1 | M .

s c S e m 1 ADVANCED OPERATING SYSTEM

UNIT-V Advance Topics of Operating System

(1) Embedded operating systems

Embedded Operating System
An embedded operating system is a computer operating system designed for use in embedded computer
systems. These operating systems are designed to be small, resource-efficient, dependable, and reduce
many features that aren't required by specialized applications.

The hardware that runs an embedded operating system is usually quite resource-constrained. Embedded
hardware systems are typically quite specific, and it means that these systems are designed to cover certain
tasks due to limited resources.

In this article, you will learn about the embedded operating system with its types and many other features.

What is Embedded Operating System?

An embedded operating system is a computer operating system designed for use in embedded computer
systems. It has limited features. The term "embedded operating system" also refers to a "real-time
operating system". The main goal of designing an embedded operating system is to perform specified
tasks for non-computer devices. It allows the executing programming codes that deliver access to devices
to complete their jobs.

An embedded operating system is a combination of software and hardware. It produces an easily

understandable result by humans in many formats such as images, text, and voice. Embedded operating
systems are developed with programming code, which helps convert hardware languages into software
languages like C and C++.

The embedded operating system improves overall efficiency by controlling all hardware resources and
minimizing response times for specific tasks for which devices were built.

How does an Embedded System work?

People commonly wonder how an embedded system works since there is a high need for complex product
technology, which provides opportunities for embedded software developers. In contrast to a desktop PC,
which loads or runs applications, an embedded operating system is built for fewer tasks and typically
handles a single application on a device.

Due to the limited scope of operating system functions, it must be reliable and run smoothly with its size,
processing power, and requirements. That specific application is essential to the end product's functionality.
Wind River VxWorks, Embedded Linux and Android, and QNX are some of the top embedded operating
systems for commercial and industrial applications.
2 | M . s c S e m 1 ADVANCED OPERATING SYSTEM

History of Embedded Operating System

The Apollo Guidance Computer (AGC) introduced embedded operating systems in the 1960s, while Linux
and Android are more new developments to the market. The AGC is a non-profit organization that
promotes each Apollo command module (ACM), and Apollo Lunar Module (ALM) had it installed. The
AGC offered computation and electronic interfaces for the navigation, guidance, and control of the
spacecraft.

Since then, embedded computer systems have gone a long way, and the evolution appears to be far from
over, owing to advancements in microcontroller technology from 8-bit to 16-bit, and eventually 32-bit.
Since embedded computer systems are growing more complex, operating systems have grown essential
to manage embedded software effectively.

Types of Embedded Operating System

There are various types of Embedded operating systems. Some of them are as follows:

Real-Time Operating System

A real-time operating system (RTOS) is a deterministic operating system with limited functionalities that
allows multi-threaded applications by giving processed outputs within set time limitations. Since some
apps are time-critical, they must be executed exactly when they are expected to maintain the entire system
functioning.

The real-time operating system is dependent on clock interruptions. Interrupt Service Routine
(ISR) interruptions are generated by this system. The Priority system was implemented by RTOS for the
execution of all types of processes. The process and the RTOS are synchronized and can communicate with
one another. The RTOS is stored on a ROM (Read Only Memory) chip because this chip can store data
for a long time.

Multi-tasking Operating System

The multitasking operating system may execute multiple tasks at the same time. In a multitasking operating
system, multiple tasks and processes run at the same time. If the system contains more than one processor,
it may perform a wide range of functions.

The multitasking operating system is switched between the multiple tasks. Some tasks are waiting for
events to occur, while others are receiving events and preparing to run. When using a multitasking
operating system, software development is easier since different software components may be made
independent of each other.

Preemptive Operating System

A multitasking operating system that interprets task preemption is known as a preemptive operating
system. A task with a higher priority is always defined and executed before a task with a lower priority. Such
multitasking operating systems improve system reaction to events and simplify software development,
resulting in a more dependable system. The system designer may calculate the time required for service
3 | M . s c S e m 1 ADVANCED OPERATING SYSTEM

interpreters in the system and the time required by the scheduler to switch tasks. Such systems can fail to
meet a system's deadline, and the program is unaware of the missed deadline. CPU load can be naturally
measured in a preemptive operating system by defining a lower priority process that does nothing except
increment the counter.

Rate Monotonic Operating System

Some embedded systems are designed to use a specific task scheduling method known as 'Rate
Monotonic Scheduling'. It is an operating system that assures that tasks in a system may operate for a
specific amount of time and duration of time. It is a priority-based scheduling algorithm. It is used in
operating systems as a preemptive. It means that all tasks can be interrupted or suspended by other tasks
within a short period of time. It is generally used to perform shorter tasks with higher priority.

Single System Control Loop

It is a very simple type of operating system designed to perform only one function. It is used in several
devices, including smartphones, thermostats or temperature controls, digital controllable equipment, etc.
Users may set any point of temperature variable as desired in this type of OS. Several sensors are included
in this system to determine various temperature points in the environment.

Characteristics of Embedded Operating System

There are various characteristics of an embedded operating system. Some of them are as follows:

1. It provides real-time operations.

2. Direct use of interrupts
3. Input/Output device flexibility
4. Reactive operation
5. Streamlined protection mechanisms
6. Configurability

Popular Embedded Operating Systems

There are various popular embedded operating systems. Some of them are as follows:

eCos
It stands for 'Embedded Configurable Operating System', and all of its components provide a wide range
of configuration options. The eCos operating system may support a wide range of popular embedded
CPUs.

mbed OS
It is a free and open-source embedded operating system that offers a systematic and comprehensive
environment for intelligent hardware development.
4 | M . s c S e m 1 ADVANCED OPERATING SYSTEM

VxWorks
Wind River Company firstly introduced it in 1983. It is supported with task synchronization, memory
efficiency management, and other features.

