1.OS Abstraction and process management

(a) Hardware Abstraction Layer

Hardware Abstraction Layer (HAL) is a programming layer that allows operating systems (referred to as OS henceforth) to interact with hardware devices. The main purpose of HAL is to provide the OS with an interface that allows software to communicate with hardware regardless of the hardware architecture. When the OS wants to interact with the hardware it first needs to acquire permission from the HAL. There are multiple ways of implementing a HAL “A PC may include the HAL in the OS kernel or in the form of device drivers that provide a consistent interface for applications to interact with the hardware peripherals.” (Techopedia.com, 2019) Device drivers are software that can be installed onto the computer which will allow the system to identify the device that the drivers were created for. The Kernel is the part of an operating system that interacts with the hardware of a computer system, device drivers are a part of the kernel layer of the OS. Device drivers are only concerned with the device they are created for, but the HAL doesn’t use specific information for specific devices and processes all similar devices the same. For example, if you have two microphones you could use the HAL to use both microphones however a device driver would require different drivers for each microphone.

Get Help With Your Essay
If you need assistance with writing your essay, our professional essay writing service is here to help!
Essay Writing Service

Android introduced a HAL known as the vendor interface in 2017 which is still being used on android devices today. The Vendor Interface allows the android OS to be installed and used across a wide variety of manufacturers and devices. Before the Vendor Interface there would be long periods of times that manufacturers had to rewrite their code so that android’s new OS updates could be used on their devices. which meant that certain manufacturers were a few updates behind and their customers couldn’t get the best experience while using their devices. The aim of the vendor interface was to cut down these times significantly and all manufacturers would need to do is update their framework without having to rewrite the low-level code on their devices. The vendor interface also known as project treble was released on android devices in their “8.0 Oreo” update and has achieved the goals they set out to achieve.

NetBSD is an OS that has been used in a wide range of 32-bit and 64-bit architectures. The goal of “The NetBSD Project is an international collaborative effort of a large group of people, to produce a freely available and redistributable UNIX-like operating system”. (Netbsd.org, 2019) HAL is known for having a highly portable HAL that allows the OS to run on a wide variety of hardware using different CPU Architectures, bus types and manufacturers ensuring as much accessibility as possible. NetBSD focuses on portability as when allowing accessibility for new platforms some of the code may already exists however the new platform may have new hardware devices that aren’t supported in the existing package. To allow this portability the HAL is a top priority as adding new code to the abstraction layer is necessary when connecting new types of hardware to the system.

Resource Manager

Computers have many resources such as the software and hardware used and to correctly manage these resources operating systems contain resource managers which manage the resources of the computer by deciding the what priority should be given to software and hardware attempting to access these resources. The operating system acts as an interface that allows the user to see a visual representation of the resources.

There are various resources that are managed such as devices and memory which is arguably the most important resource for the OS to manage without managing these resources correctly there would be a high chance of corrupt data or data not storing at all. Memory hardware such as Random Access Memory, Solid-state drives, and microchips are all covered by memory management. Memory management decided when certain blocks of memory should be loaded, once a process that was using a specific set of memory has been complete there is no need to access the memory block anymore. Hardware devices records a list of the devices that are connected to the system and designating what applications and processes get access to these devices.  To correctly manage resources there are certain steps that need to be carried out such as allocation which is deciding what process should have access to a device. Deciding how much of a resource should be used for certain devices allows a computer system to operate smoothly while using as little resources as possible. For example, if an application needs access to 25% of your computing power but the resource manager gives it access to more than the required amount its wasting resources that could be used elsewhere to allow the system to run smoother.

