SlideShare a Scribd company logo

Osonto documentatie

W
wondernet

The document presents an ontology of a general operating system that could be used as a guideline for security software to create snapshots of operating systems for intrusion detection. It describes the main classes that make up an operating system like SystemObject, Resource, ObjectType, and AdditionalObject. Resources like the CPU, memory, and hardware are described. Additional security objects like ACLs, DACLs, and users are also defined. System objects like files, processes, and threads are outlined. Object types that describe the possible states of system objects are included to make the ontology clear. Individual instances are created to make the ontology practical.

1 of 22
OSOnto Razvan Benchea, Catalin Lita BogdanTimofte Abstract. The operating system has always been one of the most important part of the software that runs on a computer. As technology becomes more and more advanced so does the software. In this paper we present an ontology of a general operating system. This ontology may be used as a guide line for security software that wants to create a snapshot of an operating system in order to detect intrusion detection. Keywords: operating system, ontology, security 1 Introduction 1.1 Motivation In the last years more and more devices have been created that use an operating system already available on the market. Even though the devices have become more and more complex, the basic architecture of an operating system remains the same. Mainly this is because the architecture of a device is still based on a Turing Machine. In the last few years we also witnessed a great increase in the number of malware. Because of the great number of malware that appear every day, most of the security products can no longer analyze every malware so they are searching for an automated way of detecting it. By giving a logical description of every part of an operating system, one can use it to create a snapshot of a running machine and compare it to a original one. By comparing the differences one can detected, based on additional heuristics, if the system has been compromised. 2 Organizational structure 2.1 An operating system’s basic description is given in the following section presenting requirements that need to be fulfilled. Then, as components are identified,
more detail is presented about each concept modeled in the ontology. Short descriptions and graphs showing the ontology are also presented. Conclusions and future work are described in the last section. Annex 1 contains a list of classes and properties with a brief. The main classes that make the operating system are SystemObject, Resource, ObjectType and AdditionalObject. The SystemObject will contain every object that we consider fundamental. A resource refers to a piece of hardware controlled by an operating system. This part is responsible for maintaining a list of available resource for every piece of hardware that makes an operating system(ex: used memory, total memory, free memory). The class ObjectType contains individuals that describe every object and state in the ontology. AdditionalObject contain objects that are not general for an operating system. These object may be used or not. We described here the users and some security specifications.
2.2 Resources The superscript numeral used to refer to a footnote appears in the text either directly after the word to be discussed or – in relation to a phrase or a sentence – following the punctuation mark (comma, semicolon, or period). Footnotes should appear at the bottom of the normal text area, with a line of about 5cm set immediately above them 1 The central processing unit (CPU) is the portion of a computer system that carries out the instructions of a computer program, and is the primary element carrying out the computer's functions. The central processing unit carries out each instruction of the program in sequence, to perform the basic arithmetical, logical, and input/output operations of the system. This term has been in use in the computer industry at least since the early 1960s.