Windows Architecture Overview

Windows Architecture Overview

Table of Contents

Windows Architecture Overview .................................................................................................... 2

Windows Architecture .................................................................................................................... 3

Execution Modes - User .................................................................................................................. 6

Execution Modes - Kernel ............................................................................................................... 8

Windows Components .................................................................................................................. 11

Notices .......................................................................................................................................... 13

Page 1 of 13

Windows Architecture Overview

6

Windows Architecture Overview

**006 So, the Windows architecture overview.

Page 2 of 13

Windows Architecture

7

Windows Architecture

Based on the Windows NT architecture

Windows 7 was designed to be an improvement over Vista.

Windows 8 was designed to improve the user experience and for flexibility on mobile devices.

• Provides a “touch friendly” interface• Provides a “tile” structure, much the same as

many smart phone interfaces

Server 2012 is the latest addition to the Windows Server family.

• Designed with the cloud in mind• The experience for the mobile user is uniform no matter the device

used or the location of the user.

**007 As we mentioned earlier, this course is focusing primarily on Windows 7, but we also have some Windows 8 added into it and Server 2012. Windows 7 you guys might be familiar with a little bit of its history, its origins. It came about as the upgrade to Windows Vista. How many of you used Windows Vista? Yes. Vista, to be kind, had some challenges that needed to be overcome. And so, Windows 7 took on those challenges and figured out how to make it better. Windows 8, what do you guys know about Windows 8 as far as what's it designed to do?

Page 3 of 13

Student: From what I understand, it's set up to be-- it's not loading like multi-tasking. Seems like it's set up for a single task at a time. Mark Williams: Okay. It's not so much tasking that is the term that I'm looking for, or maybe you're saying something. I'm thinking of something different. Windows 8 is designed for kind of a uniform experience no matter where you are. We say up there, it's designed with the cloud in mind. I should be able to go to my phone, my tablet, my computer, and I should be able to operate basically the same way. Right now, you guys know that if you pull out your phone you have a little app. You push a button and that app starts. And it's very much touch centric. Well, that's kind of what they're trying to get to with Windows 8, that touch friendly interface, that tile type structure so it's laid out. So, I don't have to learn fifteen different ways of getting a job done. And so, Windows 8 is designed to get us-- I'll say it-- say current, or up to date, with what's happening in the mobile device industry. We will find out that just because of the complete new user interface that along with that come some challenges. I was-- I think I was talking with John this morning. You said the first thing you did on Windows 8 when you were playing with it was installed the old classic interface. Yes. A lot of people will do that.

Page 4 of 13

And then Server 2012 is kind of the Windows 8 partner as far as from a server side. It is going to have the-- give us the same experience no matter where we are. So, if I'm on my phone, and I access a file on the server, or if I'm on my tablet, and I access a file on the server, so they talk about the cloud. Again, no matter where I am, I can be productive. If I'm sitting in the cab going to the airport, if I'm sitting in a hotel, if I'm sitting at my home, I can log in. And it's as if I'm just-- all of those environments make it seem as if I'm at my desk in the corporate office. Server 2012 is going to facilitate that type of capability.

Page 5 of 13

Execution Modes - User

8

Execution Modes - User

Restricted access

Applications run in user mode.• Can only access their own

address space• Are separated from the

operating system

Kernel Mode

User Mode

Ring Protection

**008 All right. So, basic functionality of a computer system, if we go back years ago, we have this concept of a single level system. In a single level system-- and just to give you guys some timeframe, we're talking about DOS, for example. You guys remember MSDOS? That was a single level system. And what we mean by a single level system is that there are no users and groups. There are no different permission levels. Everybody who accesses that computer system is going to have the exact same permissions as everybody else, which means what is that one level? That is the elevated level. It is root, if you will. It is administrator, if

Page 6 of 13

you want to use that term. It is all knowing, all-powerful. I can do anything and everything. Well, you guys know from a security standpoint that is a terrible position to take. We don't want to have everybody with elevated privileges. And so, the Windows NT architecture says we're going to do one very basic thing. We want to break it up into what's known as user mode and what is known as kernel mode. And the kernel mode, we'll find out, is going to be the elevated privileges, and the user mode restricted in what its capabilities are going to be. User mode, when I log into the system as Mark Williams, the system is going to give me a couple of capabilities. All right? I'm not able to do basic administrative types of tasks because I'm in user mode. But I am able to bring up a web browser, bring up a word processor. I can create files and directories. But there's going to be controls over where I can create those files and where I can create those directories because I'm in user mode and I'm restricted from what I'm able to do.

Page 7 of 13

Execution Modes - Kernel

9

Execution Modes - Kernel

Full access

Operating system runs in Kernel mode

Allows direct access to memory, hardware, and applications

Advanced CPU features and I/O management

Also known as Protected mode or Ring 0

Kernel Mode

User Mode

Ring Protection

**009 Whereas kernel mode-- kernel mode is full access. It's all knowing. It's all-powerful. We absolutely want to limit who can access kernel mode, when they can access kernel mode, and how they can access kernel mode. Older versions of operating systems did not do a great job of restricting access to kernel mode functionality. It used to be a fairly trivial matter to get a malicious application to run in kernel mode. And if I can get it to run in kernel mode, as I mentioned, that's all knowing, all-powerful, then that application is all knowing and all- powerful and can do any kind of damage.

