Operating System

Chapter-1 : Introduction

An Operating System(OS) is software that manages and handles the hardware and software resources of a
computer system. It provides interaction between users of computers and computer hardware. An operating
system is responsible for managing and controlling all the activities and sharing of computer resources. An
operating system is a low-level Software that includes all the basic functions like processor management,
memory management, Error detection, etc.

What Operating Systems do?


An operating system is software that acts as an intermediary between the user and computer hardware. It is a
program with the help of which we are able to run various applications. It is the one program that is running all
the time. Every computer must have an operating system to smoothly execute other programs.
The OS coordinates the use of the hardware and application programs for various users. It provides a platform
for other application programs to work. The operating system is a set of special programs that run on a
computer system that allows it to work properly. It controls input-output devices, execution of programs,
managing files, etc.

Services of Operating System

 Program execution
 Input Output Operations
 Communication between Process
 File Management
 Memory Management
 Process Management
 Security and Privacy
 Resource Management
 User Interface
 Networking
 Error handling
 Time Management

Program Execution
It is the Operating System that manages how a program is going to be executed. It loads the program into the
memory after which it is executed. The order in which they are executed depends on the CPU Scheduling
Algorithms. A few are FCFS, SJF, etc. When the program is in execution, the Operating System also handles
deadlock i.e. no two processes come for execution at the same time. The Operating System is responsible for
the smooth execution of both user and system programs. The Operating System utilizes various resources
available for the efficient running of all types of functionalities.

Input Output Operations

Operating System manages the input-output operations and establishes communication between the user
and device drivers. Device drivers are software that is associated with hardware that is being managed by the
OS so that the sync between the devices works properly. It also provides access to input-output devices to a
program when needed.
 Communication Between Processes
The Operating system manages the communication between processes. Communication between processes
includes data transfer among them. If the processes are not on the same computer but connected through a
computer network, then also their communication is managed by the Operating System itself.

File Management
The operating system helps in managing files also. If a program needs access to a file, it is the operating system
that grants access. These permissions include read-only, read-write, etc. It also provides a platform for the user
to create, and delete files. The Operating System is responsible for making decisions regarding the storage of all
types of data or files, i.e, floppy disk/hard disk/pen drive, etc. The Operating System decides how the data
should be manipulated and stored.

Memory Management
Let’s understand memory management by OS in simple way. Imagine a cricket team with limited number of
player . The team manager (OS) decide whether the upcoming player will be in playing 11 ,playing 15 or will
not be included in team , based on his performance . In the same way, OS first check whether the upcoming
program fulfil all requirement to get memory space or not ,if all things good, it checks how much memory
space will be sufficient for program and then load the program into memory at certain location. And thus , it
prevents program from using unnecessary memory.

Process Management
Let’s understand the process management in unique way. Imagine, our kitchen stove as the (CPU) where all
cooking(execution) is really happen and chef as the (OS) who uses kitchen-stove(CPU) to cook different
dishes(program). The chef(OS) has to cook different dishes(programs) so he ensure that any particular
dish(program) does not take long time(unnecessary time) and all dishes(programs) gets a chance to
cooked(execution) .The chef(OS) basically scheduled time for all dishes(programs) to run kitchen(all the
system) smoothly and thus cooked(execute) all the different dishes(programs) efficiently.

Security and Privacy

 Security : OS keep our computer safe from an unauthorized user by adding security layer to it. Basically,
Security is nothing but just a layer of protection which protect computer from bad guys like viruses and
hackers. OS provide us defenses like firewalls and anti-virus software and ensure good safety of computer
and personal information.
 Privacy : OS give us facility to keep our essential information hidden like having a lock on our door, where
only you can enter and other are not allowed . Basically , it respect our secrets and provide us facility to keep
it safe.

Resource Management
System resources are shared between various processes. It is the Operating system that manages resource
sharing. It also manages the CPU time among processes using CPU Scheduling Algorithms. It also helps in
the memory management of the system. It also controls input-output devices. The OS also ensures the proper
use of all the resources available by deciding which resource to be used by whom.