[1] The form, design and implementation of CPUs have changed dramatically since the earliest examples, but their fundamental operation remains much the same. The fundamental operation of most CPUs, regardless of the physical form they take, is to execute a sequence of stored instructions called a program. The program is represented by a series of numbers that are kept in some kind of computer memory. There are four steps that nearly all CPUs use in their operation: fetch, decode, execute, and writeback. The clock rate is the speed at which a microprocessor executes instructions. Every computer contains an internal clock that regulates the rate at which instructions are executed and synchronizes all the various computer components. The CPU requires a fixed number of clock ticks (or clock cycles) to execute each instruction. The faster the clock, the more instructions the CPU can execute per second. Another strategy of achieving performance is to execute multiple programs or threads in parallel. This area of research is known as parallel computing. In Flynn's taxonomy, this strategy is known as Multiple Instructions-Multiple Data or MIMD.. 2.3 Additional Objects We described here mainly Security Objects. If the ontology wishes to be extended this is where the new objects should be used. Currently there are described here the following Objects: ACL, DACL, USER. An access control list (ACL) is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject and an operation. For instance, if a file has an ACL that contains (Alice, delete), this would give Alice permission to delete the file. 1
The ACL is technically a list of access control entries (ACE). Each ACE in an ACL identifies a trustee and specifies the access rights allowed, denied, or audited for that trustee. The security descriptor for a securable object can contain two types of ACLs: a DACL and a SACL. A discretionary access control list (DACL) identifies the trustees that are allowed or denied access to a securable object. When a process tries to access a securable object, the system checks the ACEs in the object's DACL to determine whether to grant access to it. If the object does not have a DACL, the system grants full access to everyone. If the object's DACL has no ACEs, the system denies all attempts to access the object because the DACL does not allow any access rights. The system checks the ACEs in sequence until it finds one or more ACEs that allow all the requested access rights, or until any of the requested access rights are denied. For more information, see How DACLs Control Access to an Object. A user account allows a user to authenticate to system services and be granted authorization to access them; however, authentication does not imply authorization. To log in to an account, a user is typically required to authenticate oneself with a password or other credentials for the purposes of accounting, security, logging, and resource management.Once the user has logged on, the operating system will often use an identifier such as an integer to refer to them, rather than their username, through a process known as identity correlation 2.4 System Objects Files: A computer file is a block of arbitrary information, or resource for storing information, which is available to a computer program and is usually based on some kind of durable storage. A file is durable in the sense that it remains available for programs to use after the current program has finished. Computer files can be considered as the modern
counterpart of paper documents which traditionally are kept in offices' and libraries' files, and this is the source of the term. Processes. A key abstraction utilized in the design of an operating system is the notion of process. A process is a program in execution. The status of a process includes: - the code that is executing - the values of its variables - the contents of the CPU registers, especially the program counter (PC) - the state of the process (running, ready, waiting, etc.) At any given time, the system kernel is managing a collection of processes. Some are user processes (shells, applications, etc.), some are system processes (print spooler, accounting process, etc.) An important kernel function is the management of processes. The kernel is responsible for creating, scheduling and deleting processes and often for inter-process communication.A thread of execution is the smallest unit of processing that can be scheduled by an operating system. It generally results from a fork of a computer program into two or more concurrently running tasks.Multiple threads can exist within the same process and share resources such as memory, while different processes do not share these resources. In particular, the threads of a process share the latter's instructions (its code) and its context (the values that its variables reference at any given moment). Threads differ from traditional multitasking operating system processes in that: processes are typically independent, while threads exist as subsets of a process processes carry considerable state information, whereas multiple threads within a process share state as well as memory and other resources processes have separate address spaces, whereas threads share their address space processes interact only through system-provided inter-process communication mechanisms. Context switching between threads in the same process is typically faster than context switching between processes.
