INDEX

S NO Practical Remarks
1 Discuss the architecture of the UNIX
operating system including kernel
structure and system calls
2 Explain the structure of an iNODE
and its role in file systems
3 Illustrate process scheduling
concepts and simulate a simple
scheduler
4 Explore inter-process
communication using System V IPC
5 Analyze malware using Honeypot
environment

6 Simulate access control

mechanisms in an operating system

7 Discuss System security

vulnerabilities and create a check
list for secure system configuration
8 Explore windows internals: Sockets
and connections

9 Demonstrate secure mobile

operating system configuration for
Android
10 Explain virtualization techniques
and their use in secure system
environments
 PRACTICAL – 1
Discuss the architecture of the UNIX operating system including
kernel structure and system calls
Aim
To understand and explain the architecture of the UNIX operating
system, focusing on the kernel structure and system calls.
Objective
To analyze the internal design of the UNIX operating system, learn
about the components of the kernel, and explore the working of
system calls like OPEN, READ, CLOSE, and others.
Theory
The UNIX operating system is a multiuser, multitasking operating
system that consists of three main layers:
 1. Hardware Layer:
Provides basic hardware resources like CPU, memory, and
storage devices.
2. Kernel Layer:
The core of the UNIX operating system, which manages system
resources and hardware communication. It has the following
components:
o File System Management: Handles files and directories
with structures like inodes.
o Process Management: Handles process creation,
scheduling, and termination.
o Memory Management: Allocates and manages memory
resources for processes.
o Device Drivers: Provides interfaces for peripheral
devices.
3. Shell/User Interface Layer:
o Acts as an interface between the user and the kernel. It
interprets user commands and passes them to the kernel
for execution.
System Calls in UNIX
System calls are used for communication between user programs and
the kernel. Some key system calls include:
 OPEN: Opens a file descriptor for a specified file.
 READ: Reads data from a file.
 WRITE: Writes data to a file.
 CLOSE: Closes an open file descriptor.
 CHMOD: Changes file permissions.
 FORK: Creates a new process.
For example - OPEN()

2. CHMOD()
Working of System Calls
When a user program makes a system call:
1. The control switches to the kernel mode from the user mode.
2. The kernel performs the requested operation.
3. The result is passed back to the user program.
System calls enable secure and controlled interaction with hardware
and system resources.
 PRACTICAL – 2
Explain the structure of an inode and its role in file systems
Aim
To study and understand the structure of an inode and its role in file systems.
Objective
To explore the role of inodes in managing files and directories in UNIX-based
file systems and understand their internal structure.
Theory
An inode (index node) is a fundamental data structure used in UNIX-based file
systems like ext3 and ext4 to store metadata about files and directories. Each
file or directory is represented by an inode, which acts as a container for its
attributes.
Structure of an Inode
An inode does not contain the file's name or actual data but stores the
following metadata:
1. File Type: Indicates whether the inode represents a file, directory, or
symbolic link.
2. Permissions: File access permissions (read, write, execute) for the owner,
group, and others.
3. Owner Information: User ID (UID) and group ID (GID) of the file owner.
4. File Size: Total size of the file in bytes.
5. Timestamps:
o Access Time (atime): Last time the file was read.
o Modification Time (mtime): Last time the file's content was
modified.
o Change Time (ctime): Last time the inode metadata was
modified.
6. Link Count: Number of references (hard links) to the file.
  Direct Pointers: Point directly to data blocks.
 Single Indirect Pointer: Points to a block containing addresses of other
data blocks.
 Double Indirect Pointer: Points to a block containing addresses of single
indirect blocks.
 Triple Indirect Pointer: Points to a block containing addresses of double
indirect blocks.
This hierarchical structure enables the efficient management of large files.

Details of a file using ls-I and stat in terminal-

 PRACTICAL – 3
Illustrate process scheduling concepts and simulate a simple
scheduler
Aim

To understand process scheduling concepts in operating systems and simulate a simple

scheduler for managing process execution.

Objective

To illustrate the principles of process scheduling, including different algorithms, and simulate
a basic scheduling algorithm to observe how processes are allocated CPU time.

Theory

Process Scheduling

Process scheduling is the mechanism by which the operating system allocates the CPU to
different processes. It ensures that system resources are used efficiently and fairly while
maintaining overall system performance.

Scheduling Types

1. Preemptive Scheduling: The scheduler can interrupt a running process and allocate
the CPU to another process (e.g., Round Robin, Shortest Remaining Time First).
2. Non-Preemptive Scheduling: Once a process starts execution, it cannot be
interrupted until it completes (e.g., First Come First Serve, Shortest Job First).

