger, Plug-and-Event logger, Plug-and-

play play manager manager

Windows - SecurityWindows - Security

User SID (security ID)User SID (security ID) Process has access token Process has access token

HeaderExpiration time

Groups Default CACL

User SID

Group SID

Restricted SID

Privilege

Windows - SecurityWindows - Security Security descriptorSecurity descriptor

ImplementationImplementation• Winlogon.exe give initial process access tokenWinlogon.exe give initial process access token

lass.exe decides success of login and lookup registry to get lass.exe decides success of login and lookup registry to get correct user profile and start services.exe with access correct user profile and start services.exe with access tokentoken

• Subsequent processes inherit parent’s access token.Subsequent processes inherit parent’s access token.• Thread usually inherit the process’s access token.Thread usually inherit the process’s access token.

Owner’s SID

Group SIDDACLSACL

Deny access ListSystem Access Control List

Manage WindowsManage Windows

Why have to protect windows?Why have to protect windows?• Bugs : Bugs : Every software contains bugs Every software contains bugs • Intruders : CIntruders : Crackers find a vulnerability rackers find a vulnerability

in the in the OSOS and exploit it to break into and exploit it to break into and and controlcontrol

• Virus InfectionsVirus Infections : : antivirus softwareantivirus software• Violation of your privacyViolation of your privacy : : spywarespyware

((software to collect data about you and software to collect data about you and secretly send it homesecretly send it home))


How to protect windowsHow to protect windows• Service packService pack• Windows updateWindows update• Installing Hotfixes Installing Hotfixes • Microsoft Baseline Security Analyzer Microsoft Baseline Security Analyzer • Virus protectionVirus protection• Firewall protectionFirewall protection• Malicious Script Protection Malicious Script Protection


Service packsService packs• contain hundreds of bug and security contain hundreds of bug and security

fixes and enable you to apply these fixes and enable you to apply these fixes in one fell swoopfixes in one fell swoop

• Check the service pack version and Check the service pack version and download the newest versiondownload the newest version

Windows UpdateWindows Update• Updates are being released constantlyUpdates are being released constantly• http://http://windowsupdate.microsoft.comwindowsupdate.microsoft.com//


Installing hotfixsInstalling hotfixs• additional patchesadditional patches• subscribe to Microsoft's Security Bulletin - subscribe to Microsoft's Security Bulletin -

http://www.microsoft.com/http://www.microsoft.com/technet/security/bulletin/notify.asptechnet/security/bulletin/notify.asp - or the - or the CERT Advisory Mailing List - CERT Advisory Mailing List - http://http://www.cert.org/contact_cert/certmaillist.htmlwww.cert.org/contact_cert/certmaillist.html. . You will receive regular e-mail notifications You will receive regular e-mail notifications about vulnerabilities and fixes you might need about vulnerabilities and fixes you might need to apply to your system. to apply to your system.


Microsoft Baseline Microsoft Baseline Security Analyzer Security Analyzer • MBSA allows you to MBSA allows you to

check your Windows check your Windows NT4, 2000, or XP NT4, 2000, or XP installation for a installation for a number of security number of security issues, i.e. Windows issues, i.e. Windows vulnerabilities, weak vulnerabilities, weak passwords, IIS passwords, IIS vulnerabilities, SQL vulnerabilities, SQL vulnerabilities, and vulnerabilities, and missing hotfixesmissing hotfixes


Virus protectionVirus protection• Anti-virus program : known virus , update Anti-virus program : known virus , update

virus definitionvirus definition• Common sense Common sense

unknown virusunknown virus DON'T OPEN ATTACHMENTS FROM UNKNOWN DON'T OPEN ATTACHMENTS FROM UNKNOWN

SOURCES! SOURCES! DELETE IT!DELETE IT! e-mail with an attachment from a person you e-mail with an attachment from a person you

know but didn't expect it - DO NOT OPEN IT - know but didn't expect it - DO NOT OPEN IT - DELETE IT! DELETE IT!