2.5 Object Type In order to make the ontology as clear as possible we included the state of system objects in ObjectType. The Class object type describes every state that an object (system object or additional object) can be at one moment in time. It describes the state of processes, thread, files, user rights, priorities, etc: 4 Individuals In order to make the ontology as practical as we could we created some instances of the classes described above. In fact, we created the same individuals that will appear in a windows machine. We present you a screen-shot from Protégé 4.0 of the way individuals are organized. Due to the lack of space, we did not include here all the individuals. For example, we did not include processes, threads or file. These can be observed by opening the ontology
5 Conclusions An OS takes care for all input and output in a computer system. It manages users, processes, memory management, printing, telecommunication, networking etc. It sends data to a disk, the printer, the screen and other peripherals connected to the computer. And because every machine is build different, commands for in or output will have to be treated differently too. In almost all cases an Operating System is not one large big behemoth but consists of many small system programs governed by the core or kernel of the OS. Because of the compactness of these small supporting programs it is easier to rewrite parts or packages of the OS than to redesign an entire program. In general programmers only have to make a "call" to the system to make
things happen. This not only makes their live less miserable but the production time becomes shorter. As well as that programs can run on different types of machines with the same family of CPU's without changing anything in the program. This is what makes a standard Operating System so important. In fact any form of standardization is important for production and compatibility. In our ontology we tried to create an operating system as general as possible that can be used for many aspects. We presented the class Additional Objects as an way to extend this ontology and we gave an example by using security objects.
ANNEX 1 Class: AccessRightType • + Thing o + ObjectType  AccessRightType Equivalents (1) • {Deny, Alow} Superclasses (1) • ObjectType Disjoints (5) FileType, RightType, SystemUserType, ThreadPriorityType, ThreadStateT ype Disjoints (2) Alow, Deny Usage (3) • Alow: AccessRightType • Deny: AccessRightType • hasType Range AccessRightType Class: ACL + Thing + AditionalObject  ACL Superclasses (1) • AditionalObject Disjoints (2) DACL, User Disjoints (4) aclAlowBMR, aclAlowBTE, aclAlowKID, aclDenyBMR Usage (8) • aclAlowBMR: ACL • aclAlowBTE: ACL • aclAlowKID: ACL
• aclDenyBMR: ACL • hasRight Domain ACL • hasType Domain ACL • hasUser Domain ACL • hasACL Range ACL Class: AditionalObject + Thing + AditionalObject  ACL  DACL  User Superclasses (1) Thing Disjoints (3) ObjectType, Resource, SystemObject Class: AttributeType + Thing o + ObjectType  AttributeType Equivalents (1) {AttributeExecute, AttributeWrite, AttributeArchive, AttributeHidden, At tributeRead, AttributeSystem} Superclasses (1) ObjectType Disjoints (6) AttributeArchive, AttributeExecute, AttributeHidden, AttributeRead, Attrib uteSystem, AttributeWrite Usage (7) • AttributeArchive: AttributeType • AttributeExecute: AttributeType • AttributeHidden: AttributeType • AttributeRead: AttributeType • AttributeSystem: AttributeType • AttributeWrite: AttributeType • hasFileAttribute Range AttributeType
Class: CPU + Thing + Resource  CPU Superclasses (1) Resource Disjoints (2) HDD, Memory Disjoints (1) primaryCPU Usage (5) • primaryCPU: CPU • hasFreeComputingPowerValue Domain CPU • hasTotalComputingPowerValue Domain CPU • hasUsedComputingPowerValue Domain CPU • hasRunningThreadID Domain CPU Class: DACL + Thing + AditionalObject  DACL Superclasses (1) AditionalObject Disjoints (2) ACL, User Disjoints (2) DACL_allow_BTE_KID_deny_BMR, DACL_alow_BMR_BTE_KID Usage (4) • DACL_allow_BTE_KID_deny_BMR: DACL • DACL_alow_BMR_BTE_KID: DACL • hasACL Domain DACL • hasDacl Range DACL Class: File + Thing + SystemObject File