User Interface
User interface is essential and all operating systems provide it. Users either interacts with the operating system
through the command-line interface or graphical user interface or GUI. The command interpreter executes the
next user-specified command.
A GUI offers the user a mouse-based window and menu system as an interface.

Networking
This service enables communication between devices on a network, such as connecting to the internet, sending
and receiving data packets, and managing network connections.
 Error Handling
The Operating System also handles the error occurring in the CPU, in Input-Output devices, etc. It also ensures
that an error does not occur frequently and fixes the errors. It also prevents the process from coming to a
deadlock. It also looks for any type of error or bugs that can occur while any task. The well-secured OS
sometimes also acts as a countermeasure for preventing any sort of breach of the Computer System from any
external source and probably handling them.

Time Management
Imagine traffic light as (OS), which indicates all the cars(programs) whether it should be stop(red)=>(simple
queue), start(yellow)=>(ready queue),move(green)=>(under execution) and this light (control) changes after a
certain interval of time at each side of the road(computer system) so that the cars(program) from all side of road
move smoothly without traffic.

Conclusion
In conclusion, operating system services are essential for managing computer resources, ensuring security and
stability, supporting multitasking, providing control over system operations, enabling input/output operations,
and facilitating networking and communication. These services allow users and applications to interact
efficiently with the hardware and software, making the overall computing experience smooth and effective.

Operating Systems Structures


The operating system can be implemented with the help of various structures. The structure of the OS depends
mainly on how the various standard components of the operating system are interconnected and melded into the
kernel.
A design known as an operating system enables user application programs to communicate with the machine’s
hardware. Given its complex design and need to be easy to use and modify, the operating system should be
constructed with the utmost care. A straightforward way to do this is to supernaturally develop the operating
system. These parts must each have unique inputs, outputs, and functionalities.
This article discusses a variety of operating system implementation structures, including those listed below, as
well as how and why they function. Additionally, the operating system structure is defined.
What is a System Structure for an Operating System?
A system structure for an operating system is like the blueprint of how an OS is organized and how its different
parts interact with each other. Because operating systems have complex structures, we want a structure that is
easy to understand so that we can adapt an operating system to meet our specific needs. Similar to how we
break down larger problems into smaller, more manageable subproblems, building an operating system in
pieces is simpler. The operating system is a component of every segment. The strategy for integrating different
operating system components within the kernel can be thought of as an operating system structure. As will be
discussed below, various types of structures are used to implement operating systems.

Types of Operating Systems Structures

Depending on this, we have the following structures in the operating system:
 Simple/Monolithic Structure
 Micro-Kernel Structure
 Hybrid-Kernel Structure
 Exo-Kernel Structure
 Layered Structure
 Modular Structure
 Virtual Machines
 Simple/Monolithic structure
Such operating systems do not have well-defined structures and are small, simple, and limited. The interfaces
and levels of functionality are not well separated. MS-DOS is an example of such an operating system. In MS-
DOS, application programs are able to access the basic I/O routines. These types of operating systems cause the
entire system to crash if one of the user programs fails.

Advantages of Simple/Monolithic Structure

 It delivers better application performance because of the few interfaces between the application program and
the hardware.
 It is easy for kernel developers to develop such an operating system.

Disadvantages of Simple/Monolithic Structure

 The structure is very complicated, as no clear boundaries exist between modules.
 It does not enforce data hiding in the operating system.

Micro-Kernel Structure
This structure designs the operating system by removing all non-essential components from the kernel and
implementing them as system and user programs. This results in a smaller kernel called the micro-
kernel. Advantages of this structure are that all new services need to be added to user space and does not
require the kernel to be modified. Thus it is more secure and reliable as if a service fails, then rest of the
operating system remains untouched. Mac OS is an example of this type of OS.

Advantages of Micro-kernel Structure

 It makes the operating system portable to various platforms.
 As microkernels are small so these can be tested effectively.

Disadvantages of Micro-kernel Structure

 Increased level of inter module communication degrades system performance.

Hybrid-Kernel Structure
Hybrid-kernel structure is nothing but just a combination of both monolithic-kernel structure and micro-kernel
structure. Basically, it combines properties of both monolithic and micro-kernel and make a more advance and
 helpful approach. It implement speed and design of monolithic and modularity and stability of micro-kernel
structure.

