Operating System Components and Architecture
In spite of the reference to an “operating system” as a single entity, an operating system is not a single huge program. An operating system is actually a collection of many programs working together, along with data, to provide access to physical resources. The goal of secure information can simply be expressed as simultaneously ensuring both of the following situations:
All required information is available to authorized users.
No information is available to unauthorized users.
Although these two basic situations appear to be clear and straightforward, simultaneously ensuring both can be challenging. A control is any mechanism or action that prevents, detects, or addresses an attack. Once security controls are in place, attackers must identify methods to compromise the controls and gain the privileges of an authorized user. The methods attackers use will rely on one or more vulnerabilities. Your goal is to identify and mitigate as many vulnerabilities as possible to deny the opportunity for an attacker to realize a threat.
The first step in planning how to secure the operating system is to understand the purpose of various operating system components. Each operating system component, and the communication between components, can be a potential point of attack. There are many different operating systems in use today, and often multiple versions of each one; however, there are components and services that are common among them.
The Kernel
The central component of most operating systems is the kernel. The kernel is the part of the operating system that may reside partially in memory and provides the backbone of the operating system’s services (FIGURE 2-1). The classic definition of the kernel states that the entire kernel resides in memory. Today’s more complex operating system kernels are made up of both the main memory-resident components and external loadable modules. The use of loadable modules reduces the kernel’s memory footprint. The kernel provides access to physical resources and often runs other operating system programs to complete a task. The memory-resident kernel code will directly handle access to the CPU, where efficiency is crucial. In other cases, where flexibility is more important, the kernel will run device driver programs to handle physical resource access. The second approach is slower but makes it easy for the operating system to support a wide variety of hardware devices from different vendors. All that is needed is a device driver program for the operating system to support a new device.
FIGURE 2-1
Operating system kernel.
© Jones & Bartlett Learning.
Many current operating systems actually implement microkernel architecture. A microkernel only implements the minimal required functionality in the memory-resident portion of the operating system, such as memory management, interprocess communication, and process scheduling. Other necessary functionality is supported by external programs. The main difference between internal and external programs is the privilege level at which each runs. A pure microkernel allows only memory-resident components to run at kernel, or maximum privilege, mode.
The kernel also includes areas of memory reserved for the operating system data structures. One example of an operating system data structure is the process, or task table. The process table contains one entry for each running process. Each operating system stores different process properties, but the basic information in the process table is consistent. FIGURE 2-2 shows a few of the types of information the operating system maintains for processes.
FIGURE 2-2
Windows operating system components.
Courtesy of Microsoft Corporation.
One common process property is the mode in which a process is run. Processes generally run in either user mode or supervisor mode. You may also see supervisor mode referred to as kernel mode. Processes run in supervisor mode can perform more tasks and access more restricted parts of the computer system. One way for an attacker to access a protected resource is to modify the process table entry and change a user mode process to supervisor mode. The process table is only one example of a kernel data structure that must be secured from unauthorized changes. However, processes running in user mode should be able to view the information in the process table to see what is running at any point in time. The kernel keeps track of what processes can do and what they can’t.
Operating System Components
Operating systems contain far more than just the kernel. The kernel provides core services of the operating system and calls external programs to provide many more operating system services. TABLE 2-1 contains a list of general services most current operating systems provide.
TABLE 2-1 Operating System General Services |
|
|---|---|
| OPERATING SYSTEM SERVICE | DESCRIPTION |
| Program/process management | The operating system manages locating, loading, and actually executing all programs. It handles memory allocation, CPU scheduling, and providing the necessary environment for each program. |
| Input and output | Nearly every program requires input and produces output. The operating system hides the details of the physical hardware and provides programs with the ability to process input and output. |
| File system | The operating system also provides access to long-term storage, such as disk drives, and helps to organize the information to make it easily and efficiently accessible. |
| Communication | Programs often need to communicate with other programs, both locally and on other computers. The operating system provides the support for exchanging information between programs. |
| Error detection and alerts | The operating system is responsible for monitoring activities that occur within the computer and for responding when errors occur. |
© Jones & Bartlett Learning. |
|
From a security view, the most important concept of this section is that the operating system is the collection of programs that control access to the physical hardware. Since information is stored and transmitted on physical hardware, ensuring the security of protected information starts with ensuring the security of the operating system.