Superclasses (1) SystemObject Disjoints (2) Process, Thread Disjoints (64) file_aaclient.dll, file_acaptuser64.dll, file_accessibilitycpl.dll, file_ACCTRE S.dll, file_acledit.dll, file_aclui.dll, file_acppage.dll, file_acproxy.dll,file_Acti onCenter.dll, file_ActionCenterCPL.dll, file_ActionQueue.dll, file_activeds.dll , file_actxprxy.dll, file_AdapterTroubleshooter.exe,file_admparse.dll, file_Ad mTmpl.dll, file_AdobePDF.dll, file_AdobePDFUI.dll, file_adprovider.dll, file_a dsldp.dll, file_adsldpc.dll,file_adsmsext.dll, file_adsnt.dll, file_adtschema.dll , file_advapi32.dll, file_advpack.dll, file_aecache.dll, file_aeevts.dll, file_aei nv.dll,file_aelupsvc.dll, file_aepdu.dll, file_aepic.dll, file_aitagent.exe, file_a lg.exe, file_AltTab.dll, file_amstream.dll, file_amxread.dll,file_apds.dll, file_ api-ms-win-core-io-l1-1-0.dll, file_api-ms-win-core-ums-l1-1-0.dll, file_apil ogen.dll, file_apircl.dll, file_apisetschema.dll,file_apphelp.dll, file_Apphlpdm .dll, file_appidapi.dll, file_appidcertstorecheck.exe, file_appidpolicyconverte r.exe,file_AppIdPolicyEngineApi.dll, file_appidsvc.dll, file_calc.exe, file_csrs s.exe, file_explorer.exe, file_firefox.exe, file_kernel32.dll,file_lsass.exe, file _notepad.exe, file_ntdll.dll, file_services.exe, file_smss.exe, file_solitaire.ex e, file_spoolsv.exe, file_svchost.exe,file_winlogon.exe Usage (70) • file_aaclient.dll: File • file_acaptuser64.dll: File • file_accessibilitycpl.dll: File • file_ACCTRES.dll: File • file_acledit.dll: File • file_aclui.dll: File • file_acppage.dll: File • file_acproxy.dll: File • file_ActionCenter.dll: File • file_ActionCenterCPL.dll: File • file_ActionQueue.dll: File • file_activeds.dll: File • file_actxprxy.dll: File • file_AdapterTroubleshooter.exe: File • file_admparse.dll: File • file_AdmTmpl.dll: File • file_AdobePDF.dll: File • file_AdobePDFUI.dll: File • file_adprovider.dll: File
• file_adsldp.dll: File • file_adsldpc.dll: File • file_adsmsext.dll: File • file_adsnt.dll: File • file_adtschema.dll: File • file_advapi32.dll: File • file_advpack.dll: File • file_aecache.dll: File • file_aeevts.dll: File • file_aeinv.dll: File • file_aelupsvc.dll: File • file_aepdu.dll: File • file_aepic.dll: File • file_aitagent.exe: File • file_alg.exe: File • file_AltTab.dll: File • file_amstream.dll: File • file_amxread.dll: File • file_apds.dll: File • file_api-ms-win-core-io-l1-1-0.dll: File • file_api-ms-win-core-ums-l1-1-0.dll: File • file_apilogen.dll: File • file_apircl.dll: File • file_apisetschema.dll: File • file_apphelp.dll: File • file_Apphlpdm.dll: File • file_appidapi.dll: File • file_appidcertstorecheck.exe: File • file_appidpolicyconverter.exe: File • file_AppIdPolicyEngineApi.dll: File • file_appidsvc.dll: File • file_calc.exe: File • file_csrss.exe: File • file_explorer.exe: File • file_firefox.exe: File • file_kernel32.dll: File • file_lsass.exe: File • file_notepad.exe: File • file_ntdll.dll: File
• file_services.exe: File • file_smss.exe: File • file_solitaire.exe: File • file_spoolsv.exe: File • file_svchost.exe: File • file_winlogon.exe: File • hasFileAddressValue Domain File • hasFileName Domain File • hasFileSizeValue Domain File • hasFileAttribute Domain File • hasFileType Domain File • hasOpenFile Range File Class: FileType + Thing + ObjectType  FileType Equivalents (1) {Folder, SystemFile, Document, Executable} Superclasses (1) ObjectType Disjoints (5) AccessRightType, RightType, SystemUserType, ThreadPriorityType, Thre adStateType Disjoints (4) Document, Executable, Folder, SystemFile Usage (5) • Document: FileType • Executable: FileType • Folder: FileType • SystemFile: FileType • hasFileType Range FileType Class: HDD + Thing + Resource HDD Superclasses (1)
Resource Disjoints (2) CPU, Memory Disjoints (1) primaryHDD Usage (4) • primaryHDD: HDD • hasFreeSpaceValue Domain HDD • hasTotalSpaceValue Domain HDD • hasUsedSpaceValue Domain HDD Class: Memory + Thing + Resource Memory Superclasses (1) • Resource Disjoints (2) CPU, HDD Disjoints (1) primaryMemory Usage (4) • primaryMemory: Memory • hasFreeMemoryValue Domain Memory • hasTotalMemoryValue Domain Memory • hasUsedMemoryValue Domain Memory Class: ObjectType + Thing + ObjectType AccessRightType AttributeType FileType 4 more... Superclasses (1) • Thing Disjoints (3)