Advantages of Hybrid-Kernel Structure

 It offers good performance as it implements the advantages of both structure in it.
 It supports a wide range of hardware and applications.
 It provides better isolation and security by implementing micro-kernel approach.
 It enhances overall system reliability by separating critical functions into micro-kernel for debugging and
maintenance.
Disadvantages of Hybrid-Kernel Structure
 It increases overall complexity of system by implementing both structure (monolithic and micro) and making
the system difficult to understand.
 The layer of communication between micro-kernel and other component increases time complexity and
decreases performance compared to monolithic kernel.

Exo-Kernel Structure
Exokernel is an operating system developed at MIT to provide application-level management of hardware
resources. By separating resource management from protection, the exokernel architecture aims to enable
application-specific customization. Due to its limited operability, exokernel size typically tends to be minimal.
The OS will always have an impact on the functionality, performance, and scope of the apps that are developed
on it because it sits in between the software and the hardware. The exokernel operating system makes an
attempt to address this problem by rejecting the notion that an operating system must provide abstractions upon
which to base applications. The objective is to limit developers use of abstractions as little as possible while
still giving them freedom.

Advantages of Exo-Kernel
 Support for improved application control.
 Separates management from security.
 It improves the performance of the application.
 A more efficient use of hardware resources is made possible by accurate resource allocation and revocation.
 It is simpler to test and create new operating systems.
 Each user-space program is allowed to use a custom memory management system.

Disadvantages of Exo-Kernel
 A decline in consistency.
 Exokernel interfaces have a complex architecture.

Layered Structure
An OS can be broken into pieces and retain much more control over the system. In this structure, the OS is
broken into a number of layers (levels). The bottom layer (layer 0) is the hardware, and the topmost layer (layer
N) is the user interface. These layers are so designed that each layer uses the functions of the lower-level layers.
This simplifies the debugging process, if lower-level layers are debugged and an error occurs during debugging,
then the error must be on that layer only, as the lower-level layers have already been debugged.
The main disadvantage of this structure is that at each layer, the data needs to be modified and passed on which
adds overhead to the system. Moreover, careful planning of the layers is necessary, as a layer can use only
lower-level layers. UNIX is an example of this structure.
 Advantages of Layered Structure
 Layering makes it easier to enhance the operating system, as the implementation of a layer can be changed
easily without affecting the other layers.
 It is very easy to perform debugging and system verification.

Disadvantages of Layered Structure

 In this structure, the application’s performance is degraded as compared to simple structure.
 It requires careful planning for designing the layers, as the higher layers use the functionalities of only the
lower layers.

Modular Structure
It is considered as the best approach for an OS. It involves designing of a modular kernel. The kernel has only a
set of core components and other services are added as dynamically loadable modules to the kernel either
during runtime or boot time. It resembles layered structure due to the fact that each kernel has defined and
protected interfaces, but it is more flexible than a layered structure as a module can call any other module. For
example Solaris OS is organized as shown in the figure.
VMs (Virtual Machines)
Based on our needs, a virtual machine abstracts the hardware of our personal computer, including the CPU, disc
drives, RAM, and NIC (Network Interface Card), into a variety of different execution contexts, giving us the
impression that each execution environment is a different computer. An illustration of it is a virtual box.
An operating system enables us to run multiple processes concurrently while making it appear as though each
one is using a different processor and virtual memory by using CPU scheduling and virtual memory techniques.
The fundamental issue with the virtual machine technique is disc systems. Let’s say the physical machine only
has three disc drives, but it needs to host seven virtual machines. The program that creates virtual machines
would need a significant amount of disc space in order to provide virtual memory and spooling, so it should be
clear that it is impossible to assign a disc drive to every virtual machine. The answer is to make virtual discs
available.

Conclusion
Operating systems can be built using various structures, each affecting how components interact within
the kernel. These structures include Simple/Monolithic, Micro-Kernel, Hybrid-Kernel, Exo-Kernel, Layered,
Modular, and Virtual Machines. The structure chosen influences the ease of use, modification, and overall
efficiency. By breaking down the OS into manageable parts, developers can create more adaptable and robust
systems. Understanding these structures helps in designing operating systems that meet specific needs while
maintaining functionality and performance.

