Modern Operating Systems

Features and structure of contemporary operating systems

The fundamental concepts that underlie operating systems are process and resource management, memory management, file management, and I/O management. The operating system provides a setting for applications to control the hardware on which it’s installed. The operating system will have some variation of a user interface to interact with the system. The interface may be a batch system, command line, or graphical user interface. The user interface does not directly control the hardware or system services. The user interface will use pre-defined ‘system calls’ to interact with the system services only in specific allowed methods. The system calls will relay the messages to the system services.

Operating System


Threads and process synchronization

Operating systems use inter-process communications to share and exchange information, such as shared memory and message passing. Shared memory is a method that allows multiple processes to access the same memory space. Message passing is a process of exchanging information by passing off the information or sending it to a shared mailbox. A process is an active program being executed. When a program's code is executed, it is part of the process that includes its registers and is represented by the program counter. Each process in the operating system is represented by a process control block (PCB), which contains various information about the process. The data contains:
The process state.
The program counter.
The CPU registers.
The CPU scheduling information.
The memory management information.
The I/O status.
The accounting information.
Processes can be single- or multi-threaded. Each thread can take another set of instructions as soon as it completes. If a thread has an error, it doesn't stop other threads from running. A process uses its own memory allocation. Separate processes can only share resources by using shared memory or message passing.
In contrast, threads can access the resources of the process to which they belong. There can be multiple threads of activity within the same address space. It is faster and more efficient for threads to run since they share system resources.



Memory management

Operating systems will use a combination of main memory, virtual memory, and memory mapping techniques to manage the overall memory requirements of the system and its application. Operating systems constantly move data between main and virtual memory based on the system's needs. This process is called "paging," allowing the computer to use its available memory efficiently. Operating systems use different memory mapping techniques to map the virtual address space to the physical address space. These techniques determine how the operating system manages the allocation of memory and how programs access memory. Some common memory mapping techniques include:
  • When a program is loaded into memory, the operating system assigns a continuous block of memory to it.
  • During segmentation, the operating system divides the virtual address space into segments and assigns each segment to a different part of the program.
  • Using paging, the operating system divides the physical memory into fixed-sized blocks called "pages" and the virtual address space into fixed-sized blocks called "page frames." Programs can then access more memory than is physically available by mapping pages to page frames.


Files, Mass Storage and I/O

Modern computer systems store files on mass storage devices like hard drives or solid-state drives and use a file system to organize, track and access them efficiently. The operating system manages the storage and retrieval of files. The file system organizes and keeps track of the files while controlling access by setting permissions. Most modern computer systems use a hierarchical file system, a tree-structured directory with a root directory and multiple levels of sub-directories.

A computer can communicate with various I/O (input/output) devices which can be divided into two categories: input devices, which allow a user to input data into the computer, and output devices which output data to the user.



Security and Protection

It is necessary to control access to the resources in a computer system to protect against untrusted or malicious users or computer code. It is vital to ensure that all code running within a particular domain or language adheres to system policies. 
The principles of domain-based protection include isolation, the principle of least privilege, and compartmentalization. Each domain is separate from other domains and allows only specific resources to be used within each domain. Each domain only gets the minimum set of permissions needed to perform a task. If something fails in one domain, it cannot affect another domain.
The principles of language-based protection include variable types that cannot be modified at runtime, memory safety, and automatic memory management. The coding languages are built to allow the programming to set variables that cannot be changed. The language checks memory at runtime to prevent common memory errors and automatically manages memory allocation.
Some security measures include access control lists, language base control, authorization, authentication, cryptography, anti-virus software, encryption, firewalls, and more. The specific mechanisms used will depend on the system and the level of security required.




How These Concepts Can Be Useful in Future Jobs

The concepts studied in this course give me an overview of how an operating system is built. Since I will be looking for a career in cyber and data security, this course has helped me understand how an operating system's various components fit together. More importantly, it gives me more understanding of the surface area or the many different places an operating system can be attacked. This will help to understand how and where a system can have vulnerabilities to protect those areas proactively. In addition, this course has also taught me that operating system design is a moving target and that things change fast.




References:

Identity Management Institute®. (2021, December 28). Access Control Matrix and Capability List. https://identitymanagementinstitute.org/access-control-matrix-and-capability-list/

Race Condition, Critical Section and Semaphore. (n.d.). https://www.tutorialspoint.com/race-condition-critical-section-and-semaphore Links to an external site.

Silberschatz, A., Galvin, P. B., & Gagne, G. (2014). Operating system concepts essentials (2nd ed.). Retrieved from https://redshelf.com/