(b) Context Switch

A context switch is primarily used in multitasking operating systems to switch the resources of a CPU from one task to another. A multitasking operating system is where multiple tasks are run using one CPU without affecting each other. Context switches are carried out either through the result of a preemptive scheduler, a hardware interrupt or a task voluntarily gives up their position in the queue. For context switching to be carried out Process Control Blocks (PCB) are required because they store the current state of the operating system. The image below indicates the process of a context switch, to start with process 1 is in the “Running state” however the process is interrupted by an interrupt or system call which causes process 1 to be stored into PCB 1 and process 2 is loaded from PCB 2 and set to a “Running state”. Once again there is an interrupt or system call which causes process 2 to be stored into PCB 2 and process 1 to be loaded and set to a “Running state”

Figure 3 – Shows the process of a context switch (Gour, 2019)

Schedulers allow the processes to be managed based on two methods either a non-preemptive scheduler or a preemptive scheduler which allows resources to be taken away from a process that is in the running state. The way preemptive schedule works is that each task is given a priority, if a high priority task enters the “ready” state after a low priority task is already running the low priority task will be saved and the high priority task will take precedence. The high priority task will continue to run until it completes or until it requires more resources in which case it will be placed into a “Waiting state” until the resources required become available. The below image is a visual representation of the process described above.

Figure 2 – A diagram showing a priority based preemptive scheduler. (tutorialspoint.com, 2019)

Non-preemptive schedulers work on a first come first served basis meaning that the first task to enter a “Ready” state will be put into the “Running” state and the rest of the tasks will form a queue and wait for the “Running” task is completed. Although this is the simplest method it causes delays in the system and execution times will be high. The below image is a visual representation of the process described above. 

 Figure 3– A diagram showing a first come first served non-preemptive scheduler. (tutorialspoint.com, 2019)

2. Security

(a) Potential Security Violations

The Secure Socket Layer (SSL) is a security protocol that is used by companies who host websites to provide protection to devices and user on the internet. For companies to use SSL they require an SSL certificate installed onto their web server which will eliminate various security risks when devices access their websites. Users can easily find if a website is being protected by SSL because there will be a padlock next to the address bar that tells you that the website is under SSL Protection, this padlock also represents trust between the client and server since clients will not want to connect to an insecure server.

SSL uses a variety of methods to protect users from potential threats such as Encryption, Authentication and Data Integrity. The internet is full of people with malicious intent and SSL offers protection against these people such as eavesdroppers. Encryption is the process of turning characters into random numbers and letters that can only be decrypted with a decryption key. Encryption is used to secure any personal data that is being sent to the server such as login details and credit card information to be transmitted between the client and the server without risk of the information being stolen or tracked. SSL also protects against Hijacking and impersonation to do this SSL uses authentication which is securing the connection from the device to the server which is also known as an SSL Handshake, the server encrypts the data then sends the key required to decrypt the data to the client, if the client decrypts the information encrypted by the server then the connection between the server and the client is established. SSL not only protects the user from malicious intent but also protects the server, there are attacks known as DDOS attacks that are used to overload a server with information that it can’t process leading to the server crashing and preventing access from users. There are multiple types of SSL DDOS attacks which can be categorised into three sections which are Network Attacks, SSL Protocol Attacks and Application Level Attacks. SSL recognizes and stops Network Attacks and SSL Protocol attacks however application level attacks require more information and require more specific protocols to counteract these attacks.

(b) Cryptography

SSL uses two types of cryptography known as Asymmetric Encryption and Symmetric Encryption. Asymmetric Encryption uses a public key which anyone can use to encrypt data and a private key which only the intended receiver can use to decrypt the data. There are different algorithms that can be used for Asymmetric Encryption such as RSA, DSA and ECC. RSA uses integer factorization to generate their public and private keys. Integer factorization is the process of multiplying two large prime numbers to generate a public key and uses the same two large prime number in a different process to generate the private key. Using this method means that the public key is easily accessible however the private key cannot be identified “For all practical purposes, even computers cannot factor large numbers into the product of two primes”. (Katz, Ng and Bourg, 2019) Elliptic Curve Cryptography (ECC) is currently the most popular cryptography algorithm and is used by the majority of SSL Certificates. ECC “a method of public key cryptography based on the use of elliptic curves over finite fields.” (Help, 2019) The main reason for the popularity of ECC is that the size of the keys are much smaller and therefore it is much quicker for the key to be identified which speeds up the process significantly as well as boosting security. ECC is less resource intensive so it can be used on many low-performance systems unlike other algorithms. Digital Signature Algorithm (DSA) provides the same security as RSA however DSA offers faster decryption times and slower encryption times than RSA. DSA is makes it easier for servers to meet government standards because it is support by federal agencies. Both RSA and DSA can be used simultaneously on one server which means you can use the advantages of both algorithms on your server.