Operating-System Operations

As mentioned earlier, modern operating systems are interrupt driven. If there are no processes to execute, no
I/O devices to service, and no users to whom to respond, an operating system will sit quietly, waiting for
something to happen. Events are almost always signaled by the occurrence of an interrupt or a trap. A trap (or
an exception) is a software-generated interrupt caused either by an error (for example, division by zero or
invalid memory access) or by a specific request from a user program that an operating-system service be
performed. The interrupt-driven nature of an operating system defines that system’s general structure. For each
type of interrupt, separate segments of code in the operating system determine what action should be taken. An
interrupt service routine is provided to deal with the interrupt. Since the operating system and the users share
the hardware and software resources of the computer system, we need to make sure that an error in a user
program could cause problems only for the one program running. With sharing, many processes could be
adversely affected by a bug in one program. For example, if a process gets stuck in an infinite loop, this loop
could prevent the correct operation of many other processes. More subtle errors can occur in a
multiprogramming system, where one erroneous program might modify another program, the data of another
program, or even the operating system itself.
Without protection against these sorts of errors, either the computer must execute only one process at a time or
all output must be suspect. A properly designed operating system must ensure that an incorrect (or malicious)
program cannot cause other programs to execute incorrectly.

Dual-Mode and Multimode Operation

In order to ensure the proper execution of the operating system, we must be able to distinguish between the
execution of operating-system code and userdefined code. The approach taken by most computer systems is to
provide hardware support that allows us to differentiate among various modes of
execution.
 Transition from user to kernel mode.

At the very least, we need two separate modes of operation: user mode and kernel mode (also called
supervisor mode, system mode, or privileged mode). A bit, called the mode bit, is added to the hardware of
the computer to indicate the current mode: kernel (0) or user (1). With the mode bit, we can distinguish between
a task that is executed on behalf of the operating system and one that is executed on behalf of the user. When
the computer system is executing on behalf of a user application, the system is in user mode. However, when a
user application requests a service from the operating system (via a system call), the system must transition
from user to kernel mode to fulfill the request. This is shown in Figure 1.10. As we shall see, this architectural
enhancement is useful for many other aspects of system operation as well. At system boot time, the hardware
starts in kernel mode. The operating system is then loaded and starts user applications in user mode. Whenever
a trap or interrupt occurs, the hardware switches from user mode to kernel mode (that is, changes the state of
the mode bit to 0). Thus, whenever the operating system gains control of the computer, it is in kernel mode. The
system always switches to user mode (by setting the mode bit to 1) before passing control to a user program.
The dual mode of operation provides us with the means for protecting the operating system from errant users
and errant users from one another. We accomplish this protection by designating some of the machine
instructions that may cause harm as privileged instructions. The hardware allows privileged instructions to be
executed only in kernel mode. If an attempt is made to execute a privileged instruction in user mode, the
hardware does not execute the instruction but rather treats it as illegal and traps it to the operating system. The
instruction to switch to kernel mode is an example of a privileged instruction. Some other examples include I/O
control, timer management, and interrupt management. As we shall see throughout the text, there are many
additional privileged instructions. The concept of modes can be extended beyond two modes (in which case the
CPU uses more than one bit to set and test the mode). CPUs that support virtualization frequently have a
separate mode to indicate when the virtual machine manager (VMM) and the virtualization management
software is in control of the system. In this mode, the VMM has more privileges than user processes but fewer
than the kernel. It needs that level of privilege so it can create and manage virtual machines, changing the CPU
state to do so.