µC/OS-II:
It is introduced based on the μC/OS principle. μC/OS-II may handle 64 tasks and provide various
functionalities such as interrupt services, task scheduling, memory management, synchronization, and time
management.

FreeRTOS
It is a lightweight operating system that supports the priority scheduling algorithm. It provides various
functionalities like memory management, message queue, task management, semaphore, time
management, etc.

QNX
QNX was created in 1980 and is a commercial embedded real operating system that requires the POSIX
specification to compile.

µ Clinux
It stands for 'Micro-Control Linux', and it is the latest version of embedded Linux. It is capable of grab all
features of the Linux operating system.

Embedded Operating System Uses

The embedded operating system is commonly used in various areas, including car navigation systems,
multimedia players, airplane navigation systems, and medical equipment.

Car navigation system

The car navigation system is a small computer system with a touch screen that enables the driver to
navigate numerous menus such as audio playback, radio, GPS and route mapping, fuel level, hands-free
calls, and tire pressure monitoring systems. All of these tasks are performed by the computer to improve
the driving experience.

Parking Metering
Smart city parking meters use the embedded system to manage the user input and track time and costs.
Depending on the design, these devices contain a variety of built-in functions. For example, some sensors
detect vehicle entry and exit, while others require the driver to enter the parking space or vehicle license.
A user interface offers the driver options, including defining the expected return time and paying
appropriately.

Medical Equipment
5 | M . s c S e m 1 ADVANCED OPERATING SYSTEM

Medical equipment automatically monitors bio constants, administers drugs. If the bio constants exceed
or fall below a threshold value, it alerts the staff. As a result, it may help doctors treat the patients, monitor
health issues, and save their lives.

The navigation system of a plane

The navigation system of a plane is a good instance of a real-time operating system. The main computer
of an airplane is connected to most control systems such as the wing, engine, pressure controls, and safety.
As a result, it is specifically built to work inside a plane and help with takeoff, landing, and emergency
operations.

Advantages and disadvantages of Embedded Operating

System
There are various advantages and disadvantages of an embedded operating system. Some of them are as
follows:

Advantages
There are various advantages of an embedded operating system. Some of them are as follows:

1. It is small in size and faster to load.

2. It is low cost.
3. It is easy to manage.
4. It provides better stability.
5. It provides higher reliability.
6. It provides some interconnections.
7. It has low power consumption.
8. It helps to increase the product quality.

Disadvantages
There are various disadvantages of an embedded operating system. Some of them are as follows:

1. It isn't easy to maintain.

2. The troubleshooting is harder.
3. It has limited resources for memory.
4. It isn't easy to take a back of embedded files.
5. You can't change, improve, or upgrade an embedded system once it's been developed.
6. If any problem occurs, you need to reset the setting.
7. Its hardware is limited.
 6 | M . s c S e m 1 ADVANCED OPERATING SYSTEM

(2) eCos
What is the eCos operating system?
The Embedded Configurable Operating System (eCos) is an RTOS that is built primarily for embedded
systems and applications that require just one process with several threads. It is intended to adapt to
specific application runtime performance and hardware constraints. It is developed using the programming
languages C and C++, and it contains POSIX and The Real-time Operating System Nucleus
(TRON) variant µITRON compatibility layers and application programming interfaces. All embedded
security standards are met by eCos, which is supported by popular SSL/TLS libraries like wolfSSL.

History of eCos Operating System

eCos operating system was created in 1997 by Cygnus Solutions, which Red Hat eventually acquired. In
early 2002, Red Hat stopped the development of eCos and fired off the project's team. Many laid-off
employees continued to work on eCosOS, and some created their firms to provide software services. Red
Hat decided to transfer the eCos copyrights to the Free Software Foundation in October 2005 after the
eCos developers requested it in January 2004. The process was ultimately finished in May 2008.

Design of the eCos Operating System

eCos operating system was designed for real-time applications or for devices with memory capacities of a
few tens to several hundred kilobytes. eCos OS may also operate on various other hardware platforms,
including ARM, IA-32, Motorola 68000, CalmRISC, FR-V, Hitachi H8, NEC V850, Nios II, Matsushita AM3x,
MIPS, PowerPC, SPARC, and SuperH.

The eCos operating system contains RedBoot, which is an open-source program that provides bootstrap
firmware for embedded devices by utilizing the eCos hardware abstraction layer.

Non-free versions of eCos Operating System

The eCosPro RTOS is a commercial extension of the eCos operating system created by eCosCentric that
incorporates proprietary software components. It is marketed as a "stable, completely tested, certified, and
supported version" with additional features that are not accessible as free software. eCosCentric announced
on Pi Day 2017 that they had adapted eCosPro to all Raspberry Pi models, with demos at the Embedded
World trade exhibition in Nuremberg (Germany) and free releases to come.

Features of the eCos Operating System

There are various features of the eCos Operating System. Some features of the eCos operating system are
as follows:

Free and Open-Source

 7 | M . s c S e m 1 ADVANCED OPERATING SYSTEM

eCos is a free and open-source operating system with a license that allows unrestricted access to its source
code while preserving the intellectual property rights of middleware and embedded programs. Engineers
have complete control, flexibility, and comprehension over all parts of their embedded design. Commercial
liberties include permanent access and rights to the codebase, no vendor lock-in, no limits on your
intellectual property, and no royalty or license costs. It is released under a variant of the well-known GPL
license that supports linking non-GPL-licensed applications with eCos. It implies that your program, system
improvements, and any third-party middleware are not needed to be licensed under the GPL.