Symmetric Encryption uses a shared key to both encrypt and decrypt the data. A shared key is a key that both the sender and the recipient need to have access to so that they can communicate. To achieve this the client and the server need to communicate on a secure channel. Although symmetric encryption is faster than asymmetric encryption however you need a method of getting the key to the client without a security risk. Common symmetric encryption algorithms include AES and RC4. Advanced Encryption Standard (AES) also known as Rijndael is a block cipher algorithm, which is a method of encryption which takes block of text converts the text into bits and moves the block of bits around in a set pattern according to the encryption key. The only way to decrypt the information is to use the key and follow the steps in reverse. AES has been supported by the US government and is used by companies worldwide due to it being considered an unbreakable encryption method which means that to decipher the key is not impossible however the amount of time that it takes to decipher it with current technology would make the decryption useless. Rivest Cipher 4 (RC4) is a stream cipher which is known for its speed and ease of access. RC4 works by turning information into a stream of bits which are then randomized based on the key. RC4 has been identified to have potential security issues however is still used to this day because of the simple nature of the algorithm.

(c) Man-in-the-middle Attack

Man-in-the-middle is a cyber-attack where the information is secretly collected and or altered with malicious purposes while the client and the server are communicating. The way this is carried out is by making the client believe that it is connecting to the server when in fact it is connecting to the hacker where the hacker has the option to collect, edit and read the data being transmitted between the client and the server. SSL is vulnerable to man-in-the-middle attacks. SSL is susceptible to certain forms of man-in-the-middle attacks known as SSL Hijacking “attack the transition from an unsecured connection to a secure one, in this case from HTTP to HTTPS, you are attacking the bridge and can man-in-the-middle an SSL connection before it even occurs”. (Sanders, 2019) and SSL Stripping an attack where the attacker downgrades the secure connection from HTTPS to HTTP, so the data can be viewed, stored and edited in an unencrypted form. Executing an SSL attack like this is almost guaranteed to be undetectable by the server although the attack can be spotted by the client. The client can take multiple steps to make sure that their connection to the server is a secure, the first step is very simple which is just checking that you have a secure connection to the website you are connecting too by looking for HTTPS instead of HTTP in the address bar and checking for the padlock which identifies if you connection to the server is secure.  Another step the client can take is making sure that the device they are using to connect to the server is secure by having the latest updates to their OS, Firewall and other security methods. Thinking about where you should connect to certain websites is another big step in making sure the data is secure, accessing websites such as banking or email addresses from home is much safer than using computers in public areas such as libraries or the work place as there is less devices which need to be protected to remain secure at home. Always insure before you download software onto your device that the software manufacturer and download source is trustworthy before installing software onto your device.

References

Gour, S. (2019). context switching Archives – LearningSolo. [online] LearningSolo. Available at: https://learningsolo.com/tag/context-switching/ [Accessed 15 May 2019].

Help, S. (2019). What is ECC and why you should use it?. [online] What is ECC and why you should use it?. Available at: https://www.leaderssl.com/articles/345-what-is-ecc-and-why-you-should-use-it [Accessed 15 May 2019].

Katz, A., Ng, A. and Bourg, P. (2019). RSA Encryption | Brilliant Math & Science Wiki. [online] Brilliant.org. Available at: https://brilliant.org/wiki/rsa-encryption/ [Accessed 12 May 2019].

Netbsd.org. (2019). About the NetBSD Project. [online] Available at: https://www.netbsd.org/about/ [Accessed 15 May 2019].

Sanders, C. (2019). Understanding Man-In-The-Middle Attacks – Part 4: SSL Hijacking. [online] TechGenix. Available at: http://techgenix.com/understanding-man-in-the-middle-attacks-arp-part4/ [Accessed 12 May 2019].

Techopedia.com. (2019). What is a Hardware Abstraction Layer (HAL)? – Definition from Techopedia. [online] Available at: https://www.techopedia.com/definition/4288/hardware-abstraction-layer-hal [Accessed 10 May 2019].

tutorialspoint.com. (2019). Operating System Scheduling algorithms. [online] Available at: https://www.tutorialspoint.com/operating_system/os_process_scheduling_algorithms.htm [Accessed 15 May 2019].