Timer
We must ensure that the operating system maintains control over the CPU. We cannot allow a user program to
get stuck in an infinite loop or to fail to call system services and never return control to the operating system.
To accomplish this goal, we can use a timer. A timer can be set to interrupt the computer after a specified
period. The period may be fixed (for example, 1/60 second) or variable (for example, from 1 millisecond to 1
second). A variable timer is generally implemented by a fixed-rate clock and a counter.
The operating system sets the counter. Every time the clock ticks, the counter is decremented. When the counter
reaches 0, an interrupt occurs. For instance, a 10-bit counter with a 1-millisecond clock allows interrupts at
intervals from 1 millisecond to 1,024 milliseconds, in steps of 1 millisecond. Before turning over control to the
user, the operating system ensures that the timer is set to interrupt. If the timer interrupts, control transfers
automatically to the operating system, which may treat the interrupt as a fatal error or may give the program
more time. Clearly, instructions that modify the content of the timer are privileged. We can use the timer to
prevent a user program from running too long. A simple technique is to initialize a counter with the amount of
time that a program is allowed to run. A program with a 7-minute time limit, for example, would have its
 counter initialized to 420. Every second, the timer interrupts, and the counter is decremented by 1. As long as
the counter is positive, control is returned to the user program. When the counter becomes negative, the
operating system terminates the program for exceeding the assigned time limit.

Introduction of Process Management


A process is a program in execution. For example, when we write a program in C or C++ and compile it, the
compiler creates binary code. The original code and binary code are both programs. When we actually run the
binary code, it becomes a process. A process is an ‘active’ entity instead of a program, which is considered a
‘passive’ entity. A single program can create many processes when run multiple times; for example, when we
open a .exe or binary file multiple times, multiple instances begin (multiple processes are created).
In this article, we will discuss process management in detail, along with the different states of a process, its
advantages, disadvantages, etc.

What is Process Management?

Process management is a key part of an operating system. It controls how processes are carried out, and
controls how your computer runs by handling the active processes. This includes stopping processes, setting
which processes should get more attention, and many more. You can manage processes on your own computer
too.
The OS is responsible for managing the start, stop, and scheduling of processes, which are programs running on
the system. The operating system uses a number of methods to prevent deadlocks, facilitate inter-process
communication, and synchronize processes. Efficient resource allocation, conflict-free process execution, and
optimal system performance are all guaranteed by competent process management. This essential component of
an operating system enables the execution of numerous applications at once, enhancing system utilization and
responsiveness.

How Does a Process Look Like in Memory?

A process in memory is divided into several distinct sections, each serving a different purpose. Here’s how a
process typically looks in memory:
 Text Section: A Process, sometimes known as the Text Section, also includes the current activity represented
by the value of the Program Counter.
 Stack: The stack contains temporary data, such as function parameters, returns addresses, and local variables.
 Data Section: Contains the global variable.
 Heap Section: Dynamically memory allocated to process during its run time.

Characteristics of a Process
A process has the following attributes.
 Process Id: A unique identifier assigned by the operating system.
 Process State: Can be ready, running, etc.
 CPU Registers: Like the Program Counter (CPU registers must be saved and restored when a process is
swapped in and out of the CPU)
 Accounts Information: Amount of CPU used for process execution, time limits, execution ID, etc
 I/O Status Information: For example, devices allocated to the process, open files, etc
 CPU Scheduling Information: For example, Priority (Different processes may have different priorities, for
example, a shorter process assigned high priority in the shortest job first scheduling)

All of the above attributes of a process are also known as the context of the process. Every process has its
own process control block(PCB), i.e. each process will have a unique PCB. All of the above attributes are part
of the PCB.

States of Process
A process is in one of the following states:
 New: Newly Created Process (or) being-created process.
 Ready: After the creation process moves to the Ready state, i.e. the process is ready for execution.
 Running: Currently running process in CPU (only one process at a time can be under execution in a single
processor).
 Wait (or Block): When a process requests I/O access.
 Complete (or Terminated): The process completed its execution.
 Suspended Ready: When the ready queue becomes full, some processes are moved to a suspended ready
state
 Suspended Block: When the waiting queue becomes full.
 What is Memory Management?
In a multiprogramming computer, the Operating System resides in a part of memory, and the rest is used by
multiple processes. The task of subdividing the memory among different processes is called Memory
Management. Memory management is a method in the operating system to manage operations between main
memory and disk during process execution. The main aim of memory management is to achieve efficient
utilization of memory.

