Presentation is loading. Please wait.

Presentation is loading. Please wait.

Topic 5a Operating System Fundamentals. What is an operating system? a computer is comprised of various types of software device drivers (storage, I/O,

Published byZoe Dayna Brooks Modified over 8 years ago

Similar presentations

Presentation on theme: "Topic 5a Operating System Fundamentals. What is an operating system? a computer is comprised of various types of software device drivers (storage, I/O,"— Presentation transcript:

1 Topic 5a Operating System Fundamentals

2 What is an operating system? a computer is comprised of various types of software device drivers (storage, I/O, etc.) process and control software memory management user interface software utility software application software

3 Early computers (1940-1960's) required all of these types of software to be loaded every time an application was run this was early 'batch' processing The 'operating system' became the set of software that initialize the computer run diagnostic checks provide for device management prepare the computer for an application

4 As operating systems evolved through the 1960- 1980's they gained more functions provide graphic user interface provide set of user utility programs manage multiple processes and users provide network functionality some operating systems are special-purpose

5 An important base function of the operating system is to provide an interface between the application software and the hardware today, this set of low-level OS functions is called the OS 'kernel‘ An OS kernel is typically always kept in memory – for greatest speed Many OS’s today are built on top of the Linux kernel, or some variation

6 There are many operating systems - not all are current the forensics examiner must be on the lookout for older, obsolete operating systems a criminal might try using these hoping to thwart an investigation Here is a listing of scores of operating systems with pointers to more information http://en.wikipedia.org/wiki/List_of_operating_systems

7 the most important operating systems for the forensic examiner today are: - Microsoft Windows (and DOS) - Macintosh OSX - Unix/Linux - Android - Apple iOS many forensics labs will need to have hardware and software to deal with these there may be the occasion to locate hardware/software for an older OS example OS9 - unix-like OS for 8-bit Motorola 6809 based micros

8 As much as 50% of all system vulnerabilities are in the OS system devices such as routers, IDS's and firewalls also have operating systems the most effective mitigation strategy is to harden the OS ensure that security patches are installed as soon as they are available

9 Hardening an operating system - installation/configuration measures that can reduce the OS exposure - closing unneeded ports - turning off (or not installing) unneeded services - removing auto-response banner messages - note: there are many more hardening steps – most of these are OS or application specific

10 patch management - applying security patches as soon as they are available - servers, network appliances, workstations, etc. - having a back-down strategy if needed - many applications may need to be tested after a patch is applied - zero-day vulnerability - one for which a patch is not available

11 processes (tasks) and states - early computers were single-process systems - could only run a single program (task) at a time - the DOS operating system worked like this - switching tasks had to be done manually

12 processes (tasks) and states - later computer operating systems introduced the concept of multi-processing (multi-tasking) - a single user could have multiple tasks running simultaneously - a given task could have multiple sub-tasks (threads) - the OS manages process memory (memory management) and other resources and would switch between tasks as needed - for example, listening to music while writing a paper while having a chat window open while having a browser window open

13 Process (task) management requires that the OS properly handle the memory/resource management of the various tasks and threads - various ways to do this include system calls, message passing, stacks/heaps

14 Processes have various states - running, waiting, created, terminated, etc. - the process management function of the OS ensures that memory is adjusted, that resources are available, and that processes run when appropriate

15 Process privilege and priority - some processes require greater privileges (such as root or administrtator) - this should be done only when absolutely needed - a popular way to attack a system is to exploit a vulnerability in a process that has root privs - using an LPA is one way to restrict privileges - sandboxing is another approach

16 Processes may be prioritized - real-time processes typically have greater priority - note: process management today is typically called 'task' management - the early term for computers able to manage multiple tasks on a single processor was 'multi-processing‘ - today we call it 'multi-tasking‘ - multi-processing is used to describe situations where there are multiple CPUs available

17 Memory management - process/task management requires that the memory associated with a task be available in the address space where it is requested - one can think of this as like a sliding window - memory may be swapped to/from storage - this is called virtual memory - gives the illusion of having more real memory than you actually have