Functionality
Many embedded applications' tools and runtime features are included in the standard eCos release,
including a priority-based real-time scheduler and synchronization primitives, language support libraries,
standards-based APIs file systems, device drivers, networking, communications, and debugging support.
The open-source GNU compiler toolset and an eCos setup tool with a graphical user interface are also
provided.

Portability
A well-defined hardware abstraction layer (HAL) built on the C programming language and strong
integration with the GNU C/C++ toolset provides eCos with its simple design and platform portability. As
a result, eCos OS has been ported to almost all current 32-bit architectures. Several of them include ARM,
Coldfire/68K, Hitachi SH2/3/4, Nios, PowerPC, Intel x 86, MIPS/microMIPS, and SPARC.

The eCos HAL is also the foundation for the RedBoot bootloader and debugs agent, which enables the
construction of an RTOS port, bootstrap, and software debug solution in a single step.

Performance
eCos implements a traditional multi-threaded architecture with a comprehensive set of synchronization
primitives since it was created from the bottom up for deeply embedded real-time applications. It provides
predictable reaction times, short interrupt latency, and low overhead context transitions.

Flexibility and Efficiency

The "Embedded Configurable Operating System" is known as eCos. The eCos system may expand from
extremely tiny, memory-constrained SOC-type devices to more complicated systems requiring higher
levels of capability due to the configurable technology at its core.

Developers may provide the necessary features and characteristics of the operating system through the
configuration system, resulting in an application-specific version that is perfectly tailored to the needs of a
certain device. It addresses the challenge of strict RAM/ROM budgets and performance requirements while
achieving the lowest resource footprints with maximum functionality and efficiency

(3) Tiny os
8 | M . s c S e m 1 ADVANCED OPERATING SYSTEM
TinyOS is an embedded, component-based operating system and platform for low-power wireless devices, such as
those used in wireless sensor networks (WSNs), smartdust, ubiquitous computing, personal area networks, building
automation, and smart meters. It is written in the programming language nesC, as a set of cooperating tasks and
processes. It began as a collaboration between the University of California, Berkeley, Intel Research, and Crossbow
Technology, was released as free and open-source software under a BSD license, and has since grown into an
international consortium, the TinyOS Alliance.

Implementation
TinyOS applications are written in the programming language nesC, a dialect of the C language optimized for the
memory limits of sensor networks. Its supplementary tools are mainly in the form of Java and shell script front-ends.
Associated libraries and tools, such as the nesC compiler and Atmel AVR binutils toolchains, are mostly written in C.
TinyOS programs are built of software components, some of which present hardware abstractions. Components are
connected to each other using interfaces. TinyOS provides interfaces and components for common abstractions such
as packet communication, routing, sensing, actuation and storage.
TinyOS is fully non-blocking: it has one call stack. Thus, all input/output (I/O) operations that last longer than a few
hundred microseconds are asynchronous and have a callback. To enable the native compiler to better optimize across
call boundaries, TinyOS uses nesC's features to link these callbacks, called events, statically. While being non-blocking
enables TinyOS to maintain high concurrency with one stack, it forces programmers to write complex logic by stitching
together many small event handlers. To support larger computations, TinyOS provides tasks, which are similar to
a Deferred Procedure Call and interrupt handler bottom halves. A TinyOS component can post a task, which the OS will
schedule to run later. Tasks are non-preemptive and run in first in, first out order. This simple concurrency model is
typically sufficient for I/O centric applications, but its difficulty with CPU-heavy applications has led to developing
a thread library for the OS, named TOSThreads. TOSThreads are unmaintained and have been deprecated. [1]
TinyOS code is statically linked with program code and is compiled into a small binary, using a custom GNU toolchain.
Associated utilities are provided to complete a development platform for working with TinyOS.

History
TinyOS began as a project at UC Berkeley as part of the DARPA NEST program. It has since grown to involve
thousands of academic and commercial developers and users worldwide. (list in reverse chronological order)

 August 2012: TinyOS 2.1.2 released

 April 2010: TinyOS 2.1.1 released.
 August 2008: TinyOS 2.1.0 released.
 July 2007: TinyOS 2.0.2 released. Work on TinyOS 2.1, which involves slight changes to a few interfaces, begins.
 April 2007: TinyOS 2.0.1 released at the 4th TinyOS Technology Exchange in Cambridge, MA.
 November 2006: TinyOS 2.0 released at the SenSys conference in Boulder, CO.
 July 2006: TinyOS 2.0 beta2 released.
 February 2006: TinyOS 2.0 beta1 released at the 3rd TinyOS Technology Exchange in Stanford, CA.
 December 2005: TinyOS 1.1.15, the last 1.1 version, is released.
 July 2005: NEST project concludes.
 June 2004: Working group forms on next steps for TinyOS, based on experiences porting to new platforms. Group
agrees to start work on 2.0.
 September 2003 – December 2005: TinyOS begins a periodic minor release process.
 August 2003: TinyOS version 1.1 is released, which includes new nesC features including data race detection.
 September 2002: TinyOS version 1.0, implemented in nesC, is released.
 April 2002: Work on the nesC programming language begins as a collaboration between Intel Research and UC
Berkeley.
 February 2002: Berkeley distributes 1000 mica nodes to other participants in the NEST project.
 2001: Berkeley develops the mica platform and releases TinyOS version 0.6.
 2000: Berkeley designs the rene platform and partners with Crossbow, Inc., who mass-produces the hardware.
TinyOS version 0.43 is made available to the public via SourceForge. Pre-1.0 versions of TinyOS are a mix of C
and Perl scripts.
 1999: First TinyOS platform (WeC) and OS implementations are developed at Berkeley.
 9 | M . s c S e m 1 ADVANCED OPERATING SYSTEM

(4) computer security concepts

Computer security refers to protecting and securing computers and their related data,
networks, software, hardware from unauthorized access, misuse, theft, information loss, and
other security issues. The Internet has made our lives easier and has provided us with lots of
advantages but it has also put our system’s security at risk of being infected by a virus, of being
hacked, information theft, damage to the system, and much more.
Technology is growing day by day and the entire world is in its grasp. We cannot imagine even
a day without electronic devices around us. With the use of this growing technology, invaders,
hackers and thieves are trying to harm our computer’s security for monetary gains, recognition
purposes, ransom demands, bullying others, invading into other businesses, organizations, etc.
In order to protect our system from all these risks, computer security is important.