Why Memory Management is Required?

 Allocate and de-allocate memory before and after process execution.
 To keep track of used memory space by processes.
 To minimize fragmentation issues.
 To proper utilization of main memory.
 To maintain data integrity while executing of process.
Now we are discussing the concept of Logical Address Space and Physical Address Space

Logical and Physical Address Space

 Logical Address Space: An address generated by the CPU is known as a “Logical Address”. It is also
known as a Virtual address. Logical address space can be defined as the size of the process. A logical
address can be changed.
 Physical Address Space: An address seen by the memory unit (i.e the one loaded into the memory address
register of the memory) is commonly known as a “Physical Address”. A Physical address is also known as a
Real address. The set of all physical addresses corresponding to these logical addresses is known as Physical
address space. A physical address is computed by MMU. The run-time mapping from virtual to physical
addresses is done by a hardware device Memory Management Unit(MMU). The physical address always
remains constant.

Static and Dynamic Loading

Loading a process into the main memory is done by a loader. There are two different types of loading :
 Static Loading: Static Loading is basically loading the entire program into a fixed address. It requires more
memory space.
 Dynamic Loading: The entire program and all data of a process must be in physical memory for the process
to execute. So, the size of a process is limited to the size of physical memory. To gain proper memory
utilization, dynamic loading is used. In dynamic loading, a routine is not loaded until it is called. All routines
are residing on disk in a relocatable load format. One of the advantages of dynamic loading is that the
unused routine is never loaded. This loading is useful when a large amount of code is needed to handle it
efficiently.

Static and Dynamic Linking

To perform a linking task a linker is used. A linker is a program that takes one or more object files generated
by a compiler and combines them into a single executable file.
 Static Linking: In static linking, the linker combines all necessary program modules into a single executable
program. So there is no runtime dependency. Some operating systems support only static linking, in which
system language libraries are treated like any other object module.
 Dynamic Linking: The basic concept of dynamic linking is similar to dynamic loading. In dynamic linking,
“Stub” is included for each appropriate library routine reference. A stub is a small piece of code. When the
stub is executed, it checks whether the needed routine is already in memory or not. If not available then the
program loads the routine into memory.
 Swapping
When a process is executed it must have resided in memory. Swapping is a process of swapping a process
temporarily into a secondary memory from the main memory, which is fast compared to secondary memory. A
swapping allows more processes to be run and can be fit into memory at one time. The main part of swapping
is transferred time and the total time is directly proportional to the amount of memory swapped. Swapping is
also known as roll-out, or roll because if a higher priority process arrives and wants service, the memory
manager can swap out the lower priority process and then load and execute the higher priority process. After
finishing higher priority work, the lower priority process swapped back in memory and continued to the
execution process.

swapping in memory management

Memory Management with Monoprogramming (Without Swapping)

This is the simplest memory management approach the memory is divided into two sections:
 One part of the operating system
 The second part of the user program
Fence Register

operating system user program

 In this approach, the operating system keeps track of the first and last location available for the allocation of
the user program
 The operating system is loaded either at the bottom or at top
 Interrupt vectors are often loaded in low memory therefore, it makes sense to load the operating system in
low memory
 Sharing of data and code does not make much sense in a single process environment
 The Operating system can be protected from user programs with the help of a fence register.
 Storage Management


Storage Management is defined as it refers to the management of the data storage equipment’s that are used to
store the user/computer generated data. Hence it is a tool or set of processes used by an administrator to keep
your data and storage equipment’s safe. Storage management is a process for users to optimize the use of
storage devices and to protect the integrity of data for any media on which it resides and the category of storage
management generally contain the different type of subcategories covering aspects such as security,
virtualization and more, as well as different types of provisioning or automation, which is generally made up
the entire storage management software market.
Storage management key attributes: Storage management has some key attribute which is generally used to
manage the storage capacity of the system. These are given below:

1. Performance
2. Reliability
3. Recoverability
4. Capacity

Feature of Storage management: There is some feature of storage management which is provided for storage
capacity. These are given below:
1. Storage management is a process that is used to optimize the use of storage devices.
2. Storage management must be allocated and managed as a resource in order to truly benefit a corporation.
3. Storage management is generally a basic system component of information systems.
4. It is used to improve the performance of their data storage resources.