Scheduling Algorithms

3. First Come First Serve (FCFS): Processes are executed in the order they
arrive.
4. Shortest Job First (SJF): The process with the shortest burst time is
executed first.
5. Round Robin (RR): Processes are executed in time slices (quantum) in a cyclic
order.
6. Priority Scheduling: Processes are executed based on their priority levels.

Simulation Example

We simulate a Round Robin Scheduler to demonstrate how time-sharing works.

Explanation of the Simulation
1. Input: The processes are represented by their process ID and burst time.
2. Logic: The scheduler cycles through the processes, assigning each one a quantum of
CPU time. If a process cannot finish in the given quantum, it is added back to the
queue.
3. Output: The Gantt chart shows the time slots assigned to each process.
 PRACTICAL - 4
Explore inter-process communication using System V IPC
Aim

To explore the concepts and implementation of Inter-Process Communication (IPC) using

System V IPC mechanisms such as message queues, semaphores, and shared memory.

Objective

To understand how processes can communicate and synchronize using System V IPC and
implement basic examples for each mechanism.

Theory

Inter-Process Communication (IPC)

IPC allows processes to exchange data and synchronize their actions. System V IPC provides
a robust set of tools for this purpose, including message queues, semaphores, and shared
memory.

System V IPC Mechanisms

1. Message Queues
o Allows processes to send and receive messages in a queue structure.
o Messages are stored until a process retrieves them.
 2. Semaphores
o Used for synchronization to avoid race conditions.
o A semaphore is a counter used to control access to shared resources.

3. Shared Memory
o The fastest IPC mechanism, allowing multiple processes to share a segment of
memory.

System Calls Used in System V IPC

 msgget(), msgsnd(), msgrcv() for Message
Queues.
 semget(), semop(), semctl() for Semaphores.
 shmget(), shmat(), shmdt() for Shared Memory
 PRACTICAL – 5
Analyze malware using Honeypot environment
Aim

To analyze malware behavior and its impact by deploying and monitoring it in a Honeypot
environment.

Objective
 To understand the concept and purpose of a Honeypot in cybersecurity.
 To safely capture and study malware in a controlled environment.
 To extract insights into the malware's operation, such as its communication channels
and attack vectors.

Theory

Honeypot

A Honeypot is a decoy system or network designed to attract cyber attackers. It allows

security researchers to study attacker behavior and collect valuable data about exploits,
malware, and vulnerabilities.

Types of Honeypots

1. Low-Interaction Honeypots
o Simulates limited functionality to detect and log malicious activities.
2. High-Interaction Honeypots
o Mimics real systems to engage attackers for detailed analysis.

Steps in Malware Analysis with a Honeypot

3. Deploy the Honeypot: Set up a virtualized or isolated environment using tools

like
Honeyd, Cowrie, or Dionaea.
2. Capture Malware: Attract malware by simulating vulnerabilities or exposing open
ports.
3. Monitor Behavior: Use monitoring tools to log system activities, network traffic, and
file changes.
4. Analyze Results: Identify the malware's characteristics, such as command-and-
control (C2) servers, payloads, and impact.

Setup for Practical Demonstration

Tools Required

 Honeypot Software: Cowrie or Dionaea.

 Network Monitoring: Wireshark, tcpdump.
 Virtual Machine Environment: VirtualBox or VMware.
 Malware Analysis Tools: Cuckoo Sandbox.

Implementation Example

Step 1: Deploy a Honeypot

Install Dionaea (a low-interaction honeypot) on a Linux system.

Step 2: Configure Dionaea

Step 3: Start Dionaea

Step 4: Attract Malware

Expose the honeypot to the internet by configuring the network. Monitor for incoming
connections or exploit attempts.

Step 5: Monitor Traffic

Use Wireshark to capture traffic data:

 PRACTICAL – 6
Simulate access control mechanisms in an operating system
Aim

To simulate access control mechanisms in an operating system and understand their role in
restricting unauthorized access.

Objective
 To understand how access control mechanisms manage user permissions.
 To simulate file-based access control using user roles and permissions.
 To evaluate the effectiveness of access control in securing system resources.

Theory

Access Control Mechanisms

Access control mechanisms are policies and procedures that regulate who can access system
resources and what operations they can perform. They ensure that only authorized users can
access sensitive data or perform restricted actions.

