The operating system is a go-between, between the physical machine and the users/programs.

If you take a big picture view of a computer, you get three things:

  1. the physical computer
  2. the operating system
  3. the user and programs running on the user's behalf
You should understand what we mean by "the physical machine", and you should certainly understand "the user". What's meant by "programs running on the user's behalf" is simply that when you want to, for example, check e-mail, you launch the e-mail program. So that email program is communicating over networks, printing files, etc, on your behalf. So what's the Operating System? On your laptops it's Windows, if you own an iphone, it's iOS or if you have another smartphone it might be Android. On another computer it might be Linux. The operating system is a very special collection of programs. It manages all the other programs running on the computer and acts as an intermediary between those programs (or the user) and the physical machine. Neither the user nor a regular program manipulates a resource like the hard drive directly. Instead, they ask the operating system to manipulate the resource on their behalf. In this lesson we'll learn a bit about operating systems.

NASA's Curiosity Mars explorer
You might wonder what OS gets used for something like NASA's Curiosity robot, which is exploring Mars as we speak. It's not one of the major PC or mobile OSs we talk about in SI110! Check out this article which describes the hardware and OS on the Curiosity. It includes a 10+ year-old CPU, and an OS that was initially released in 1985, but it has to be able to handle extremes in temperature, radiation, navigate an alien world on its own, and communicate with engineers so far away light itself takes 14 minutes to make the trip ... one-way!

What is an Operating System

An Operating System (OS) is a program (or collection of programs) that manages the physical computer and the programs that run on it. There are many different OS's out there, and you may be familiar with several

MS Windows - your laptops "run Windows 7", meaning that the OS is MS Windows version 7.
Unix - Unix is actually a family of OS's. The CS department web server runs a Unix variant called Linux. Apple's Mac OS X is a variant of Unix. Linux is going to play a role in this course. It's what's called Open Source, which means that people are free to modify it to suit their needs. A lot of security-related tools are built this way, i.e. they're variants of Linux.
iOS - Apple's iPhone, iPod Touch and iPad all run an operating system called iOS, which is designed for smaller "mobile devices".
Android - many smart phones run Google's Android OS, which is another OS built specifically for mobile devices.

Because the OS manages the computer and all the programs that run on the computer, it is of critical importance to security. It can restrict what programs and users do to make sure they can't cause too much trouble on the system. Conversely though, when OS's have security flaws, it's a really big problem. Here is a recent example.

Services the OS Provides

The OS provides services to Users and programs — it does things they need done that they cannot or are not allowed to do for themselves. Some important kinds of OS-provided services are:

The OS generally provides three ways for programs and users to access its services:

The Windows shell can be accessed by clicking on the start button and choosing Command Prompt or typing cmd.exe
Although you are probably only familiar with using the GUI to access operating system services, the shell will be important for this course. That importance stems in no small measure from the fact that the shell is an interface to the OS for both users and programs alike. The OS's we'll use for this course are Windows and (a little bit of) Linux. Both have shells.

File Systems

You cannot understand information systems without understanding a bit about file systems. Files and folders are organized hierarchically on your computer. In Windows, you have a separate hierarchy for each Drive Letter, which is a letter followed by a colon. Normally, different drive letters correspond to different devices, perhaps C: is your hard drive, E: is your DVD drive, F: may be what gets assigned to your camera when you plug it in (a camera has a drive with a filesystem for storing its photos). A file (or folder) is not defined uniquely by its name alone! Instead, it is defined uniquely by the path from the top or the hierarchy down to the file (or folder) in question, where the names in the path are separated by backslashes (\'s). You can navigate these file hierarchies in Windows by clicking on the start button and choosing Computer from the right-hand side of the list that pops up. What you see at first is a screen with icons for each of the drive letters available on your system. Double click on C: and what you see is a list of all the files and folders that comprise the next level down in the hierarchy rooted at C:. Double click on Users and what you see is a list of all the files and folders that comprise the next level down from C:\Users. Double click on your user name, and then on Desktop after that. You're now fairly far down in the hierarchy. If there was a file named foo.txt here, its path would be
C:\Users\m17xxxx\Desktop\foo.txt
and while there may be many files named foo.txt on your system, there's only one with that exact path. BTW: In the file viewer, if you click on the icon at the far left of the address bar at the top, it prints out the path for you.

Key Points

  1. files and folders are arranged hierarchically
  2. every file and folder has a place in the hierarchy
    So when you save a file in Word or download a file using your browser, those files get put somewhere in your filesystem, and you need to start becoming cognizant of where!
  3. every file and folder is uniquely named by its path
  4. in a file viewer window, you see the contents of one folder, the current folder, and the address bar describes the path to the current folder
This is an example of what your laptop's filesystem looks like (in part).


In this example hierarchy above, you see that there are three files named "hello.txt". There is no conflict, however, because they are in different directories (folders). Their full path names are:
C:\Users\m179999\Desktop\hello.txt
C:\Users\m179999\Downloads\hello.txt
C:\Users\Public\hello.txt
The basic file system operations are to create or delete files and folders, to move (i.e. rename) files and folders, and to copy files and folders. By now, you are probably familiar with how to do these kinds of things using Windows' GUI, a program Microsoft calls Windows Explorer.