Types of computer security

Computer security can be classified into four types:

1. Cyber Security: Cyber security means securing our computers, electronic devices,
networks , programs, systems from cyber attacks. Cyber attacks are those attacks that happen
when our system is connected to the Internet.
2. Information Security: Information security means protecting our system’s information from
theft, illegal use and piracy from unauthorized use. Information security has mainly three
objectives: confidentiality, integrity, and availability of information.
3. Application Security: Application security means securing our applications and data so that
they don’t get hacked and also the databases of the applications remain safe and private to the
owner itself so that user’s data remains confidential.
4. Network Security: Network security means securing a network and protecting the user’s
information about who is connected through that network. Over the network hackers steal, the
packets of data through sniffing and spoofing attacks, man in the middle attack, war driving,
etc, and misuse the data for their benefits.

Types of cyber attack

1. Denial of service attack or DOS: A denial of service attack is a kind of cyber attack in
which the attackers disrupt the services of the particular network by sending infinite requests
and temporary or permanently making the network or machine resources unavailable to the
intended audience.
2. Backdoor: In a backdoor attack, malware, trojan horse or virus gets installed in our system
and start affecting it’s security along with the main file. Consider an example: suppose you are
installing free software from a certain website on the Internet. Now, unknowingly, along with
this software, a malicious file also gets installed, and as soon as you execute the installed
software that file’s malware gets affected and starts affecting your computer security. This is
known as a backdoor.
3.Eavesdropping: Eavesdropping refers to secretly listening to someone’s talk without their
permission or knowledge. Attackers try to steal, manipulate, modify, hack information or
systems by passively listening to network communication, knowing passwords etc. A physical
example would be, suppose if you are talking to another person of your organization and if a
third person listens to your private talks then he/ she is said to eavesdrop on your conversation.
10 | M . s c S e m 1 ADVANCED OPERATING SYSTEM

Similarly, your conversation on the internet maybe eavesdropped by attackers listening to your
private conversation by connecting to your network if it is insecure.
4. Phishing: Phishing is pronounced as “fishing” and working functioning is also similar. While
fishing, we catch fish by luring them with bait. Similarly, in phishing, a user is tricked by the
attacker who gains the trust of the user or acts as if he is a genuine person and then steals the
information by ditching. Not only attackers but some certain websites that seem to be genuine,
but actually they are fraud sites. These sites trick the users and they end up giving their
personal information such as login details or bank details or card number etc. Phishing is of
many types: Voice phishing, text phishing etc.
5. Spoofing: Spoofing is the act of masquerading as a valid entity through falsification of
data(such as an IP address or username), in order to gain access to information or resources
that one is otherwise unauthorized to obtain. Spoofing is of several types- email spoofing, IP
address spoofing, MAC spoofing , biometric spoofing etc.
6. Malware: Malware is made up of two terms: Malicious + Software = Malware. Malware
intrudes into the system and is designed to damage our computers. Different types of malware
are adware, spyware, ransomware, Trojan horse, etc.
7. Social engineering: Social engineering attack involves manipulating users psychologically
and extracting confidential or sensitive data from them by gaining their trust. The attacker
generally exploits the trust of people or users by relying on their cognitive basis.
8. Polymorphic Attacks: Poly means “many” and morph means “form”, polymorphic attacks
are those in which attacker adopts multiple forms and changes them so that they are not
recognized easily. These kinds of attacks are difficult to detect due to their changing forms.

Steps to ensure computer security

In order to protect our system from the above-mentioned attacks, users should take certain
steps to ensure system security:
1. Always keep your Operating System up to date. Keeping it up to date reduces the risk of
their getting attacked by malware, viruses, etc.
2. Always use a secure network connection. One should always connect to a secure network.
Public wi-fi’s and unsecured networks should be avoided as they are at risk of being attacked
by the attacker.
3. Always install an Antivirus and keep it up to date. An antivirus is software that scans your PC
against viruses and isolates the infected file from other system files so that they don’t get
affected. Also, we should try to go for paid anti-viruses as they are more secure.
4. Enable firewall. A firewall is a system designed to prevent unauthorized access to/from a
computer or even to a private network of computers. A firewall can be either in hardware,
software or a combination of both.
5. Use strong passwords. Always make strong passwords and different passwords for all social
media accounts so that they cannot be key logged, brute forced or detected easily using
dictionary attacks. A strong password is one that has 16 characters which are a combination of
upper case and lower case alphabets, numbers and special characters. Also, keep changing
your passwords regularly.
6. Don’t trust someone easily. You never know someone’s intention, so don’t trust someone
easily and end up giving your personal information to them. You don’t know how they are going
to use your information.
 11 | M . s c S e m 1 ADVANCED OPERATING SYSTEM

