Scribd Logo
Upload

Welcome to Scribd!

  • Handout 3-Platform Tech

    Uploaded by

    jhoncarloeusebio
    5 views6 pages
    The document describes the six layers of a typical operating system: hardware, CPU scheduling, memory management, process management, I/O buffering, and user programs. It then discusses the advantages of a layered structure, including modularity, easy debugging, easy updating, abstraction from hardware, and disadvantages like complex implementation, slower execution, and difficulty separating some functionalities. Finally, it outlines key functions for secure and trusted operating systems, such as user authentication, memory protection, access control, interprocess communication, and protecting operating system protection data.

    Original Description:

    Original Title

    handout 3-platform tech

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document describes the six layers of a typical operating system: hardware, CPU scheduling, memory management, process management, I/O buffering, and user programs. It then discusses the advantages of a layered structure, including modularity, easy debugging, easy updating, abstraction from hardware, and disadvantages like complex implementation, slower execution, and difficulty separating some functionalities. Finally, it outlines key functions for secure and trusted operating systems, such as user authentication, memory protection, access control, interprocess communication, and protecting operating system protection data.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    5 views6 pages

    Handout 3-Platform Tech

    Uploaded by

    jhoncarloeusebio
    The document describes the six layers of a typical operating system: hardware, CPU scheduling, memory management, process management, I/O buffering, and user programs. It then discusses the advantages of a layered structure, including modularity, easy debugging, easy updating, abstraction from hardware, and disadvantages like complex implementation, slower execution, and difficulty separating some functionalities. Finally, it outlines key functions for secure and trusted operating systems, such as user authentication, memory protection, access control, interprocess communication, and protecting operating system protection data.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 6

    CCPLTFRL

    _______________________________________________________________________________________________

    OPERATING SYSTEM

    Six Layers of Operating System:

    1. Hardware: This layer interacts with the system hardware and coordinates with all the peripheral devices used,
    such as a printer, mouse, keyboard, scanner, etc. These types of hardware devices are managed in the hardware
    layer.

    The hardware layer is the lowest and most authoritative layer in the layered operating system architecture. It
    is attached directly to the core of the system.

    2. CPU Scheduling: This layer deals with scheduling the processes for the CPU. Many scheduling queues are used
    to handle processes. When the processes enter the system, they are put into the job queue.

    The processes that are ready to execute in the main memory are kept in the ready queue. This layer is
    responsible for managing how many processes will be allocated to the CPU and how many will stay out of the
    CPU.

    3. Memory Management: Memory management deals with memory and moving processes from disk to primary
    memory for execution and back again. This is handled by the third layer of the operating system. All memory
    management is associated with this layer.

    There are various types of memories in the computer like RAM, ROM. If you consider RAM, then it is concerned
    with swapping in and swapping out of memory. When our computer runs, some processes move to the main
    memory (RAM) for execution, and when programs, such as calculator, exit, it is removed from the main
    memory.

    4. Process Management: This layer is responsible for managing the processes, i.e., assigning the processor to a
    process and deciding how many processes will stay in the waiting schedule.

    The priority of the processes is also managed in this layer. The different algorithms used for process scheduling
    are FCFS (first come, first served), SJF (shortest job first), priority scheduling, round-robin scheduling, etc.

    5. I/O Buffer: I/O devices are very important in computer systems. They provide users with the means of
    interacting with the system. This layer handles the buffers for the I/O devices and makes sure that they work
    correctly.

    Suppose you are typing from the keyboard. There is a keyboard buffer attached with the keyboard, which stores
    data for a temporary time. Similarly, all input/output devices have some buffer attached to them. This is
    because the input/output devices have slow processing or storing speed. The computer uses buffers to
    maintain the good timing speed of the processor and input/output devices.

    6. User Programs: This is the highest layer in the layered operating system. This layer deals with the many user
    programs and applications that run in an operating system, such as word processors, games, browsers, etc. You
    can also call this an application layer because it is concerned with application programs.
    _______________________________________________________________________________________________
    Handout-03 Page 1 of 6
    CCPLTFRL
    _______________________________________________________________________________________________

    Six layers of Operating System

    Advantages of Layered structure of Operating System:

    1. Modularity: This design promotes modularity as each layer performs only the tasks it is scheduled to perform.
    2. Easy debugging: As the layers are discrete so it is very easy to debug. Suppose an error occurs in the CPU
    scheduling layer. The developer can only search that particular layer to debug, unlike the Monolithic system
    where all the services are present.
    3. Easy update: A modification made in a particular layer will not affect the other layers.
    4. No direct access to hardware: The hardware layer is the innermost layer present in the design. So, a user can
    use the services of hardware but cannot directly modify or access it, unlike the Simple system in which the
    user had direct access to the hardware.
    5. Abstraction: Every layer is concerned with its functions. So the functions and implementations of the other
    layers are abstract to it.

    Disadvantages of Layered structure of Operating System:

    1. Complex and careful implementation: As a layer can access the services of the layers below it, so the
    arrangement of the layers must be done carefully. For example, the backing storage layer uses the services of

    _______________________________________________________________________________________________
    Handout-03 Page 2 of 6
    CCPLTFRL
    _______________________________________________________________________________________________

    the memory management layer. So, it must be kept below the memory management layer. Thus, with great
    modularity comes complex implementation.
    2. Slower in execution: If a layer wants to interact with another layer, it requests to travel through all the layers
    present between the two interacting layers. Thus, it increases response time, unlike the Monolithic system,
    which is faster than this. Thus, an increase in the number of layers may lead to a very inefficient design.
    3. Functionality: It is not always possible to divide the functionalities. Many times, they are interrelated and can't
    be separated.
    4. Communication: No communication between non-adjacent layers.

