cs 6v81-05: system security and malicious code analysis - an overview of linux...
TRANSCRIPT
Linux Kernel Architecture Linux Kernel Source Code Windows Kernel Architecture OS Comparison Summary
CS 6V81-05: System Security and Malicious Code Analysis
An Overview of Linux (with Source) and Windows Kernel
Zhiqiang Lin
Department of Computer ScienceUniversity of Texas at Dallas
February 20th, 2012
Linux Kernel Architecture Linux Kernel Source Code Windows Kernel Architecture OS Comparison Summary
Outline
1 Linux Kernel Architecture
2 Linux Kernel Source Code
3 Windows Kernel Architecture
4 OS Comparison
5 Summary
Linux Kernel Architecture Linux Kernel Source Code Windows Kernel Architecture OS Comparison Summary
In the following a few weeks: OS Kernel
Linux Kernel Architecture Linux Kernel Source Code Windows Kernel Architecture OS Comparison Summary
Unix history
Outline
1 Linux Kernel Architecture
2 Linux Kernel Source Code
3 Windows Kernel Architecture
4 OS Comparison
5 Summary
Linux Kernel Architecture Linux Kernel Source Code Windows Kernel Architecture OS Comparison Summary
"Core" Kernel
1
Applications
System Libraries (libc)
System Call Interface
Hardware
Architecture-Dependent Code
I/O Related Process Related
Scheduler
Memory Management
IPC
File Systems
Networking
Device Drivers
Mo
du
les
Linux Kernel Architecture Linux Kernel Source Code Windows Kernel Architecture OS Comparison Summary
Linux Kernel Architecture
2012/2/19 Zhiqiang Lin, Nanjing University 1
Linux Kernel Architecture
Hardware
Hardware Control (Interrupts handling, etc)
File System Management
Buffer Cache
Device Drivers
Process
Mgt.
IPC
Scheduling
Memory Mgt.
System Call Interface
Libraries
User Programs User Programs Trap
User level
Kernel level
Module
s
Linux Kernel Architecture Linux Kernel Source Code Windows Kernel Architecture OS Comparison Summary
Linux Kernel Architecture
Why use monolithic kernel?begin from ’slow’ 386 architecturemicro-kernel depends on careful design
Linux use module approach to make use of theadvantages of micro-kernel
Outline
1 Linux Kernel Architecture
2 Linux Kernel Source Code
3 Windows Kernel Architecture
4 OS Comparison
5 Summary
Linux Kernel Architecture Linux Kernel Source Code Windows Kernel Architecture OS Comparison Summary
Source Tree LayoutSource Tree Layout
/usr/src/linux Documentation
arch
fs
init kernel
include
ipc
drivers
net
mm lib
scripts
alpha
arm
i386
ia64
m68k
mips
mips64
ppc
s390
sh
sparc
sparc64
acorn
atm
block
cdrom
char
dio
fc4
i2c
i2o
ide
ieee1394
isdn
macintosh
misc
net
…
adfs
affs
autofs
autofs4
bfs
code
cramfs
devfs
devpts
efs
ext2
fat
hfs
hpfs
…
asm-alpha
asm-arm
asm-generic
asm-i386
asm-ia64
asm-m68k
asm-mips
asm-mips64
…
linux
math-emu
net
pcmcia
scsi
video
adfs
affs
autofs
autofs4
bfs
code
cramfs
devfs
devpts
efs
ext2
fat
hfs
hpfs
…
802
appletalk
atm
ax25
bridge
core
decnet
econet
ethernet
ipv4
ipv6
ipx
irda
khttpd
lapb
…
Linux Kernel Architecture Linux Kernel Source Code Windows Kernel Architecture OS Comparison Summary
linux/Documentation
spotty but important collection of developer-generateddocumentation; you need to read what’s in here!recent effort to produce javadoc-style documentation fromsource header comments using OpenDocan ambitious open-source kernel book effort has begun;see kernelbook.sourceforge.net for detailssome especially interesting entries:
kernel-docs.txt (a bit out of date but good)filesystems/ (very extensive)networking/ (very extensive)kmod.txtoops-tracing.txtspinlocks.txt (the official story from Linus)
Linux Kernel Architecture Linux Kernel Source Code Windows Kernel Architecture OS Comparison Summary
linux/arch
subdirectories for each current porteach contains kernel, lib, mm, boot and other directorieswhose contents override code stubs in architectureindependent codelib contains highly-optimized common utility routines suchas memcpy, checksums, etc.arch as of 2.6:
alpha, arm, i386, ia64, m68k, mips, mips64ppc, s390, sh, sparc, sparc64
Linux Kernel Architecture Linux Kernel Source Code Windows Kernel Architecture OS Comparison Summary
linux/drivers
largest amount of code in the kernel tree ( 1.5M)device, bus, platform and general directoriesdrivers/char - n_tty.c is the default line disciplinedrivers/block - elevator.c, genhd.c, linear.c, ll_rw_blk.c,raidN.cdrivers/net -specific drivers and general routines Space.cand net_init.cdrivers/scsi - scsi_*.c files are generic; sd.c (disk), sr.c(CD-ROM), st.c (tape), sg.c (generic)general:
cdrom, ide, isdn, parport, pcmcia,pnp, sound, telephony, video
buses - fc4, i2c, nubus, pci, sbus, tc, usbplatforms - acorn, macintosh, s390, sgi
Linux Kernel Architecture Linux Kernel Source Code Windows Kernel Architecture OS Comparison Summary
linux/fs
contains:virtual filesystem (VFS) frameworksubdirectories for actual filesystems
vfs-related files:exec.c, binfmt_*.c - files for mapping new process imagesdevices.c, blk_dev.c - device registration, block devicesupportsuper.c, filesystems.cinode.c, dcache.c, namei.c, buffer.c, file_table.copen.c, read_write.c, select.c, pipe.c, fifo.cfcntl.c, ioctl.c, locks.c, dquot.c, stat.c
Linux Kernel Architecture Linux Kernel Source Code Windows Kernel Architecture OS Comparison Summary
linux/include
include/asm-*architecture-dependent include subdirectories
include/linuxheader info needed both by the kernel and user appsusually linked to /usr/include/linuxkernel-only portions guarded by #ifdefs
#ifdef __KERNEL__/* kernel stuff */#endif
other directories:math-emunetpcmciascsivideo
Linux Kernel Architecture Linux Kernel Source Code Windows Kernel Architecture OS Comparison Summary
linux/init
just two files: version.c, main.cversion.c - contains the version banner that prints at bootmain.c - architecture-independent boot codestart_kernel is the primary entry point
Linux Kernel Architecture Linux Kernel Source Code Windows Kernel Architecture OS Comparison Summary
linux/ipc
System V IPC facilitiesif disabled at compile-time, util.c exports stubs that simplyreturn -ENOSYSone file for each facility:
sem.c - semaphoresshm.c - shared memorymsg.c - message queues
Linux Kernel Architecture Linux Kernel Source Code Windows Kernel Architecture OS Comparison Summary
linux/kernel
the core kernel codesched.c - “the main kernel file”scheduler, wait queues, timers, alarms, task queues
process controlfork.c, exec.c, signal.c, exit.cacct.c, capability.c, exec_domain.c
kernel module supportkmod.c, ksyms.c, module.c
other operationstime.c, resource.c, dma.c, softirq.c, itimer.cprintk.c, info.c, panic.c, sysctl.c, sys.c
Linux Kernel Architecture Linux Kernel Source Code Windows Kernel Architecture OS Comparison Summary
linux/lib
kernel code cannot call standard C library routinesfiles:
brlock.c - “Big Reader” spinlockscmdline.c - kernel command line parsing routineserrno.c - global definition of errnoinflate.c - “gunzip” part of gzip.c used during bootstring.c - portable string codeusually replaced by optimized, architecture-dependentroutinesvsprintf.c - libc replacement
Linux Kernel Architecture Linux Kernel Source Code Windows Kernel Architecture OS Comparison Summary
linux/mm
paging and swappingswap.c, swapfile.c (paging devices), swap_state.c (cache)vmscan.c - paging policies, kwapdpage_io.c - low-level page transfer
allocation and deallocationslab.c - slab allocatorpage_alloc.c - page-based allocator zone allocatorvmalloc.c - kernel virtual-memory allocator
memory mappingmemory.c - paging, fault-handling, page table codefilemap.c - file mappingmmap.c, mremap.c, mlock.c, mprotect.c
Linux Kernel Architecture Linux Kernel Source Code Windows Kernel Architecture OS Comparison Summary
linux/scripts
scripts for:menu-based kernel configurationkernel patchinggenerating kernel documentation
Linux Kernel Architecture Linux Kernel Source Code Windows Kernel Architecture OS Comparison Summary
Where to start looking
System startup and initializationarch/i386/kernel/head.SSome arch-dependent setup and then jumps to the main()in init/main.c
Memory managementPage fault handling: mm/memory.cMemory mapping and page caching: mm/filemap.cBuffer cache: mm/buffer.cSwap cache: mm/swap_state.c, mm/swapfile.c
KernelScheduler: kernel/sched.cFork: kernel/fork.cBottom half of int handling: include/linux/interrupt.hProc table: include/linux/sched.h
Linux Kernel Architecture Linux Kernel Source Code Windows Kernel Architecture OS Comparison Summary
Where to start looking
Interrupt handlingAlmost architecture specificarch/i386/kernel/irq.c
NetworkNetworking code in net, include files in include/netBSD socket code: net/socket.cIP version 4 INET code: net/ipv4/af_inet.cGeneric protocol support code: net/coreTCP/IP networking code: net/ipv4
How to start lookingFew tools availablevi, ctags, cflow
Outline
1 Linux Kernel Architecture
2 Linux Kernel Source Code
3 Windows Kernel Architecture
4 OS Comparison
5 Summary
Linux Kernel Architecture Linux Kernel Source Code Windows Kernel Architecture OS Comparison Summary