Types of Access Control

1. Discretionary Access Control (DAC)

o Permissions are granted based on user identity or group membership.
o Example: chmod in Linux.
2. Mandatory Access Control (MAC)
o Access is based on system policies defined by security labels.
o Example: SELinux (Security-Enhanced Linux).
3. Role-Based Access Control (RBAC)
o Access is granted based on predefined roles.
o Example: Admin vs. Guest privileges.

Implementation Steps

Tools/Prerequisites

 Operating System: Linux or Windows.

 Programming Language: Python (for simulation).
 Virtual Machine: VirtualBox (if needed for testing).

Code Implementation Example

Simulating Access Control Using Python

This script demonstrates file-based access control based on roles.

Linux-Based Access Control Simulation

Using chmod and chown to set permissions on

files.

1. Create a File

Set Permissions for Specific Users

Grant read and write access to the owner, read access to the group, and no access to others:

ChangeOwnership
 PRACTICAL – 7
Discuss System security vulnerabilities and create a check list
for secure system configuration
Aim

To discuss system security vulnerabilities and create a comprehensive checklist for secure
system configuration.

Objective
 To identify common vulnerabilities in operating systems.
 To understand the best practices for mitigating these vulnerabilities.
 To create a practical checklist to ensure secure system configuration.

Theory

System Security Vulnerabilities

System vulnerabilities are weaknesses or flaws in an operating system that can be exploited
by attackers to gain unauthorized access or disrupt normal operations.

Types of Vulnerabilities:

1. Unpatched Software
o Outdated software with known vulnerabilities.
2. Weak Authentication
o Weak or default passwords, absence of multi-factor authentication.
3. Misconfigured Systems
o Default settings, excessive permissions, or unused services running.
4. Malware and Viruses
o Exploiting unprotected systems via malicious software.
5. Insufficient Monitoring
o Lack of logs or alerts for unusual activities okkay.

Checklist for Secure System Configuration

1. System Updates

 Ensure all software and the operating system are updated.

 Enable automatic updates where possible.
2. Authentication

 Use strong passwords (minimum 12 characters with complexity).

 Enforce multi-factor authentication (MFA).
 Disable unused accounts and change default credentials.

3. Network Security

 Enable and configure a firewall.

 Disable unused network services (e.g., Telnet, FTP).
 Restrict inbound and outbound traffic to necessary ports.

4. File and Directory Permissions

 Use least privilege principles for user accounts.

 Set appropriate permissions on sensitive files (chmod, chown).

5. Malware Protection

 Install and regularly update antivirus software.

 Use real-time scanning and periodic system scans.

6. Logging and Monitoring

 Enable logging for authentication attempts, system changes, and network access.
 Regularly review logs for anomalies.
 Use intrusion detection systems (IDS) like Snort.

7. Encryption

 Encrypt sensitive data at rest and in transit (e.g., TLS, BitLocker).

 Use strong algorithms such as AES for encryption.

8. Backup

 Schedule regular backups of critical data.

 Store backups in a secure and offsite location.

9. Application Security

 Limit third-party software installations.

 Review permissions for installed applications.

10. Physical Security

 Restrict physical access to servers and devices.

 Use BIOS/UEFI passwords to prevent unauthorized booting.
Implementation

Sample Configuration Using Linux

1. Update the System

2. Set Strong Password Policies

Edit /etc/security/pwquality.conf to enforce password complexity:

3. Enable Firewall (UFW)

4. Set File Permissions

5. Schedule Backups
Use rsync or a tool like Timeshift for periodic
backups.

Testing

1. Run Vulnerability Scanners

o Use tools like Nessus or OpenVAS to identify misconfigurations or
vulnerabilities.
 PRACTICAL - 8
Explore windows internals: Sockets and connections

Aim

To explore Windows internals related to sockets and connections, including their structure
and how they enable communication in networked systems.

Objective
 To understand how sockets and connections function within the Windows operating
system.
 To learn the basics of socket programming in Windows.
 To demonstrate the creation of a simple socket program for communication.

Theory

What Are Sockets?

Sockets are endpoints for sending and receiving data across a network. They provide an
interface for programming network communication protocols, enabling processes to
communicate over the network.

Types of Sockets

1. Stream Sockets (TCP)

o Provide reliable, ordered, and error-checked delivery of data.
2. Datagram Sockets (UDP)
o Provide connectionless communication with less overhead but no guarantee of
delivery.

Windows Sockets (Winsock)

 The Windows operating system uses the Winsock API to manage network
communications.
 Winsock supports various protocols, including TCP/IP.
 Common Winsock functions include:
o socket(): Creates a socket.
o bind(): Associates a socket with an IP address and port.
o listen() and accept(): Used for server-side connection
handling.
o connect(): Used for client-side connection establishment.
o send() and recv(): Send and receive data.