7. Keep your personal information hidden. Don’t post all your personal information on social
media. You never know who is spying on you. As in the real world, we try to avoid talking to
strangers and sharing anything with them. Similarly, social media also have people whom you
don’t know and if you share all your information on it you may end up troubling yourself.
8. Don’t download attachments that come along with e-mails unless and until you know that e-
mail is from a genuine source. Mostly, these attachments contain malware which, upon
execution infect or harms your system.
9. Don’t purchase things online from anywhere. Make sure whenever you are shopping online
you are doing so from a well-known website. There are multiple fraud websites that may steal
your card information as soon as you checkout and you may get bankrupt by them.
10. Learn about computer security and ethics. You should be well aware of the safe computing
and ethics of the computing world. Gaining appropriate knowledge is always helpful in reducing
cyber-crime.
11. If you are attacked, immediately inform the cyber cell so that they may take appropriate
action and also protect others from getting attacked by the same person. Don’t hesitate to
complain just because you think people may make your fun.
12. Don’t use pirated content. Often, people try to download pirated movies, videos or web
series in order to get them for free. These pirated content are at major risk of being infected
with viruses, worms, or malware, and when you download them you end up compromising your
system security

(5) Threats, Attacks

Difference between Threat and Attack
From a security standpoint, threats and attacks are two critical occurrences. From the perspective of
network security, it is critical to grasp the differences between the two.
 A threat in the realm of information security is the presence of a persistent hazard to information
integrity. This might take the shape of a human, a computer virus or malware, or something else.
 An attack, on the other hand, is the actual act of exploiting the information security system's
weaknesses.
There are a number of network security dangers and attacks to be aware of, such as Information theft and
fraud, putting a halt to routine business activities, viruses, cracking the passwords, Distributed Denial of
Service (DDoS) attacks, eavesdropping, hacking of e-mail, attempts at intrusion, spoofing a network,
social engineering, etc.

What is a Threat?
A Threat is a possible security risk that might exploit the vulnerability of a system or asset. The origin of
the threat may be accidental or environmental, human negligence, or human failure. There are various
types of security threats such as Interruption, Interception, Fabrication, and Modification.
A threat is something that can gain access to, harm, or eliminate an asset by exploiting a vulnerability,
whether purposefully or unintentionally. Threats can be divided into three categories −
 Floods, storms, and tornadoes are examples of natural disasters.
 Unintentional threats, such as an employee accessing incorrect information.
 Spyware, virus, adware companies, or the activities of a rogue employee are all examples of
intentional dangers.
12 | M . s c S e m 1 ADVANCED OPERATING SYSTEM

Bugs and malware are classified as dangers because they can hurt your firm if you are exposed to a
computerized attack rather than one carried out by humans.
Many firms do cyber threat assessments to determine where they should focus their monitoring,
protection, and remediation efforts. So, if an asset is something you're attempting to protect, a threat is
something you're trying to avoid.

What is an Attack?
An Attack is an intentional unauthorized action on a system. Attacks can be grouped into two categories
−
 Active Attacks − An active attack is an attempt to change system resources or influence their
operation.
 Passive Attacks − A passive attack is an attempt to understand or retrieve sensitive data from a
system without influencing the system resources.
An attack always has a motivation to misuse system and generally wait for an opportunity to occur.

Difference between Threat and Attack

The following table highlights the major differences between a Threat and an Attack −

Key Threat Attack

Intentional Threats can be intentional like human The attack is a deliberate action. An attacker
negligence or unintentional like natural have a motive and plan the attack accordingly.
disasters.

Malicious A Threat may or may not malicious. An Attack is always malicious.

Definition A Threat by definition is a An Attack by definition is an intended action

condition/circumstance which can to cause damage to system/asset.
cause damage to the system/asset.

Chance for Chance to damage or information The chance to damage or information

Damage alteration varies from low to very high. alternation is very high.

Detection A threat is difficult to detect. An attack is comparatively easy to detect.

Prevention A threat can be prevented by An attack cannot be prevented by merely

controlling the vulnerabilities. controlling the vulnerabilities. Other measures
like backup, detect and act, etc., are required
to handle a cyber-attack.

Initiation It might be started by the system or by It is always started by an outsider (system or

an outsider. user)

Conclusion
A Threat is a possible security risk that might exploit the vulnerability of a system or asset. An attack, on
the other hand, is the actual act of exploiting the information security system's weaknesses.
 13 | M . s c S e m 1 ADVANCED OPERATING SYSTEM

Threats and Attacks that might jeopardize information security can be prevented in a variety of ways. Soft
and physical firewalls, up-to-date antiviruses and antimalware, and other methods of protection should be
used to design and administer the IT system.

(5) Threats
Operating System Security
Every computer system and software design must handle all security risks and implement the necessary
measures to enforce security policies. At the same time, it's critical to strike a balance because strong
security measures might increase costs while also limiting the system's usability, utility, and smooth
operation. As a result, system designers must assure efficient performance without compromising security.

In this article, you will learn about operating system security with its issues and other features.

What is Operating System Security?

The process of ensuring OS availability, confidentiality, integrity is known as operating system security. OS
security refers to the processes or measures taken to protect the operating system from dangers, including
viruses, worms, malware, and remote hacker intrusions. Operating system security comprises all preventive-
control procedures that protect any system assets that could be stolen, modified, or deleted if OS security
is breached.

Security refers to providing safety for computer system resources like software, CPU, memory, disks, etc. It
can protect against all threats, including viruses and unauthorized access. It can be enforced by assuring
the operating system's integrity, confidentiality, and availability. If an illegal user runs a computer
application, the computer or data stored may be seriously damaged.

System security may be threatened through two violations, and these are as follows:

1. Threat

A program that has the potential to harm the system seriously.

2. Attack

A breach of security that allows unauthorized access to a resource.