Windows Kernel Architecture
© Microsoft Corporation 2004
User‐mode
Kernel‐mode Trap interface / LPC
ntdll / run‐time library
Win32 GUIProcs & threads
Kernel run‐time / Hardware Adaptation Layer
Virtual memoryIO ManagerSecurity refmon
Cache mgr
File filtersFile systemsVolume mgrsDevice stacks
Scheduler
Kernel32 User32 / GDI
DLLs
Applications
System Services
Object Manager / Configuration Management
FS run‐time
exec synchr
Subsystemservers
Login/GINA
Critical services
Linux Kernel Architecture Linux Kernel Source Code Windows Kernel Architecture OS Comparison Summary
Windows Kernel Organization
Kernel-mode organized into
NTOS (kernel-mode services)Run-time Library, Scheduling, Executive services, objectmanager, services for I/O, memory, processes
Hal (hardware-adaptation layer)Insulates NTOS & drivers from hardware dependenciesProviders facilities, such as device access, timers, interruptservicing, clocks, spinlocks
Driverskernel extensions (primarily for device access)
Linux Kernel Architecture Linux Kernel Source Code Windows Kernel Architecture OS Comparison Summary
Major Kernel Services
Process managementProcess/thread creationSchedules thread execution on each processor
Security reference monitorAccess checks, token management
Memory managerPagefaults, virtual address, physical frame, and pagefilemanagement Services for sharing, copy-on-write, mappedfiles, GC support, large apps
Lightweight Procedure Call (LPC)Native transport for RPC and user-mode system services.
I/O manager (plug-and-play, power)Maps user requests into IRP requests, configures/managesI/O devices, implements services for drivers
Cache managerProvides file-based caching for buffer file system I/OBuilt over the memory manager
Linux Kernel Architecture Linux Kernel Source Code Windows Kernel Architecture OS Comparison Summary
Windows Kernel Organization
Kernel-mode organized into
NTOS (kernel-mode services)Run-time Library, Scheduling, Executive services, objectmanager, services for I/O, memory, processes
Hal (hardware-adaptation layer)Insulates NTOS & drivers from hardware dependenciesProviders facilities, such as device access, timers, interruptservicing, clocks, spinlocks
Driverskernel extensions (primarily for device access)
Outline
1 Linux Kernel Architecture
2 Linux Kernel Source Code
3 Windows Kernel Architecture
4 OS Comparison
5 Summary
Linux Kernel Architecture Linux Kernel Source Code Windows Kernel Architecture OS Comparison Summary
OS Providers
Microsoft, IBM, Apple, Oracle (Sun), Google...
Linux Kernel Architecture Linux Kernel Source Code Windows Kernel Architecture OS Comparison Summary
History of Windows
http://windows.microsoft.com/en-US/windows/history1975-1981: Microsoft boots up (Microsoft co-founders PaulAllen (left) and Bill Gates)1982-1985: Introducing Windows 1.01987-1992: Windows 2.0-2.11–More windows, more speed1990-1994: Windows 3.0-Windows NT–Getting thegraphics1995-2001: Windows 95–the PC comes of age (and don’tforget the Internet)1998-2000: Windows 98, Windows 2000, Windows Me2001-2005: Windows XP–Stable, usable, and fast2006-2008: Windows Vista–Smart on security2009-Today: Windows 7 and counting...
Linux Kernel Architecture Linux Kernel Source Code Windows Kernel Architecture OS Comparison Summary
Mac OS
Mac OS is a super-modern operating system thatcombines the power and stability of UNIX with thelegendary elegance of the Macintosh.Mac OS features a stunning new user interface, makingwork and play on the Mac even more intuitive for newusers, while providing powerful, customizable tools forprofessionals. At the foundation of Mac OS lies anindustrial-strength UNIX-based core operating system thatdelivers unprecedented stability and performance.Quote fromhttp://en.wikipedia.org/wiki/History_of_Mac_OS
Linux Kernel Architecture Linux Kernel Source Code Windows Kernel Architecture OS Comparison Summary
Comparing Operating Systems
Comparing:Windows XP/Vista/7Macintosh OS XLinux
Price?Hardware platform?Included Software?Ease of Use?Pretty?Software Availability?
Outline
1 Linux Kernel Architecture
2 Linux Kernel Source Code
3 Windows Kernel Architecture
4 OS Comparison
5 Summary
Linux Kernel Architecture Linux Kernel Source Code Windows Kernel Architecture OS Comparison Summary
Summary
Linux kernelLinux kernel source code
Windows kernelComparison of the common OSes
Book RecommendationUnderstanding the Linux Kernel, 3rd Editionhttp://voinici.ceata.org/ tct/resurse/utlk.pdf