AditionalObject, Resource, SystemObject Class: Process + Thing + SystemObject Process Superclasses (1) SystemObject Disjoints (2) File, Thread Disjoints (14) alg.exe, calc.exe, csrss.exe, explorer.exe, firefox.exe, lsass.exe, notepad .exe, services.exe, smss.exe, solitaire.exe, spoolsv.exe,svchost.exe, syste m.exe, winlogon.exe Usage (22) • alg.exe: Process • calc.exe: Process • csrss.exe: Process • explorer.exe: Process • firefox.exe: Process • lsass.exe: Process • notepad.exe: Process • services.exe: Process • smss.exe: Process • solitaire.exe: Process • spoolsv.exe: Process • svchost.exe: Process • system.exe: Process • winlogon.exe: Process • hasCPUUsageValue Domain Process • hasMemoryUsageValue Domain Process • hasProcessIDValue Domain Process • hasOpenFile Domain Process • hasParent Domain Process • hasThread Domain Process • hasParent Range Process • isFromProcess Range Process Class: Resource
+ Thing + Resource CPU HDD Memory Superclasses (1) • Thing Disjoints (3) AditionalObject, ObjectType, SystemObject Class: RightType + Thing + ObjectType RightType Equivalents (1) • {RightExecute, RightRead, RightWrite} Superclasses (1) • ObjectType Disjoints (5) AccessRightType, FileType, SystemUserType, ThreadPriorityType, Thread StateType Disjoints (3) RightExecute, RightRead, RightWrite Usage (4) • RightExecute: RightType • RightRead: RightType • RightWrite: RightType • hasRight Range RightType Class: SystemObject + Thing + SystemObject File Process
Thread Superclasses (1) • Thing Disjoints (3) AditionalObject, ObjectType, Resource Usage (2) • hasDacl Domain SystemObject • hasOwner Domain SystemObject Class: SystemUserType + Thing + ObjectType SystemUserType Equivalents (1) • {userTypeNormal, userTypeAdministrator, userTypeGuest} Superclasses (1) • ObjectType Disjoints (5) AccessRightType, FileType, RightType, ThreadPriorityType, ThreadStateT ype Disjoints (3) userTypeAdministrator, userTypeGuest, userTypeNormal Usage (4) • userTypeAdministrator: SystemUserType • userTypeGuest: SystemUserType • userTypeNormal: SystemUserType • hasSystemRight Range SystemUserType Class: Thread + Thing + SystemObject Thread Superclasses (1) • SystemObject Disjoints (2) File, Process
Disjoints (25) threadId1000, threadId1004, threadId1008, threadId1012, threadId101 6, threadId1020, threadId1024, threadId1028, threadId1032,threadId1036 , threadId1040, threadId1044, threadId1048, threadId1052, threadId1056, threadId1060, threadId1064, threadId1068,threadId1072, threadId1076, t hreadId1080, threadId1084, threadId1088, threadId1092, threadId1096 Usage (31) • threadId1000: Thread • threadId1004: Thread • threadId1008: Thread • threadId1012: Thread • threadId1016: Thread • threadId1020: Thread • threadId1024: Thread • threadId1028: Thread • threadId1032: Thread • threadId1036: Thread • threadId1040: Thread • threadId1044: Thread • threadId1048: Thread • threadId1052: Thread • threadId1056: Thread • threadId1060: Thread • threadId1064: Thread • threadId1068: Thread • threadId1072: Thread • threadId1076: Thread • threadId1080: Thread • threadId1084: Thread • threadId1088: Thread • threadId1092: Thread • threadId1096: Thread • hasThreadIDValue Domain Thread • hasThreadPriority Domain Thread • hasThreadState Domain Thread • isFromProcess Domain Thread • hasRunningThreadID Range Thread • hasThread Range Thread Class: ThreadPriorityType
+ Thing + ObjectType ThreadPriorityType Equivalents (1) • {Low, Medium, High} Superclasses (1) • ObjectType Disjoints (5) AccessRightType, FileType, RightType, SystemUserType, ThreadStateTyp e Disjoints (3) High, Low, Medium Usage (4) • High: ThreadPriorityType • Low: ThreadPriorityType • Medium: ThreadPriorityType • hasThreadPriority Range ThreadPriorityType Class: ThreadStateType + Thing + ObjectType ThreadStateType Equivalents (1) • {threadStateIdle, threadStateRunning, threadStateSuspended, threadS tateResumed} Superclasses (1) • ObjectType Disjoints (5) AccessRightType, FileType, RightType, SystemUserType, ThreadPriorityT ype Disjoints (4) threadStateIdle, threadStateResumed, threadStateRunning, threadState Suspended Usage (5) • threadStateIdle: ThreadStateType • threadStateResumed: ThreadStateType • threadStateRunning: ThreadStateType
• threadStateSuspended: ThreadStateType • hasThreadState Range ThreadStateType Class: User + Thing + AditionalObject User Superclasses (1) • AditionalObject Disjoints (2) ACL, DACL Disjoints (3) userBMR, userBTE, userKID Usage (7) • userBMR: User • userBTE: User • userKID: User • hasNameValue Domain User • hasSystemRight Domain User • hasOwner Range User • hasUser Range User