There are two types of security breaches that can harm the system: malicious and accidental. Malicious
threats are a type of destructive computer code or web script that is designed to cause system
vulnerabilities that lead to back doors and security breaches. On the other hand, Accidental Threats are
comparatively easier to protect against.

Security may be compromised through the breaches. Some of the breaches are as follows:

1. Breach of integrity
14 | M . s c S e m 1 ADVANCED OPERATING SYSTEM

This violation has unauthorized data modification.

2. Theft of service

It involves the unauthorized use of resources.

3. Breach of confidentiality

It involves the unauthorized reading of data.

4. Breach of availability

It involves the unauthorized destruction of data.

5. Denial of service

It includes preventing legitimate use of the system. Some attacks may be accidental.

The goal of Security System

There are several goals of system security. Some of them are as follows:

1. Integrity

Unauthorized users must not be allowed to access the system's objects, and users with insufficient rights
should not modify the system's critical files and resources.

2. Secrecy

The system's objects must only be available to a small number of authorized users. The system files should
not be accessible to everyone.

3. Availability

All system resources must be accessible to all authorized users, i.e., no single user/process should be able
to consume all system resources. If such a situation arises, service denial may occur. In this case, malware
may restrict system resources and preventing legitimate processes from accessing them.

Types of Threats
There are mainly two types of threats that occur. These are as follows:

Program threats
The operating system's processes and kernel carry out the specified task as directed. Program Threats occur
when a user program causes these processes to do malicious operations. The common example of a
program threat is that when a program is installed on a computer, it could store and transfer user
credentials to a hacker. There are various program threats. Some of them are as follows:
15 | M . s c S e m 1 ADVANCED OPERATING SYSTEM

1.Virus

A virus may replicate itself on the system. Viruses are extremely dangerous and can modify/delete user files
as well as crash computers. A virus is a little piece of code that is implemented on the system program. As
the user interacts with the program, the virus becomes embedded in other files and programs, potentially
rendering the system inoperable.

2. Trojan Horse

This type of application captures user login credentials. It stores them to transfer them to a malicious user
who can then log in to the computer and access system resources.

3. Logic Bomb

A logic bomb is a situation in which software only misbehaves when particular criteria are met; otherwise,
it functions normally.

4. Trap Door

A trap door is when a program that is supposed to work as expected has a security weakness in its code
that allows it to do illegal actions without the user's knowledge.

System Threats
System threats are described as the misuse of system services and network connections to cause user
problems. These threats may be used to trigger the program threats over an entire network, known as
program attacks. System threats make an environment in which OS resources and user files may be
misused. There are various system threats. Some of them are as follows:

1. Port Scanning

It is a method by which the cracker determines the system's vulnerabilities for an attack. It is a fully
automated process that includes connecting to a specific port via TCP/IP. To protect the attacker's identity,
port scanning attacks are launched through Zombie Systems, which previously independent systems now
serve their owners while being utilized for such terrible purposes.

2. Worm

The worm is a process that can choke a system's performance by exhausting all system resources. A Worm
process makes several clones, each consuming system resources and preventing all other processes from
getting essential resources. Worm processes can even bring a network to a halt.

3. Denial of Service

Denial of service attacks usually prevents users from legitimately using the system. For example, if a denial-
of-service attack is executed against the browser's content settings, a user may be unable to access the
internet.
16 | M . s c S e m 1 ADVANCED OPERATING SYSTEM

Threats to Operating System

There are various threats to the operating system. Some of them are as follows:

Malware
It contains viruses, worms, trojan horses, and other dangerous software. These are generally short code
snippets that may corrupt files, delete the data, replicate to propagate further, and even crash a system.
The malware frequently goes unnoticed by the victim user while criminals silently extract important data.

Network Intrusion
Network intruders are classified as masqueraders, misfeasors, and unauthorized users. A masquerader is
an unauthorized person who gains access to a system and uses an authorized person's account. A misfeasor
is a legitimate user who gains unauthorized access to and misuses programs, data, or resources. A rogue
user takes supervisory authority and tries to evade access constraints and audit collection.

Buffer Overflow
It is also known as buffer overrun. It is the most common and dangerous security issue of the operating
system. It is defined as a condition at an interface under which more input may be placed into a buffer and
a data holding area than the allotted capacity, and it may overwrite other information. Attackers use such
a situation to crash a system or insert specially created malware that allows them to take control of the
system.

How to ensure Operating System Security?

There are various ways to ensure operating system security. These are as follows:

Authentication
The process of identifying every system user and associating the programs executing with those users is
known as authentication. The operating system is responsible for implementing a security system that
ensures the authenticity of a user who is executing a specific program. In general, operating systems
identify and authenticate users in three ways.

1. Username/Password

Every user contains a unique username and password that should be input correctly before accessing a
system.

2. User Attribution

These techniques usually include biometric verification, such as fingerprints, retina scans, etc. This
authentication is based on user uniqueness and is compared to database samples already in the system.
Users can only allow access if there is a match.

3. User card and Key

17 | M . s c S e m 1 ADVANCED OPERATING SYSTEM

To login into the system, the user must punch a card into a card slot or enter a key produced by a key
generator into an option provided by the operating system.

One Time passwords

Along with standard authentication, one-time passwords give an extra layer of security. Every time a user
attempts to log into the One-Time Password system, a unique password is needed. Once a one-time
password has been used, it cannot be reused. One-time passwords may be implemented in several ways.

1. Secret Key

The user is given a hardware device that can generate a secret id that is linked to the user's id. The system
prompts for such a secret id, which must be generated each time you log in.

2. Random numbers

Users are given cards that have alphabets and numbers printed on them. The system requests numbers
that correspond to a few alphabets chosen at random.