Advantage of storage management: There are some advantage of storage management which are given
below:
 It becomes very simple to manage a storage capacity.
 It generally reduces the time consumption.
 It improves the performance of system.
 In virtualization and automation technologies, it can help an organization improve its agility.

Limitations of storage management:

 Limited physical storage capacity: Operating systems can only manage the physical storage space that is
available, and as such, there is a limit to how much data can be stored.
 Performance degradation with increased storage utilization: As more data is stored, the system’s performance
can decrease due to increased disk access time, fragmentation, and other factors.
 Complexity of storage management: Storage management can be complex, especially as the size of the
storage environment grows.
 Cost: Storing large amounts of data can be expensive, and the cost of additional storage capacity can add up
quickly.
 Security issues: Storing sensitive data can also present security risks, and the operating system must have
robust security features in place to prevent unauthorized access to this data.
 Backup and Recovery: Backup and recovery of data can also be challenging, especially if the data is stored on
multiple systems or devices.

Protection and Security

If a computer system has multiple users and allows the concurrent execution of multiple processes, then access
to data must be regulated. For that purpose, mechanisms ensure that files, memory segments, CPU, and other
resources can be operated on by only those processes that have gained proper authorization
from the operating system. For example, memory-addressing hardware ensures that a process can execute only
within its own address space. The timer ensures that no process can gain control of the CPU without eventually
relinquishing control. Device-control registers are not accessible to users, so the integrity of the various
peripheral devices is protected.
Protection, then, is any mechanism for controlling the access of processes or users to the resources defined by
a computer system. This mechanism must providemeans to specify the controls to be imposed and to enforce
the controls. Protection can improve reliability by detecting latent errors at the interfaces between component
subsystems. Early detection of interface errors can often prevent contamination of a healthy subsystem by
another subsystem that is malfunctioning. Furthermore, an unprotected resource cannot defend against use (or
misuse) by an unauthorized or incompetent user.A protection-oriented system provides ameans to distinguish
between authorized and unauthorized usage.
A system can have adequate protection but still be prone to failure and allow inappropriate access. Consider a
user whose authentication information (her means of identifying herself to the system) is stolen. Her data could
be copied or deleted, even though file and memory protection are working. It is the job of security to defend a
system from external and internal attacks. Such attacks spread across a huge range and include viruses and
worms, denial-ofservice attacks (which use all of a system’s resources and so keep legitimate users out of the
system), identity theft, and theft of service (unauthorized use of a system). Prevention of some of these attacks
is considered an operating-system function on some systems, while other systems leave it to policy or
additional software. Due to the alarming rise in security incidents, operating-system security features represent
a fast-growing area of research and implementation..
Protection and security require the system to be able to distinguish among all its users. Most operating systems
maintain a list of user names and associated user identifiers (user IDs). In Windows parlance, this is a
security ID (SID). These numerical IDs are unique, one per user. When a user logs in to the system, the
authentication stage determines the appropriate user ID for the user. That user ID is associated with all of the
user’s processes and threads. When an ID needs to be readable by a user, it is translated back to the user name
via the user name list. In some circumstances, we wish to distinguish among sets of users rather than individual
users. For example, the owner of a file on a UNIX system may be allowed to issue all operations on that file,
whereas a selected set of users may be allowed only to read the file. To accomplish this, we need to define a
group name and the set of users belonging to that group. Group functionality can be implemented as a system-
wide list of group names and group identifiers.
A user can be in one or more groups, depending on operating-system design decisions. The user’s group IDs are
also included in every associated process and thread. In the course of normal system use, the user ID and group
ID for a user are sufficient. However, a user sometimes needs to escalate privileges to gain extra
permissions for an activity. The user may need access to a device that is restricted, for example. Operating
systems provide various methods to allow privilege escalation. On UNIX, for instance, the setuid attribute on a
program causes that program to run with the user ID of the owner of the file, rather than the current user’s ID.
The process runs with this effective UID until it turns off the extra privileges or terminates.