Recommended

OS file systems
OS file systemsOS file systems
OS file systems
anand hd
 
CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System)
ghayour abbas
 
Operating System
Operating System Operating System
Operating System
FellowBuddy.com
 
Advanced Operating System- Introduction
Advanced Operating System- IntroductionAdvanced Operating System- Introduction
Advanced Operating System- Introduction
Debasis Das
 
SOLUTION MANUAL OF OPERATING SYSTEM CONCEPTS BY ABRAHAM SILBERSCHATZ, PETER B...
SOLUTION MANUAL OF OPERATING SYSTEM CONCEPTS BY ABRAHAM SILBERSCHATZ, PETER B...SOLUTION MANUAL OF OPERATING SYSTEM CONCEPTS BY ABRAHAM SILBERSCHATZ, PETER B...
SOLUTION MANUAL OF OPERATING SYSTEM CONCEPTS BY ABRAHAM SILBERSCHATZ, PETER B...
vtunotesbysree
 
Operating system
Operating systemOperating system
Operating system
Kinza Razzaq
 
Load module kernel
Load module kernelLoad module kernel
Load module kernel
Abu Azzam
 
Embedded multiple choice questions
Embedded multiple choice questionsEmbedded multiple choice questions
Embedded multiple choice questions
praveen kumar reddy Kavalakuntla
 

Recommended

OS file systems
OS file systemsOS file systems
OS file systems
anand hd
 
CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System)
ghayour abbas
 
Operating System
Operating System Operating System
Operating System
FellowBuddy.com
 
Advanced Operating System- Introduction
Advanced Operating System- IntroductionAdvanced Operating System- Introduction
Advanced Operating System- Introduction
Debasis Das
 
SOLUTION MANUAL OF OPERATING SYSTEM CONCEPTS BY ABRAHAM SILBERSCHATZ, PETER B...
SOLUTION MANUAL OF OPERATING SYSTEM CONCEPTS BY ABRAHAM SILBERSCHATZ, PETER B...SOLUTION MANUAL OF OPERATING SYSTEM CONCEPTS BY ABRAHAM SILBERSCHATZ, PETER B...
SOLUTION MANUAL OF OPERATING SYSTEM CONCEPTS BY ABRAHAM SILBERSCHATZ, PETER B...
vtunotesbysree
 
Operating system
Operating systemOperating system
Operating system
Kinza Razzaq
 
Load module kernel
Load module kernelLoad module kernel
Load module kernel
Abu Azzam
 
Embedded multiple choice questions
Embedded multiple choice questionsEmbedded multiple choice questions
Embedded multiple choice questions
praveen kumar reddy Kavalakuntla
 
Os structure
Os structureOs structure
Os structureShehrevar Davierwala
 
OSCh18
OSCh18OSCh18
OSCh18Joe Christensen
 
Operating Systems & Utility Programs
Operating Systems & Utility ProgramsOperating Systems & Utility Programs
Operating Systems & Utility Programs
university of education,Lahore
 
Operating system by aman kr kushwaha
Operating system by aman kr kushwahaOperating system by aman kr kushwaha
Operating system by aman kr kushwaha
AMAN KUMAR KUSHWAHA
 
Process management in os
Process management in osProcess management in os
Process management in osSumant Diwakar
 
Chapter 22 - Windows XP
Chapter 22 - Windows XPChapter 22 - Windows XP
Chapter 22 - Windows XP
Wayne Jones Jnr
 
CS9222 Advanced Operating System
CS9222 Advanced Operating SystemCS9222 Advanced Operating System
CS9222 Advanced Operating System
Kathirvel Ayyaswamy
 
Operating system
Operating systemOperating system
Operating system
Mark Muhama
 
Process creation and termination In Operating System
Process creation and termination In Operating SystemProcess creation and termination In Operating System
Process creation and termination In Operating System
Farhan Aslam
 
Understanding Basics of OS
Understanding Basics of OSUnderstanding Basics of OS
Understanding Basics of OS
E.M.G.yadava womens college
 
Operating system
Operating systemOperating system
Operating system
marar hina
 
Operating system concepts ninth edition (2012), chapter 2 solution e1
Operating system concepts ninth edition (2012), chapter 2 solution e1Operating system concepts ninth edition (2012), chapter 2 solution e1
Operating system concepts ninth edition (2012), chapter 2 solution e1
Navid Daneshvaran
 
