Information Technology Reference
In-Depth Information
A
P
P
A
P
P
A
P
P
User-mode
(untrusted)
Kernel-mode
(trusted)
Operating System
Kernel
Hardware
Figure2.1: User-mode and kernel-mode operation.
modified operating system will boot instead, installing spyware and dis-
abling virus protection. For security, an operating system must prevent
untrusted code from modifying system state.
Privacy. On a multi-user system, each user must be limited to just the
data that she is permitted to access. Without protection provided by
the operating system, any user or application running on a system could
access any of the data stored on the system, without the knowledge or
approval of the data's owner. For example, hackers often use popular
applications such as screen savers as a way to gain access to personal
emails, telephone numbers, and credit card data stored on the system. For
privacy, an operating system must prevent untrusted code from accessing
unauthorized data.
Eciency. Protection is also needed for effective resource allocation.
Without protection, an application can gather any amount of processing
time, memory, or disk space that it wants. On a single-user system, this
means that a buggy application can prevent other applications from run-
ning, or simply make them run so slowly that they appear to be stalled.
On a multi-user system, one user could grab all of the system's resources
for herself. Thus, for eciency and fairness, an operating system must be
able to limit the amount of resources assigned to each application or user.
Implementing protection is the job of the operating system kernel .
The
Denition: operating
system kernel
kernel is the lowest level of software running on the system, with full access to
all of the capabilities of the hardware. The kernel is necessarily trusted to do
anything that can be done with the hardware. Everything else | that is, the
untrusted software running on the system | is run in a restricted environment,
Search WWH ::




Custom Search