18 File systems - this determines how the bits of files are mapped onto storage devices. - examples include FAT, NTFS, EXT3, etc. - it is extremely relevant to cyber-forensics, since file system features (like slack space) can be exploited to hide data - we will cover file systems in more detail in subsequent topics

19 Virtualization - this refers to running an instance of an operating system as a process - possible since, in theory, any UTM (Universal Turing Machine) can simulate any other UTM - for example, running Mac OSX in a VM on a Windows computer, or running Unbuntu Linux in a VM on a windows computer

20 Virtualization: - the actual program run is called a 'virtual machine' - it is a simulation of a processor, with specific resources - the OS is installed on the virtual machine - the program that creates or manages VMs is called a 'hypervisor' - virtualization has many uses in cyber-forensics, we will discuss this in greater depth later

21 Fundamental security design principles: - domain separation - separating tasks from resources - the hypervisor or OS would mediate resource access - sandboxing is an example of this

22 Fundamental security design principles: - process isolation - preventing processes/tasks from communicating with each other or sharing resources such as memory - resource encapsulation - methods used to protect a resource - for example, specific system calls and specific privilege requirements

Download ppt "Topic 5a Operating System Fundamentals. What is an operating system? a computer is comprised of various types of software device drivers (storage, I/O,"

Similar presentations

Threads, SMP, and Microkernels

Threads, SMP, and Microkernels
Lesson 4 0x004 100 Operating Systems.

Lesson 4 0x Operating Systems.
Operating System Structure

Operating System Structure
Introduction to Operating Systems CS-2301 B-term 20081 Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.

Introduction to Operating Systems CS-2301 B-term Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.
Operating Systems: Software in the Background

Operating Systems: Software in the Background
INTRODUCTION OS/2 was initially designed to extend the capabilities of DOS by IBM and Microsoft Corporations. To create a single industry-standard operating.

INTRODUCTION OS/2 was initially designed to extend the capabilities of DOS by IBM and Microsoft Corporations. To create a single industry-standard operating.
1 Web Server Administration Chapter 3 Installing the Server.

1 Web Server Administration Chapter 3 Installing the Server.
CMPTR1 CHAPTER 3 COMPUTER SOFTWARE Application Software – The programs/software/apps that we run to do things like word processing, web browsing, and games.

CMPTR1 CHAPTER 3 COMPUTER SOFTWARE Application Software – The programs/software/apps that we run to do things like word processing, web browsing, and games.
© 2004, D. J. Foreman 1 CS350 Operating Systems. © 2004, D. J. Foreman 2 Administrivia  Assignments ■ Homework on most chapters ■ Approximately 8 lab.

© 2004, D. J. Foreman 1 CS350 Operating Systems. © 2004, D. J. Foreman 2 Administrivia  Assignments ■ Homework on most chapters ■ Approximately 8 lab.
Operating Systems BTEC IT Practitioners.

Operating Systems BTEC IT Practitioners.
Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations.

Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations.
1 DOS with Windows 3.1 and 3.11 Operating Environments n Designed to allow applications to have a graphical interface DOS runs in the background as the.

1 DOS with Windows 3.1 and 3.11 Operating Environments n Designed to allow applications to have a graphical interface DOS runs in the background as the.
Operating Systems.

Operating Systems.
Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.

Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.
Professor Michael J. Losacco CIS 1150 – Introduction to Computer Information Systems System Software Chapter 4.

Professor Michael J. Losacco CIS 1150 – Introduction to Computer Information Systems System Software Chapter 4.
Learning Outcomes At the end of this lesson, students should be able to: State the types of system software – Operating system – Utility system Describe.

Learning Outcomes At the end of this lesson, students should be able to: State the types of system software – Operating system – Utility system Describe.
Week 6 Operating Systems.

Week 6 Operating Systems.
Tanenbaum 8.3 See references

Tanenbaum 8.3 See references
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
Chapter 3.1:Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access.

Chapter 3.1:Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access.

Similar presentations

Ads by Google