Page 8 of 13

One of the challenges that we used to face in the past-- we might still to some degree, is administrators logging into the system with their administrative credentials and doing just routine type of work. We always would counsel against this. Bob-- Mr. Bob, the administrator, if you're going to do routine type of work such as checking your email and surfing the Internet, or whatever it happens to be, log in with a Joe User account, low level account. But he never did that. He always logged in with his administrative privileges. And his mindset was because I never know when I'm going to need those administrative privileges. And they did not like the trouble of logging out of one account and logging into another account and vice versa. So, we always had people doing word processing, and web browsing, and email checking, and they're at elevated status. Well, Microsoft changed things around a little bit. Even if you are logged into the system, and you do have elevated privileges, you don't necessarily utilize those elevated privileges all the time. It's going to restrict you. And then when you want to do something that does require that you use those elevated privileges, then it will allow you to make that transition. So, for normal, routine things the OS is going to basically constrain you. You don't have to have users constraining themselves.

Page 9 of 13

The kernel is the core of the operating system. The kernel gives us the basic feature and functionality. And because the kernel is the code that says I am a computer system and here's how I run and here's how I behave, the kernel needs to be protected. A number of years ago, Honeywell introduced what is referred to as the Multics operating system. And in the Multics operating system, that is where they introduced this idea of ring protection. With ring protection, I have a number of concentric rings. The centermost ring, known as ring zero, is where kernel mode functions happen, and again, all knowing, all- powerful. Then we have ring one, and two, and three. And the farther out we go, the less capabilities we're going to have. So, kernel-- the kernel mode in Windows is in ring zero-- in that ring. And user mode would be, in this case, on the diagram be ring one, less functionality. There are rules. For example, if I am in user mode, I have access to other things that are happening in user mode. I cannot go in and gain access to things that are in the kernel. Whereas if I had some access to the kernel mode, I can easily go out and gain access to feature and functionality that's in user mode. So, I can go to lower level privileges easily, go into higher level privileges, much more difficult. It is restricted by the OS.

Page 10 of 13

Windows Components

10

Windows Components

User Mode

Kernel mode

Win32 API

Services Applications

IO M

anag

er

Device Driver

Device Driver

Device Driver

Device Driver

File System

Networking

Security

Windows

Executive

Kernel

HAL

**010 So, here's just another way of looking at the user mode and the kernel mode. In user mode we have basic applications and services, again, such as my word processor, my web browser, services such as turning on my computer. I get the Windows logon service. I need to have that logon service in order for me to provide my credentials. That might be a user mode types of functionality. And then we have the kernel mode functionality. Kernel mode functionality, just to give you an idea, it controls input and output. So, we have the IO manager. So, any piece

Page 11 of 13

of hardware that is going to be attached to this computer system, you have to have elevated privileges in order to add hardware into the system and add drivers, and update those drivers, and so forth. We have the hardware abstraction layer that is part of what is referred to as the kernel mode executive. What he hardware extraction layer effectively allows us to do is make the underlying computer irrelevant to us. Well, what do I mean by that? I can take a Windows operating system and install it on-- well, my machine is a Dell machine. You might have a machine by another party. Maybe it's an HP machine. You might have another machine by Digital or somebody else. And I can install that one Windows operating system on all of those different manufacturer's products. Well, my machine might have two processors. Your machine might have one processor with multiple cores on in. My machine might have a video driver by company X. And your machine might have a video driver by company Y. The hardware abstraction layer says it doesn't really matter. It allows the operating system to lay on top of that hardware and figure out, if you will, how to interface and talk to the different pieces of-- the different platforms that are out there. All right.

Page 12 of 13

Notices

2

Notices© 2014 Carnegie Mellon University

This material is distributed by the Software Engineering Institute (SEI) only to course attendees for their own individual study.

Except for the U.S. government purposes described below, this material SHALL NOT be reproduced or used in any other manner without requesting formal permission from the Software Engineering Institute at [email protected].

This material was created in the performance of Federal Government Contract Number FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. The U.S. government's rights to use, modify, reproduce, release, perform, display, or disclose this material are restricted by the Rights in Technical Data-Noncommercial Items clauses (DFAR 252-227.7013 and DFAR 252-227.7013 Alternate I) contained in the above identified contract. Any reproduction of this material or portions thereof marked with this legend must also reproduce the disclaimers contained on this slide.

Although the rights granted by contract do not require course attendance to use this material for U.S. government purposes, the SEI recommends attendance to ensure proper understanding.

THE MATERIAL IS PROVIDED ON AN “AS IS” BASIS, AND CARNEGIE MELLON DISCLAIMS ANY AND ALL WARRANTIES, IMPLIED OR OTHERWISE (INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE, RESULTS OBTAINED FROM USE OF THE MATERIAL, MERCHANTABILITY, AND/OR NON-INFRINGEMENT).

CERT ® is a registered mark owned by Carnegie Mellon University.

Page 13 of 13