Unit 1 architecture of distributed systems
Unit 1 architecture of distributed systemsUnit 1 architecture of distributed systems
Unit 1 architecture of distributed systemskaran2190
 
Types of operating system
Types of operating systemTypes of operating system
Types of operating system
Mohammad Alam
 
CS9222 ADVANCED OPERATING SYSTEMS
CS9222 ADVANCED OPERATING SYSTEMSCS9222 ADVANCED OPERATING SYSTEMS
CS9222 ADVANCED OPERATING SYSTEMS
Kathirvel Ayyaswamy
 
My ppt @ bec doms on process management
My ppt @ bec doms on process managementMy ppt @ bec doms on process management
My ppt @ bec doms on process management
Babasab Patil
 
Final jaypaper linux
Final jaypaper linuxFinal jaypaper linux
Final jaypaper linux
jaya380
 
Final Project IEEE format
Final Project IEEE formatFinal Project IEEE format
Final Project IEEE formatFaizan Ahmed
 
Operating System
Operating SystemOperating System
Operating System
Govt. P.G. College Dharamshala
 
Mba i-ifm-u-3 operating systems
Mba i-ifm-u-3 operating systemsMba i-ifm-u-3 operating systems
Mba i-ifm-u-3 operating systems
Rai University
 
UNIT II.pptx
UNIT II.pptxUNIT II.pptx
UNIT II.pptx
YogapriyaJ1
 
Operating Systems R20 Unit 1.pptx
Operating Systems R20 Unit 1.pptxOperating Systems R20 Unit 1.pptx
Operating Systems R20 Unit 1.pptx
Prudhvi668506
 

More Related Content

What's hot

Operating Systems & Utility Programs
Operating Systems & Utility ProgramsOperating Systems & Utility Programs
Operating Systems & Utility Programs
university of education,Lahore
 
Operating system by aman kr kushwaha
Operating system by aman kr kushwahaOperating system by aman kr kushwaha
Operating system by aman kr kushwaha
AMAN KUMAR KUSHWAHA
 
Process management in os
Process management in osProcess management in os
Process management in osSumant Diwakar
 
Chapter 22 - Windows XP
Chapter 22 - Windows XPChapter 22 - Windows XP
Chapter 22 - Windows XP
Wayne Jones Jnr
 
CS9222 Advanced Operating System
CS9222 Advanced Operating SystemCS9222 Advanced Operating System
CS9222 Advanced Operating System
Kathirvel Ayyaswamy
 
Operating system
Operating systemOperating system
Operating system
Mark Muhama
 
Process creation and termination In Operating System
Process creation and termination In Operating SystemProcess creation and termination In Operating System
Process creation and termination In Operating System
Farhan Aslam
 
Understanding Basics of OS
Understanding Basics of OSUnderstanding Basics of OS
Understanding Basics of OS
E.M.G.yadava womens college
 
Operating system
Operating systemOperating system
Operating system
marar hina
 
Operating system concepts ninth edition (2012), chapter 2 solution e1
Operating system concepts ninth edition (2012), chapter 2 solution e1Operating system concepts ninth edition (2012), chapter 2 solution e1
Operating system concepts ninth edition (2012), chapter 2 solution e1
Navid Daneshvaran
 
Unit 1 architecture of distributed systems
Unit 1 architecture of distributed systemsUnit 1 architecture of distributed systems
Unit 1 architecture of distributed systemskaran2190
 
Types of operating system
Types of operating systemTypes of operating system
Types of operating system
Mohammad Alam
 
CS9222 ADVANCED OPERATING SYSTEMS
CS9222 ADVANCED OPERATING SYSTEMSCS9222 ADVANCED OPERATING SYSTEMS
CS9222 ADVANCED OPERATING SYSTEMS
Kathirvel Ayyaswamy
 
My ppt @ bec doms on process management
My ppt @ bec doms on process managementMy ppt @ bec doms on process management
My ppt @ bec doms on process management
Babasab Patil
 
Final jaypaper linux
Final jaypaper linuxFinal jaypaper linux
Final jaypaper linux
jaya380
 
Final Project IEEE format
Final Project IEEE formatFinal Project IEEE format
Final Project IEEE formatFaizan Ahmed
 
Operating System
Operating SystemOperating System
Operating System
Govt. P.G. College Dharamshala
 