Firewall Protection Firewall Protection • Internet connetion : exposed to worldInternet connetion : exposed to world• DSL or cable modem with static IPDSL or cable modem with static IP• FFind out how vulnerable your machine isind out how vulnerable your machine is• http://http://grc.com/default.htmgrc.com/default.htm

click on click on Shield's UP!Shield's UP!. . • Do Do Test My Shields!Test My Shields! and and Probe My Ports!Probe My Ports!.. CCheck for obvious vulnerabilities of your PCheck for obvious vulnerabilities of your PC.. Chances are you have a number of open and/or Chances are you have a number of open and/or

visible ports that can make your machine a visible ports that can make your machine a target for crackerstarget for crackers


• Firewall Firewall protectprotectss machine by closing these machine by closing these security holes.security holes.

• Firewall software monitors your Internet Firewall software monitors your Internet connection and filters all traffic to keep connection and filters all traffic to keep undesired traffic out and only allow legitimate undesired traffic out and only allow legitimate traffic through.traffic through.

• recommend is ZoneLab's Zone Alarmrecommend is ZoneLab's Zone Alarm• http://http://www.zonelabs.comwww.zonelabs.com. . • After installing Zone Alarm, and perform After installing Zone Alarm, and perform

another Shields UP! test and Port Probe. another Shields UP! test and Port Probe.


Spyware ProtectionSpyware Protection

• What is SpywareWhat is Spyware come in form of software installed on your machine come in form of software installed on your machine

with or without your knowledgewith or without your knowledge tracks and collects data about you and your tracks and collects data about you and your

computer and sends it back to a central database for computer and sends it back to a central database for processing and analyzingprocessing and analyzing

Lavasoft's Ad-aware Lavasoft's Ad-aware http://http://www.lavasoftusa.comwww.lavasoftusa.com//. . After installing this software you can scan your entire After installing this software you can scan your entire

system including hard drives and registry for any system including hard drives and registry for any traces of spywaretraces of spyware..


Lavasoft's Ad-awareLavasoft's Ad-aware


Malicious Script ProtectionMalicious Script Protection • A lot of e-mail viruses are scripts.A lot of e-mail viruses are scripts.• In order to functionIn order to function,, they need to be executed. they need to be executed. • PPrevent you from accidentally launching a revent you from accidentally launching a

malicious script that was not caught by your malicious script that was not caught by your antivirus software by installing script antivirus software by installing script monitoring software monitoring software

• AnalogX's Script Defender AnalogX's Script Defender http://http://www.analogx.com/contents/download/system/swww.analogx.com/contents/download/system/sdefend.htmdefend.htm


Malicious Script ProtectionMalicious Script Protection

Manage WindowsManage Windows EmailEmail

• If possible, set the format as plain /text :If possible, set the format as plain /text :HTML mail is a HTML mail is a potential risk and allows for snooping and malicious potential risk and allows for snooping and malicious code infection code infection

• Disable to running ActiveX , scriptDisable to running ActiveX , script• ActiveX applets (or "controls" as they are called) are ActiveX applets (or "controls" as they are called) are

downloadable programs that are run by your system. downloadable programs that are run by your system. Unlike the normal EXE files, ActiveX can be run Unlike the normal EXE files, ActiveX can be run transparently in your Internet Explorer to perform any transparently in your Internet Explorer to perform any action such as erasing files or stealing your passwords.action such as erasing files or stealing your passwords.

• Do not open EXE, BAT, VBS, and SCR type attachments Do not open EXE, BAT, VBS, and SCR type attachments everever

• Consider using a plain text (non-HTML) e-mail reader Consider using a plain text (non-HTML) e-mail reader such as such as EudoraEudora or or The Bat!The Bat!

• DOC file can be opened up in like WordPad to view the DOC file can be opened up in like WordPad to view the text contents without the risk of a macro virus infection. text contents without the risk of a macro virus infection.


Perform frequent data backups. Perform frequent data backups. Disable file sharing. Disable file sharing. Create an emergency boot disk.Create an emergency boot disk.

Manage Windows -VISCManage Windows -VISC

Secure Shell Secure Shell

Manage Windows - VISCManage Windows - VISC

ReferenceReference

Modern operating systems – Andrew Modern operating systems – Andrew S. TanenbaumS. Tanenbaum

A practical Guide to Solaris –Mark G. A practical Guide to Solaris –Mark G. SobellSobell

Lecture 2 – Dr. SpringLecture 2 – Dr. Spring

Documents

Operating System VISC lab Na Young Lee 09-20-02. Agenda Operating System UNIX (standard UNIX) Window (2000) Manage Window