3. Network password

Some commercial applications issue one-time passwords to registered mobile/email addresses, which must
be input before logging in.

Firewalls
Firewalls are essential for monitoring all incoming and outgoing traffic. It imposes local security, defining
the traffic that may travel through it. Firewalls are an efficient way of protecting network systems or local
systems from any network-based security threat.

Physical Security
The most important method of maintaining operating system security is physical security. An attacker with
physical access to a system may edit, remove, or steal important files since operating system code and
configuration files are stored on the hard drive.

Operating System Security Policies and Procedures

Various operating system security policies may be implemented based on the organization that you are
working in. In general, an OS security policy is a document that specifies the procedures for ensuring that
the operating system maintains a specific level of integrity, confidentiality, and availability.

OS Security protects systems and data from worms, malware, threats, ransomware, backdoor intrusions,
viruses, etc. Security policies handle all preventative activities and procedures to ensure an operating
system's protection, including steal, edited, and deleted data.

As OS security policies and procedures cover a large area, there are various techniques to addressing them.
Some of them are as follows:
 18 | M . s c S e m 1 ADVANCED OPERATING SYSTEM

1. Installing and updating anti-virus software

2. Ensure the systems are patched or updated regularly
3. Implementing user management policies to protect user accounts and privileges.
4. Installing a firewall and ensuring that it is properly set to monitor all incoming and outgoing traffic.

OS security policies and procedures are developed and implemented to ensure that you must first
determine which assets, systems, hardware, and date are the most vital to your organization. Once that is
completed, a policy can be developed to secure and safeguard them properly.

(6) Distributed Global states

Distributed deadlocks can occur when distributed transactions or concurrency control are utilized in
distributed systems. It may be identified via a distributed technique like edge chasing or by creating a
global wait-for graph (WFG) from local wait-for graphs at a deadlock detector. Phantom deadlocks are
identified in a distributed system but do not exist due to internal system delays.

In a distributed system, deadlock cannot be prevented nor avoided because the system is too vast. As a
result, only deadlock detection is possible. The following are required for distributed system deadlock
detection techniques:

1. Progress

The method may detect all the deadlocks in the system.

2. Safety

The approach must be capable of detecting all system deadlocks.

Approaches to detect deadlock in the distributed system

Various approaches to detect the deadlock in the distributed system are as follows:

1. Centralized Approach

Only one resource is responsible for detecting deadlock in the centralized method, and it is simple and
easy to use. Still, the disadvantages include excessive workload on a single node and single-point failure
(i.e., the entire system is dependent on one node, and if that node fails, the entire system crashes), making
the system less reliable.

2. Hierarchical Approach

In a distributed system, it is the integration of both centralized and distributed approaches to deadlock
detection. In this strategy, a single node handles a set of selected nodes or clusters of nodes that are in
charge of deadlock detection.

3. Distributed Approach
19 | M . s c S e m 1 ADVANCED OPERATING SYSTEM

In the distributed technique, various nodes work to detect deadlocks. There is no single point of failure as
the workload is equally spread among all nodes. It also helps to increase the speed of deadlock detection.

Deadlock Handling Strategies

Various deadlock handling strategies in the distributed system are as follows:

1. There are mainly three approaches to handling deadlocks: deadlock prevention, deadlock avoidance, and
deadlock detection.
2. Handling deadlock becomes more complex in distributed systems since no site has complete knowledge of
the system's present state and every inter-site communication entails a limited and unpredictable latency.
3. The operating system uses the deadlock Avoidance method to determine whether the system is in a safe or
unsafe state. The process must inform the operating system of the maximum number of resources, and a
process may request to complete its execution.
4. Deadlocks prevention are commonly accomplished by implementing a process to acquire all of the essential
resources at the same time before starting execution or by preempting a process that already has the
resource.
5. In distributed systems, this method is highly inefficient and impractical.
6. The presence of cyclical wait needs an examination of the status of process resource interactions to detect
deadlock.
7. The best way to dealing with deadlocks in distributed systems appears to be deadlock detection.

Issues of Deadlock Detection

Various issues of deadlock detection in the distributed system are as follows:

1. Deadlock detection-based deadlock handling requires addressing two fundamental issues: first, detecting
existing deadlocks, and second, resolving detected deadlocks.
2. Detecting deadlocks entails tackling two issues: WFG maintenance and searching the WFG for the presence
of cycles.
3. In a distributed system, a cycle may include multiple sites. The search for cycles is highly dependent on the
system's WFG as represented across the system.

Resolution of Deadlock Detection

Various resolutions of deadlock detection in the distributed system are as follows:

1. Deadlock resolution includes the braking existing wait-for dependencies in the system WFG.
2. It includes rolling multiple deadlocked processes and giving their resources to the blocked processes in the
deadlock so that they may resume execution.
20 | M . s c S e m 1 ADVANCED OPERATING SYSTEM

Deadlock detection algorithms in Distributed System

Various deadlock detection algorithms in the distributed system are as follows:

1. Path-Pushing Algorithms
2. Edge-chasing Algorithms
3. Diffusing Computations Based Algorithms
4. Global State Detection Based Algorithms

Path-Pushing Algorithms
Path-pushing algorithms detect distributed deadlocks by keeping an explicit global WFG. The main concept
is to create a global WFG for each distributed system site. When a site in this class of algorithms performs
a deadlock computation, it sends its local WFG to all neighboring sites. The term path-pushing algorithm
was led to feature the sending around the paths of global WFG.

Edge-Chasing Algorithms
An edge-chasing method verifies a cycle in a distributed graph structure by sending special messages
called probes along the graph's edges. These probing messages are distinct from request and response
messages. If a site receives the matching probe that it previously transmitted, it can cancel the formation
of the cycle.