    Secure Operating System

    A secure operating system generally refers to one of two things; an operating system that focuses heavily on internal
    and external security or an operating system that has external security certification. In either case, these operating
    systems have a level of security that is higher than an average system. As a result, a secure operating system is generally
    used in locations that store important data or is at severe risk for attack.

    OS Functions that involve computer security:

    User authentication. The operating system must identify each user who requests access and must ascertain that the
    user is actually who he or she purports to be. The most common authentication mechanism is password comparison.

    Memory protection. Each user's program must run in a portion of memory protected against unauthorized accesses.
    The protection will certainly prevent outsiders' accesses, and it may also control a user's own access to restricted parts
    of the program space. Differential security, such as read, write, and execute, may be applied to parts of a user's
    memory space. Memory protection is usually performed by hardware mechanisms, such as paging or segmentation.

    File and I/O device access control. The operating system must protect user and system files from access by
    unauthorized users. Similarly, I/O device use must be protected. Data protection is usually achieved by table lookup,
    as with an access control matrix.

    Allocation and access control to general objects. Users need general objects, such as constructs to permit
    concurrency and allow synchronization. However, access to these objects must be controlled so that one user does
    not have a negative effect on other users. Again, table lookup is the common means by which this protection is
    provided.
    _______________________________________________________________________________________________
    Handout-03 Page 3 of 6
    CCPLTFRL
    _______________________________________________________________________________________________

    Enforced sharing. Resources should be made available to users as appropriate. Sharing brings about the need to
    guarantee integrity and consistency. Table lookup, combined with integrity controls such as monitors or transaction
    processors, is often used to support controlled sharing.

    Guaranteed fair service. All users expect CPU usage and other service to be provided so that no user is indefinitely
    starved from receiving service. Hardware clocks combine with scheduling disciplines to provide fairness. Hardware
    facilities and data tables combine to provide control.

    Interprocess communication and synchronization. Executing processes sometimes need to communicate with other
    processes or to synchronize their accesses to shared resources. Operating systems provide these services by acting as
    a bridge between processes, responding to process requests for asynchronous communication with other processes
    or synchronization. Interprocess communication is mediated by access control tables.

    Protected operating system protection data. The operating system must maintain data by which it can enforce
    security. Obviously if these data are not protected against unauthorized access (read, modify, and delete), the
    operating system cannot provide enforcement. Various techniques, including encryption, hardware control, and
    isolation, support isolation of operating system protection data.

    Trusted Operating System

    A trusted operating system (TOS) is an operating system that is designed and built with a heightened emphasis on
    security, integrity, and assurance. It goes beyond conventional security measures to provide a level of trustworthiness
    that ensures the system behaves as intended and enforces security policies correctly.

    Features of a trusted Operating System

    • user identification and authentication

    Identification is at the root of much of computer security. We must be able to tell who is requesting access to an object,
    and we must be able to verify the subject's identity. As we see shortly, most access control, whether mandatory or
    discretionary, is based on accurate identification.

    _______________________________________________________________________________________________
    Handout-03 Page 4 of 6
    CCPLTFRL
    _______________________________________________________________________________________________

    • Mandatory and Discretionary Access Control

    Mandatory access control (MAC) means that access control policy decisions are made beyond the control of the
    individual owner of an object.

    By contrast, discretionary access control (DAC), as its name implies, leaves a certain amount of access control to the
    discretion of the object's owner or to anyone else who is authorized to control the object's access.

    • Object Reuse Protection

    One way that a computing system maintains its efficiency is to reuse objects. The operating system controls resource
    allocation, and as a resource is freed for use by other users or programs, the operating system permits the next user
    or program to access the resource. But reusable objects must be carefully controlled, lest they create a serious
    vulnerability.

    • Complete Mediation

    For mandatory or discretionary access control to be effective, all accesses must be controlled. It is insufficient to control
    access only to files if the attack will acquire access through memory or an outside port or a network or a covert channel.
    The design and implementation difficulty of a trusted operating system rises significantly as more paths for access
    must be controlled. Highly trusted operating systems perform complete mediation, meaning that all accesses are
    checked.

    • Trusted Path

    One way for a malicious user to gain inappropriate access is to "spoof" users, making them think they are
    communicating with a legitimate security enforcement system when in fact their keystrokes and commands are being
    intercepted and analyzed. for critical operations such as setting a password or changing access permissions, users want
    an unmistakable communication, called a trusted path, to ensure that they are supplying protected information only
    to a legitimate receiver.

    • Accountability and Audit

    A security-relevant action may be as simple as an individual access to an object, such as a file, or it may be as major as
    a change to the central access control database affecting all subsequent accesses. Accountability usually entails
    maintaining a log of security-relevant events that have occurred, listing each event and the person responsible for the

    _______________________________________________________________________________________________
    Handout-03 Page 5 of 6
    CCPLTFRL
    _______________________________________________________________________________________________

    addition, deletion, or change. This audit log must obviously be protected from outsiders, and every security-relevant
    event must be recorded.

    Audit Log Reduction

    Theoretically, the general notion of an audit log is appealing because it allows responsible parties to evaluate all actions
    that affect all protected elements of the system. But in practice an audit log may be too difficult to handle, owing to
    volume and analysis.

    • Intrusion Detection

    Closely related to audit reduction is the ability to detect security lapses, ideally while they occur. Intrusion detection
    software builds patterns of normal system usage, triggering an alarm any time the usage seems abnormal.

    _______________________________________________________________________________________________
    Handout-03 Page 6 of 6

    You might also like