INFORMATION TECHNOLOGY I

06 OPERATING SYSTEMS
INTERFACE BETWEEN END USERS AND COMPUTER

Source: O‘Brian
DEFINITION OF AN OPERATING SYSTEMS (O’BRIAN)
• Integrated system of programs that…
• Manages the operations of the CPU
• Controls the input/output, storage resources,
and activities of the computer system
• Provides support services as the computer executes application programs
• The operating system must be loaded and activated before other tasks can be accomplished
DEFINITION OF AN OPERATING SYSTEM
“A modern computer consists of [edit: lots of hardware]. All in all, a complex system. [...] For this
reason, computers are equipped with a layer of software called the operating system, whose job
is to provide user programs with a better, simpler, cleaner, model of the computer and to handle
managing all the resources just mentioned.”
Andrew Tannenbaum, Modern Operating Systems

At the end it is a software that:

- Abstracts Hardware providing an
Application Programming Interface (API)
- Manages System Resources
STRUCTURE OF AN OS

Applications

UI
Operating System

Resource Management Task Management Utility functions

(Drivers) (Scheduling) (User Management)

Hardware
ABSTRACTING HARDWARE ???
PROVIDING AN API? EXAMPLE PRINTER

You do not even have one Yet you can print

Imagine a Printer

OS function: Hardware driver OS function: Printing

ABSTRACTING HARDWARE ???
EXAMPLE FILE MANAGEMENT

Block a

Block x

Block z Block g Block 5

Data is stored in clever You access it

Imagine a Hard Drive but complex ways via name and directory

OS function: Hardware driver OS function: Filesystem driver

FILE MANAGEMENT
• Keeps track of physical location on storage devices
• Maintains directories of information about the location and characteristics of stored files

Block a

Block x

Block z Block g Block 5

Data is stored in clever You access it

Imagine a Hard Drive
but complex ways via name and directory

OS function: Hardware driver OS function: Filesystem driver

SERVICES OF AN OPERATING SYSTEM
WITH EXAMPLES
• Scheduling / Resource Management: Which process gets resources and for how long
• I/O Management: When to write things to disk, responding to interrupts
• Storage: Provide Filesystem Drivers (e.g. DVD / Blue Ray)
• Memory Management: When can data be stored where in Memory
• IPC: Signals and shared memory
• Isolation: Isolate processes from each other
• Authentication: Identify Users (e.g. via password, fingerprint)
• Authorisation: Provide Access to Resources (e.g. your home folder), protect against unauthorized
access
MULTITASKING OS AND PROCESS SCHEDULING
• Not all programs can run simulations on a single CPU
because num(tasks) > num(CPU)
• OS must interrupt tasks constantly and schedule other tasks pre-emptive multitasking (contrast:
cooperative multitasking)
Just imagine two queues to a single coffee machine. While the current user from the first queue
waits for coffee to be prepared, the user from the other line can pick up cups.

• The Computer switches to executing another Program, the process is called context switching
• save the current program's state (including registers),
• figure out which program to run next,
• restore a different program's state.
MULTITASKING OS AND PROCESS SCHEDULING
• Not all programs can run simulations on a single CPU
because num(tasks) > num(CPU)
• OS must interrupt tasks constantly and schedule other tasks pre-emptive multitasking (contrast:
cooperative multitasking)
• The Scheduler selects which tasks run next
• Scheduler has to guarantee
• Fairness (sharing of resources) - conflict resolution
• Balance between - e.g. Realtime, FIFO, LIFO, Round Robin
• Max. usage of resources
• Reactivity of the system
SCHEDULING

• All Processes compete for CPU

time and are in one of the states: A
Running
• Running: Run on CPU
• Ready: Waiting for CPU
• Blocked: Wait for E/A
Blocked
Ready
B C

A CPU

Time Now
SCHEDULING

• C is running now
C
• A is now waiting for I/O Running

A
Blocked
Ready
B

A CPU I/O

C CPU

Time Now
SCHEDULING

• I/O Operation of A is finished

A is back to ready B
Running
• B is finally running

Blocked
Ready
C A

A CPU E/A

B CPU

C CPU

Time Now
SCHEDULING: COMBINING EXECUTION

But tasks also wait often (Memory, IO Devices), which would mean CPU stalling → Waste
of resources

Separate Execution
Process 1

Process 2

Process 3

Combined Execution
SPIELCHEN GEFÄLLIG?
SECURITY
POLL

Has anyone in this room…

• Click on a link to a forged website?
• Accidentally download Malware by DM?
• Accidentally download malware from a website
• Hand over private data to a fraudster?
• Compromised the security of a password?
DIMENSIONS OF SECURITY: C.I.A.

• Data Confidentiality: Only sender and the intended recipient have access to message content.
Someone steals your data Oh so very interesting!

