Operating Systems: Resource Management and Security
Introduction
Operating systems manage resources, facilitate sharing, provide virtual machine abstraction, and handle security management. Many programs coexist within your operating system, sharing memory, processor time, and devices. The operating system facilitates and enforces this sharing. It grants exclusive use of some resources, like your program’s memory, and manages shared resources, such as a webcam.
In the past, programs had to be aware of specific hardware details. For instance, games would ask for your graphics or sound card type. Today, the operating system acts as an intermediary, abstracting hardware specifics from applications. This significantly simplifies application development.
Our computers store increasingly critical data, including health records, company secrets, and personal journals. As the value of this data grows, so does the interest of malicious individuals in accessing it. Shared computers further heighten security needs. Security also involves protecting applications from accidental interference by other applications. In essence, security ensures users are protected from data leakage and loss, whether accidental or intentional.
What is an Operating System?
An operating system comprises one or more programs that abstract our computer(s) to facilitate sharing, resource management, and security. Operating systems are software; we can write, modify, and improve them.
Batch Vs. Interactive
A batch system completes one job from start to finish before starting another. An interactive system rapidly switches between jobs, creating the illusion of multitasking.
Open-Source Vs. Proprietary
Some operating systems are proprietary, like Windows and macOS, while others are open-source, like Linux and Haiku.
Single Computer Vs. Distributed
Single computer operating systems function on a single (logical) computer, while distributed operating systems connect multiple computers into a unified computing platform. Single computer systems are common in devices like phones and laptops. Distributed computing is often used in scientific research for tasks beyond a single computer’s capacity. Beowulf clusters are notable examples.
Single User Vs. Multi-User
Operating systems can also be categorized by the number of users they support. Some are single-user, like your phone. Others are single-user at a time, such as a Windows PC in a library. Multi-user systems, like our Linux research cluster, support simultaneous users. Client-server systems, such as websites and databases, facilitate centralized interactions. Peer-to-peer systems, like Discord or gaming networks, involve direct user connections.
Manager Vs. Provider
The operating system manages resources and enables sharing. It can also be viewed as a service provider for application developers. For example, reading or writing a file in a program utilizes operating system functionality.
Desktop
Desktop (or laptop) computers are primarily single-user at a time. They offer moderate power, typically with 8-16 cores, 8-32 GB of RAM, and 1-4 TB of disk space. These systems handle multimedia tasks like graphics and sound. A user-friendly Graphical User Interface (GUI) is essential. Desktop systems are interactive, usually owned by an individual or family, and can run a vast number of programs.
Servers
Servers are multi-user systems, sometimes managed by the operating system. They are powerful, typically with 16+ cores, over 32 GB of RAM, and multiple terabytes of disk space. Servers often run headless (without a display or sound) and are commonly used in batch mode. User-friendliness is less of a priority, with many servers operating via the command line. Servers are usually owned by companies or universities and typically run a limited number of programs concurrently.
Mobile
Mobile devices resemble desktops but have key differences. They are more hardware-constrained, with limited device support. Battery life is crucial for efficient operation without frequent charging. Mobile devices are typically “always on” and have essential apps, like the “Phone” app, critical for functionality.
Embedded – Media
Devices like Apple TV, Roku, Blu-ray players, Smart TVs, and car entertainment systems are examples of embedded media devices. They have fixed hardware and are plugged in (no battery). These devices feature user interfaces with limited input, such as remote controls, emphasizing user-friendliness. They are often multi-user (one at a time), with reliability being paramount. These devices usually run a fixed, small set of applications.
Embedded Systems – Networking
Examples include home routers, large campus routers, load balancers, and networking devices like Wi-Fi routers, wired connections, and fiber-optic systems. Similar to embedded media systems, they are typically real-time, run few but specialized programs, and are optimized for efficient data transfer.
Embedded Systems – “Other”
This category includes drones, medical devices, microwaves, anti-lock brakes, and more. These systems must operate reliably. They are typically single-user and don’t prioritize user interaction. Their functionality is limited, often with few or no updates. These devices run a single set of specialized programs and are not general-purpose.
Active Directory/LDAP
LDAP (Lightweight Directory Access Protocol) is a protocol for accessing and managing directory information. Active Directory (AD) is a Microsoft extension of LDAP. It’s a specialized database for managing user access, optimized for rapid reading. When a campus computer receives a login request, it checks with the University’s LDAP/AD server. After password and two-factor authentication validation, the user is logged in. This system eliminates the need for password storage on each computer.
Network Filesystem
A network filesystem is a program that interfaces between one or more disks and the network. It handles network requests using a filesystem. Examples include NFS (Network File System) on Linux and SMB (Server Message Block) on Windows. Linux and macOS can access these systems using Samba.
Operating System Structure
An operating system is typically structured as follows:
- Userland: The environment where user programs run, providing services and resources for applications.
- Kernel: The core of the OS, managing system resources, memory, processes, and hardware communication.
- Device Drivers: Small modules specific to hardware types or brands (e.g., the NVIDIA graphics driver), enabling OS-hardware communication.
- Hardware Abstraction Layer (HAL): Allows a generic kernel to work on different hardware architectures (e.g., ARM vs. x64) by abstracting hardware details.
- GUI/Windowing Manager: Provides a visual user interface, handling windows, controls, and graphical elements.
Monolithic Kernels
Monolithic kernels are single programs, albeit spread across multiple source files, compiled together. A crash in one component can cause system failure. However, they are highly efficient as all parts share the same memory space and communicate directly.
Kernel Modules
Combining monolithic and microkernel features is possible using kernel modules. This approach uses a monolithic kernel but allows loading separate “objects” (modules) that run as distinct programs. This provides the extensibility of a microkernel without its overhead. Systems like Linux, Haiku, and others use this model. Kernel modules run in kernel space, sharing the same memory space as the rest of the kernel.