How Connections Work in Windows

 1. Client-Server Model
o The server listens on a specific port for incoming connections.
o The client initiates a connection to the server's IP and port.
2. Connection Lifecycle
o Server: socket -> bind -> listen -> accept
o Client: socket -> connect
o Data transfer uses send and recv.
3. State Tracking
o Windows maintains a state for each socket connection to ensure proper
handling of data flow.

Implementation

Example Code for Sockets in Windows

1. Server-Side Code (TCP Socket)

 2. Client-Side Code (TCP Socket)

Testing and Results

1. Run the Server Program

o Open a terminal and run the server code. The server starts listening for
connections.
2. Run the Client Program
o Open another terminal and run the client code. It sends a message to the
server.
3. Verify Communication
o The server receives the message and sends a response to the client. Both
programs display the messages exchanged.

Applications of Sockets and Connections in Windows

 Enabling web servers to communicate with browsers.
 Creating chat applications.
 Facilitating data exchange between distributed systems.
 PRACTICAL – 9
Demonstrate secure mobile operating system configuration
for Android
Aim

To demonstrate secure configuration practices for the Android mobile operating system to
enhance security and protect user data.

Objective
 To understand common security risks associated with Android devices.
 To implement secure configurations to mitigate these risks.
 To test and verify the security settings for optimal protection.

Theory

Android Operating System

Android is an open-source mobile operating system widely used on smartphones, tablets, and
other devices. Its open nature makes it flexible but also introduces potential security
vulnerabilities.

Common Security Risks

1. Malware and Spyware: Applications with malicious code.

2. Data Leakage: Unauthorized access to sensitive information.
3. Weak Authentication: Lack of secure lock screens or credentials.
4. Untrusted Networks: Risks from connecting to public Wi-Fi.
5. Outdated Software: Vulnerabilities in older versions of Android.

Secure Configuration Best Practices

6. Enable Screen Lock: Use PIN, password, or biometrics.

7. Encrypt the Device: Ensure data-at-rest is encrypted.
8. Restrict App Permissions: Review and minimize app access to sensitive features.
9. Disable Developer Options: Prevent unauthorized debugging or modification.
10. Keep Software Updated: Install the latest Android and app updates.
11. Enable Google Play Protect: Actively scans for malicious apps.
12. Avoid Unknown Sources: Only install apps from trusted sources like Google Play
Store.
13. Secure Network Usage: Use a VPN for public Wi-Fi connections.

Implementation
Step-by-Step Secure Configuration

1. Enable Screen Lock

o Navigate to Settings > Security > Screen Lock.
o Select a secure option: Pattern, PIN, Password, or Biometrics.
2. Device Encryption
o Go to Settings > Security > Encrypt Phone.
o Follow the on-screen instructions to encrypt your device (if not already
encrypted).
3. Review App Permissions
o Open Settings > Apps > App Permissions.
o Revoke unnecessary permissions (e.g., location, camera, microphone) for
apps.

4. Disable Developer Options

o Navigate to Settings > System > Developer Options.
o Toggle off if enabled.
5. Enable Google Play Protect
o Go to Google Play Store > Menu > Play Protect.
o Ensure "Scan device for security threats" is turned on.
6. Avoid Unknown Sources
o Navigate to Settings > Security > Install Unknown Apps.
o Disable for all apps unless required.
7. Install a VPN
o Download a trusted VPN app (e.g., NordVPN, ExpressVPN).
o Configure and enable the VPN for secure internet browsing.
8. Update Software Regularly
o Go to Settings > System > System Updates.
o Check for and install any pending updates.
Testing and Results

1. Simulate Malware Detection

o Download a harmless test file like the EICAR antivirus test file.
o Use Google Play Protect to detect and remove it.
2. Verify Permissions
o Open an app and check if restricted permissions prevent access (e.g., deny
camera access and try using the camera feature in the app).
3. Test Encryption
o Use forensic tools like FTK Imager to confirm data is encrypted.

Applications
 Personal data protection against unauthorized access.
 Securing enterprise data in BYOD (Bring Your Own Device) environments.
 Preventing cyberattacks like malware infections and data theft.
 PRACTICAL – 10
Explain virtualization techniques and their use in secure
system environments
Aim

To explain virtualization techniques and their applications in creating secure system

environments.

Objective
 To understand different types of virtualization techniques.
 To explore how virtualization can enhance security.
 To demonstrate practical use cases of virtualization for securing system
environments.

Theory

What is Virtualization?