A brief look at the structure of a shell command

A shell command consist of a name, zero or more arguments, and zero or more options. For example:
move  /-Y  C:\Users\billy\Downloads\vacation.jpg  photos\archive\vacation.jpg
----  ---  -------------------------------------  ----------------------------
  \     \                \                                   \
   \     \--- option      \--- argument                       \--- argument
    \
     \--- name
	
Note: Normally space separates arguments, but " "s allow you to make an arbitrary string (including spaces) a single argument. So, for example, the command
mkdir foo bar
creates two directories, foo and bar, while the command
mkdir "foo bar"
creates a single directory named foo bar. Note that this is different from
mkdir "foo          bar"
which creates a single directory named foo          bar.

File Systems Operations with the Shell

The GUI's file viewer has a current folder that it's in at any given point in time. The shell works the same way, and its current folder is displayed to the left of the command prompt. You hop from one drive letter hierarchy to the next by typing the drive letter and colon then pressing enter. You list the contents of the current folder with dir. To move down in the hierarchy from your current drive letter, you type cd followed by the name of the folder you want to move down into. (cd stands for "change directory", "directory" being the Unix name for "folder".) The argument to cd doesn't need to be a name, it could be a path (starting from the current folder) several folders deep, it could be ".", which make cd do nothing, it could be ".." which makes cd go up a level in the hierarchy rather than down. In fact, "..\.." or "..\..\..", etc are allowed for going up multiple levels in a single step. Also we have The arguments to these commands can be relative paths, i.e. paths that are relative to the current folder, or absolute paths, i.e. paths that begin with a drive letter and thus are interpreted the same way regardless of the current folder.

Processes

You can get a list of all the processes currently running on your system: a) press control+alt+delete, b) choose Start Task Manager, c) click on the Processes tab, d) select Show processes from all users
Recall that a program is really just a file, a file that contains the instructions the CPU is supposed to execute. A running instance of a program is called a process. A process contains a copy of the executable bytes (copied from the hard drive, in a .exe file, for example), as well as some bookkeeping information that allows the OS to monitor that process' execution status, resources, and privileges. In fact, more than one instance of the same program could be executing simultaneously — each instance would be its own separate process.

User accounts, logins, permissions

When the Task Manager shows processes, it lists the User name
Every process has a username attached to it (that user is called the process's owner) — typically the name of the user that caused the program to be run. Every file and folder also has a username attached to it (that user is called the file's owner).
In the shell, the command dir /Q lists all folders and files along with their owners' usernames.
Normally, the OS denies a process any request it might make to manipulate a file or folder unless the username attached to the process matches the username attached to that file or folder. Why just "Normally"? Because each file has a set of permissions — essentially rules defining which users can perform what kinds of actions — that are adjustable by the file's owner, and the owner can use those rules to change this behavior.
To view a file's permissions in Windows:
  1. Right click on the file in question and select Properties.
  2. Click on the Security tab.
  3. View the permissions on that file. Modify carefully!
The security of information on the system (and thus of the system itself) relies on this user/permissions scheme for controlling the access of processes to files. Thus, it is crucial that a process whose owner is listed as m179999 was really launched at the behest of the person whose username is m179999. That means that the login procedure is very important.

The Operating System manages user accounts, logins and process/file permissions. This job is crucially important for security. If user m179999 is allowed to launch a process whose owner is listed as m178888 ... well, we've got trouble. That would give user m179999 access to m178888's files.

The rights that a user has to access files is constrained. Generally, however, there will be one account with unlimited rights (so, for example, they can read every file on the system, regardless of the usual user permission schemes). A user with these unlimited rights is called an Administrator or 'root' user. Sometimes, regular users may be able to run a program with elevated privileges (we say elevated privileges to indicate that the program/user can do things they ordinarily could not) using a special password or via special permissions on the program. In Windows 7, a User Account Control dialog box opens up when a program asks to run with elevated privileges. In Unix, a shell command is prefaced with sudo (super-user do) to run that command with elevated privileges. The ultimate prize in attacking a single computer is to be able to run programs with elevated privileges, because then you essentially 'own' that machine. In particular, if you can launch a command shell with elevated privileges, you win.

IT Officer


The local area network available for crew member use on naval vessels allows for collaboration and sharing of files through the use of a file sharing. Users (the crew) log in to any one of the available computers onboard to use it.

A typical use of the LAN is creating and reviewing personnel fitness reports and evaluations, which are subject to privacy protection. Although the operating system provides access control to files, the file owners must specify which users should and should not have access.

The only user that is immune to file permissions is the Administrator (also called root, or superuser). Because of this immunity, the number of people with Administrator privileges should be kept at a minimum. The Administrator account should only be used, as necessary, to perform system administration tasks, such as system log reviews.

Depending on the command, any officer could be placed in charge of the ship's network administrators and, therefore, be given Administrator privileges. With that power comes serious responsibility. Responsibility to use the elevated privilege, as required, to perform system administrative tasks.

You are probably familiar with the case of Edward Snowden, who worked at NSA as a contractor. Snowden obtained then leaked millions of files detailing classified NSA programs, in an example of an insider threat attack. Snowden had Administrator privileges on the IT systems where he worked, so he was able to circumvent normal file access controls.