Diffusing Computations Based Algorithms

In this algorithm, deadlock detection computation is diffused over the system's WFG. These techniques use
echo algorithms to detect deadlocks, and the underlying distributed computation is superimposed on this
computation. If this computation fails, the initiator reports a deadlock global state detection.

Global State Detection Based Algorithms

Deadlock detection algorithms based on global state detection take advantage of the following facts:

1. A consistent snapshot of a distributed system may be taken without freezing the underlying computation.
2. If a stable property exists in the system before the snapshot collection starts, it will be preserved.

Difference between CUI and GUI

In this article, you will learn about the difference between the CUI and GUI in the operating system. But
before discussing the differences, you must know about the CUI and GUI in the operating system.

What is the CUI?

CUI stands for Character User Interface. It is a user interface where the user interacts with the computer
solely through the keyboard and requires a command to perform any task. CUI is the precursor of GUI and
21 | M . s c S e m 1 ADVANCED OPERATING SYSTEM

was utilized in most of the early computers. Most computers use GUI rather than CUI. It works by permitting
the user to provide commands to a program in multiple text lines (command lines). CUIs basic instances
are MS-DOS and the Windows Command Prompt. One of the CUI's applications is that it simplifies the
creation of programming scripts.

Advantages and Disadvantages of CUI

There are various advantages and disadvantages of CUI. Some of the advantages and disadvantages are
as follows:

Advantages

1. The CUI interface is less appealing.

2. CUI does not provide the same simplicity of use or capacity to operate with various programs on one screen.
3. There is no obvious feedback in CUI. In the same case, multiple additional commands would be required to
confirm the file transfer action.
4. A user must memorize various commands to operate and manage a CUI.
5. In CUI, only one task can be done at a time.
6. CUI only supports the usage of a keyboard.

Disadvantages

1. CUI uses less memory in comparison to GUI.

2. It is less expensive to use because a lower resolution screen may be used.

What is GUI?
GUI stands for Graphical User Interface. A GUI enables users to interact with the operating system or
application. It performs quick calculations of arithmetic and frees up the CPU to perform other tasks. It
offers buttons, windows, scrollbars, iconic images, wizards, and other icons to facilitate users. It has a user-
friendly interface for beginners. It is easy to use, learn and also reduces the cognitive load.

Advantages and disadvantages of GUI

There are various advantages and disadvantages of GUI. Some of the advantages and disadvantages are
as follows:

Advantages

1. A GUI is a type of user interface that is much easier to use. Users can classify and navigate options since data
are represented as symbols, forms, and icons. Users only require to click on them to acquiring to their
functions.
22 | M . s c S e m 1 ADVANCED OPERATING SYSTEM

2. It's also easy to manage several jobs when you use a GUI. Users may work and view multiple programs at the
same time. For instance, when a movie file is playing in the background, it is possible to browse the internet
using a web browser.
3. The use of shortcut keys is one of the most important features of a graphical user interface. Shortcut keys are
very helpful if you require to perform a job that requires a couple of actions.

Disadvantages

1. Even though graphical user interfaces are simple to use, they are not the same when they are created. GUIs
have a lot of textual interpretations that take a lot of time and energy to create. The programmer must create,
link, and then assign specific functions to the image, which will take a long time.
2. GUI implementation is not as easy process as it looks while using it. The programmer must be aware of
properly creating functions so that users may use this interface more easily. A single error on the part of the
coder can render all of their efforts in vain.
3. It usually uses high power and computer memory than other interfaces due to all graphical representations.
It is not resource-efficient. As a result, it will use a huge amount of computer resources.
4. The design of the graphical user interface makes development more complex and expensive. Additionally, a
GUI must be linked with additional hardware, which may increase overall costs.

Main Differences between the CUI and GUI

Here, you will learn the main differences between the CUI and the GUI. Various main differences between
the CUI and the GUI are as follows:

1. It is a user interface where the user interacts with the computer solely through the keyboard and requires a
command to perform any task. In contrast, a GUI allows the users to interact with the operating system or
application.
2. CUI is the precursor of GUI, and the user has to type on the keyboard to proceed in CUI. In contrast, GUI
making it possible to use a mouse instead of a keyboard.
3. DOS, Windows Command Prompt is an instance of a CUI, whereas Windows is an example of a GUI.
4. GUI is more user-friendly than CUI.
5. CUI has only text, and in contrast, GUI has graphics and other visual clues.
6. CUI and GUI are user interfaces used in connection with computers.

Head-to-head comparison between the CUI and GUI

Here, you will learn the head-to-head comparisons between the CUI and the GUI. There are differences
between the CUI and the GUI are as follows:

Features CUI GUI

23 | M . s c S e m 1 ADVANCED OPERATING SYSTEM

Full-Form CUI stands for Character User Interface. GUI stands for Graphical User Interface.

Interaction The user interacts with the computer The user interacts with the system using Graphics
using commands like text. like icons, images.

Navigation Navigation is not easy. Navigation is easy to use.

Usage Usage is easy to use. Usage is difficult, requires expertise.

Speed It has high speed. It has a low speed.

Memory It has a low memory requirement. It has a high memory requirement.

Requirement

Peripherals used Users interact with the computer Users interact with the computer system using a
system by typing commands into the graphical interface, which includes menus and
keyboard. mouse clicks.

Precision It has high precision. It has low precision.

Flexibility It has a little flexible user interface. It has a highly flexible user interface.

Customize It is not easily changeable. It has highly customizable.

Conclusion
CUI and GUI are acronyms for various types of user interface systems, and these are terms used in the
context of computers. However, both are interfaces that serve the function of running programs, and they
differ in their features and the level of control they give the user.