• Data Integrity: Assurance of accuracy and consistency, no unauthorized tampering of data

Someone pretends to be you Send 500 $ to B 50000 $ to C

• Data Availability: A system should always allow legitimate access to data

Someone encrypts your data

• (addon) Privacy: Prevent the misuse of personal data

 ROLES: WHO WRITES THIS EMAIL?
Dear Team,

I hope this email finds you well. I am writing to inform you about a potential security incident that has come to our
attention, which may have resulted in a data breach. Our security team has recently identified suspicious activities
within our network infrastructure, indicating unauthorized access to sensitive data. We are treating this matter with
utmost seriousness […]
In light of this situation, I kindly request your immediate cooperation in implementing the following measures:
1.Cease all unnecessary network activities: Until further notice, refrain from accessing any non-critical systems or
engaging in non-essential online activities. This will help minimize and prevent further compromise.
2.Preserve all potential evidence: Please avoid modifying or deleting any files, logs, or records that may be relevant
to this incident. Our forensic experts will require this information to conduct a comprehensive investigation and
identify the source and extent of the breach.
3.Heightened vigilance and reporting: Be extra cautious while handling any suspicious emails, links, or attachments.
Report any unusual or suspicious activities to our IT department immediately. We have established a dedicated
incident response team to address your concerns and provide guidance throughout this process.
[…]
ROLES: CEO
• The CEO:
• Management
• Strategic Directions of the organization
• Reviews and approves security principles
• Statement of Support for Information Security

• Source: Principals of Information Security, Fourth Edition

ROLES: CHIEF INFORMATION OFFICER
• The CIO
• Delegee from the CEO, lead on information governance as a whole
• Align Information Systems with company goals → Strategic direction
• Define, Supervise IS strategy/policy
• Make or Buy decision
• Supervises general Management of IS Departments
• Manages and Mediates inter-disciplinary projects
• Defines risk management policy

• Source: Principals of Information Security, Fourth Edition

ROLES: CHIEF INFORMATION SECURITY OFFICER
• The CISO
• Primarily responsible for assessment, management, and implementation of IS in the
organization
• Definition of security policy: Requirements, Objectives and Procedures
• Risk Analysis: Evaluate Risk Threats and Consequences
• Training: Inform and raise awareness
• Study of resources: Validate tools and create standards
• Audits
• Monitor existing technology

• Source: Principals of Information Security, Fourth Edition

ACCESS CONTROL
ACCESS CONTROL
Authorization
• Granting access to resources based on an access policy for
users or groups groups (whether and how to admit a
subject to an object )
ACCESS CONTROL
Authentication αὐθεντικός
• The process of claiming and validating an identity.
By:
• Something you know: Username / Password
• Something you are: Biometrics e.g. Fingerprint
• Something you have: Digital Tokens
THE WORLDS MOST COMMON PASSWORDS
SOURCE: HTTPS://SEC.HPI.DE/ILC/STATISTICS

Rank Password Frequency

1 123456 8.06‰
2 123456789 3.87‰
3 password 1.89‰
4 qwerty 1.83‰
5 12345 1.37‰
6 12345678 1.16‰
7 111111 1.15‰
8 qwerty123 1.01‰
9 1q2w3e 0.96‰
10 123123 0.84‰
PASSWORDS

https://xkcd.com/936/ + explaination: https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength

STANDARD TODAY: USE A PASSWORD GENERATOR
• Sync across applications:
• Use the Built-In Chrome and Firefox generators
• Sync them across devices:
• OSX has Keychain Sync, Windows has ???
• Use a provided Service „in the cloud“
• Use a “homemade“ service, such as syncing Keepass Files to your devices
REMEMBER

Use one password only once

EVEN BETTER: PASSKEYS
• Userfriendly form of Public/Private Key security:
• Your device creates a public and a private key for a website.
• The public key is registered with that website
• The private key is associated with that website on your device
• Upon sign-in the private key is used to sign a challenge sent from the website, the private key
is used to verify the signed challenge
• Benefits
• A Website breach will only yield (worthless) public keys for websites
• Your device will only authenticate to the site it is configured for, hence a forged website will
not work
• Warning: Early Adopter Tech
NEVERTHELESS BETTER SAFE THAN SORRY:
HTTPS://SEC.HPI.DE/ILC/SEARCH
THREATS
LIVE CYBER ATTACKS
HTTPS://THREATMAP.CHECKPOINT.COM/
DISTRIBUTED DENIAL OF SERVICE (DDOS)
• Targeted at the disruption of the normal functioning of a website or system
• Resource is flooded with superfluous requests, internet connection is saturated
• Prevent legitimate requests from being fulfilled

Source: https://securebox.comodo.com/ssl-sniffing/ddos-attacks/
DISTRIBUTED DENIAL OF SERVICE (DDOS)
Possible Goals of a Ddos
• Blackmailing businesses and asking for payments
• Revenge. (Ex-employees, angry customers, rivals)
• Industrial sabotage.
• Creating a smokescreen for committing other lucrative cybercrimes
• Silence or blackmail politicians, opponent groups etc.
• It can be used by and against criminals and terrorists and also as a potential weapon in war.
MALWARE
• Definition: Malicious code or a rogue program is the general name for programs [...] planted by an
agent with malicious intent to cause unanticipated or undesired effects.1
• Refers to a variety of forms of hostile or intrusive software, including computer
viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other intentionally
harmful programs.
• Format: executable code, scripts, active content, and other software.

• 1: Charles Pfleger, Security in Computing Prentice Hall 2015

RANSOMWARE
• Class of malware, that is used to digitally extort a victim
into payment of a specific fee.1
• Two mayor types:
• Block, encrypt, obfuscae files
• Restrict access or lock out user from system
• Examples: Locky, WannaCry (2017) ...
• Payment: iTunes Gift cards, cryptocurrencies

• 1: Allan Liska, Ransomeware, O‘Reilly

https://securelist.com/ksb-story-of-the-year-2017/83290/
WANNACRY

NHS: 92mio Punds, https://news.sky.com/story/cost-of-wannacry-cyber-attack-to-the-nhs-

revealed-11523784
MIGHT BE WORTH CHECKING
LET US PLAY A GAME

https://phishingquiz.withgoogle.com/
ARE YOU AN APPROPRIATE TARGET?