Virtualization is the creation of a virtual version of physical resources, such as servers,

storage devices, or network resources. It allows a single physical system to run multiple
virtual environments, called virtual machines (VMs), each with its own operating system and
applications.

Types of Virtualization

1. Hardware Virtualization
o Uses a hypervisor to manage VMs running on a physical server.
o Types of hypervisors:
 Type 1 (Bare-Metal Hypervisor): Runs directly on the hardware
(e.g., VMware ESXi, Microsoft Hyper-V).
 Type 2 (Hosted Hypervisor): Runs on an existing operating system
(e.g., VMware Workstation, VirtualBox).
2. Operating System Virtualization
o Uses a containerized environment to isolate applications and services.
o Examples: Docker, LXC (Linux Containers).
3. Network Virtualization
o Virtualizes network resources to create isolated network environments.
o Examples: VLANs, Software-Defined Networking (SDN).
4. Storage Virtualization
o Abstracts storage resources to improve scalability and management.
o Example: Network-Attached Storage (NAS), Storage Area Network (SAN).
Security Benefits of Virtualization

1. Isolation
o Virtualization provides isolation between virtual machines, meaning one
compromised VM cannot directly affect others.
o It helps prevent cross-contamination of systems in a multi-tenant
environment.
2. Snapshot and Cloning
o Snapshots allow you to save the state of a virtual machine at a particular point
in time, making it easy to roll back to a secure state after a breach or system
failure.
o Cloning allows for rapid creation of identical VMs, useful for rapid recovery
or deploying secure templates.
3. Sandboxing
o Virtualization enables the creation of isolated environments (sandboxes) to
safely test potentially malicious software or configurations.
o This reduces the risk of running untrusted code on a production machine.
4. Security Monitoring and Control
o Virtualization technologies allow for centralized management of security
policies and configurations.
o Hypervisors can monitor VM activities for suspicious behavior and enforce
security policies across all VMs.
5. Access Control
o VMs can be configured with strict access controls, ensuring that only
authorized users and processes can interact with sensitive resources.
o Virtualization tools offer detailed logging of VM activities for auditing
purposes.

Implementation

1. Using Virtualization for Secure Environments

To secure a system using virtualization, follow these steps:

1. Set Up Virtualization Environment

o Install a Type 1 hypervisor like VMware ESXi or Microsoft Hyper-V on a
dedicated server.
2. Create Virtual Machines
o Install operating systems in virtual machines to isolate various applications
and services.
o Example: A VM running a web server and another running a database server,
both isolated from each other.
3. Apply Security Configurations
o Set up firewalls and anti-malware on each VM.
o Implement role-based access control (RBAC) for VM access.
o Configure network isolation between VMs using virtual network interfaces.
4. Use Snapshots for Backup and Recovery
o Take snapshots of VMs before making significant changes to ensure you can
roll back to a secure state.
 o Example: Take a snapshot of the web server VM before applying patches.
5. Implement Security Monitoring
o Use hypervisor tools to monitor VM performance and detect any unusual
activities.
o Example: Enable logging in VMware ESXi and review it regularly for
potential security incidents.

6. Using Virtualization for Sandboxing

1. Set Up a Virtual Machine

o Create a VM to run untrusted or potentially dangerous applications.
2. Isolate the VM
o Configure the VM with minimal access to the host system to limit potential
damage.
3. Run the Malicious Application
o Install and test the application within the VM to observe its behavior.
o If the application attempts malicious activity, it will be contained within the
VM.
4. Restore Secure State
o After testing, revert to the VM snapshot to eliminate any changes made by the
application.

Testing and Results

1. Test Isolation
o Launch multiple VMs with different security configurations (e.g., one
vulnerable, one hardened).
o Simulate an attack on the vulnerable VM and ensure the other VMs remain
unaffected.
2. Snapshot Reversal
o Make a configuration change in a VM (e.g., disable a security feature).
o Roll back to a previous snapshot and verify that the changes are undone.
3. Sandboxing Test
o Run an unknown or untrusted application inside a VM.
o Observe if it can access the underlying system or if it is contained within the
VM.
IES COLLEGE OF TECHNOLOGY, BHOPAL
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

LAB FILE

Student Name : Shruti Shrivastava

Roll No : 0177CY221047

Subject : OS Internals for security & support

Subject Code : CY 501

Branch : COMPUTER SCIENCE & ENGINEERING

Semester : 5TH

IES College of Technology, Bhopal

Department of Computer Science & Engineering

Rajiv Gandhi Proudyogiki Vishwavidyalaya, Bhopal