Mba i-ifm-u-3 operating systems
Mba i-ifm-u-3 operating systemsMba i-ifm-u-3 operating systems
Mba i-ifm-u-3 operating systems
Rai University
 

What's hot (20)

Os structure
Os structureOs structure
Os structure
 
OSCh18
OSCh18OSCh18
OSCh18
 
Operating Systems & Utility Programs
Operating Systems & Utility ProgramsOperating Systems & Utility Programs
Operating Systems & Utility Programs
 
Operating system by aman kr kushwaha
Operating system by aman kr kushwahaOperating system by aman kr kushwaha
Operating system by aman kr kushwaha
 
Process management in os
Process management in osProcess management in os
Process management in os
 
Chapter 22 - Windows XP
Chapter 22 - Windows XPChapter 22 - Windows XP
Chapter 22 - Windows XP
 
CS9222 Advanced Operating System
CS9222 Advanced Operating SystemCS9222 Advanced Operating System
CS9222 Advanced Operating System
 
Operating system
Operating systemOperating system
Operating system
 
Process creation and termination In Operating System
Process creation and termination In Operating SystemProcess creation and termination In Operating System
Process creation and termination In Operating System
 
Understanding Basics of OS
Understanding Basics of OSUnderstanding Basics of OS
Understanding Basics of OS
 
Operating system
Operating systemOperating system
Operating system
 
Operating system concepts ninth edition (2012), chapter 2 solution e1
Operating system concepts ninth edition (2012), chapter 2 solution e1Operating system concepts ninth edition (2012), chapter 2 solution e1
Operating system concepts ninth edition (2012), chapter 2 solution e1
 
Unit 1 architecture of distributed systems
Unit 1 architecture of distributed systemsUnit 1 architecture of distributed systems
Unit 1 architecture of distributed systems
 
Types of operating system
Types of operating systemTypes of operating system
Types of operating system
 
CS9222 ADVANCED OPERATING SYSTEMS
CS9222 ADVANCED OPERATING SYSTEMSCS9222 ADVANCED OPERATING SYSTEMS
CS9222 ADVANCED OPERATING SYSTEMS
 
My ppt @ bec doms on process management
My ppt @ bec doms on process managementMy ppt @ bec doms on process management
My ppt @ bec doms on process management
 
Final jaypaper linux
Final jaypaper linuxFinal jaypaper linux
Final jaypaper linux
 
Final Project IEEE format
Final Project IEEE formatFinal Project IEEE format
Final Project IEEE format
 
Operating System
Operating SystemOperating System
Operating System
 
Mba i-ifm-u-3 operating systems
Mba i-ifm-u-3 operating systemsMba i-ifm-u-3 operating systems
Mba i-ifm-u-3 operating systems
 

Similar to Osonto documentatie

UNIT II.pptx
UNIT II.pptxUNIT II.pptx
UNIT II.pptx
YogapriyaJ1
 
Operating Systems R20 Unit 1.pptx
Operating Systems R20 Unit 1.pptxOperating Systems R20 Unit 1.pptx
Operating Systems R20 Unit 1.pptx
Prudhvi668506
 
Chapter 1 Introduction to Operating System Concepts
Chapter 1 Introduction to Operating System ConceptsChapter 1 Introduction to Operating System Concepts
Chapter 1 Introduction to Operating System Concepts
MeenalJabde
 
Bedtime Stories on Operating Systems.pdf
Bedtime Stories on Operating Systems.pdfBedtime Stories on Operating Systems.pdf
Bedtime Stories on Operating Systems.pdf
AyushBaiswar1
 
Os
OsOs
Os
Junicel Estomo
 
Operating system
Operating systemOperating system
Operating system
sweetysweety8
 
Operating system notes pdf
Operating system notes pdfOperating system notes pdf
Operating system notes pdf
Jasleen Kaur (Chandigarh University)
 
ch3 - operating system structures.ppt
ch3 - operating system structures.pptch3 - operating system structures.ppt
ch3 - operating system structures.ppt
divyang32
 
OpeatingSystemPPT
OpeatingSystemPPTOpeatingSystemPPT
OpeatingSystemPPT
DrPrabakaranPerumal
 
Os lecture 6
Os lecture 6Os lecture 6
Os lecture 6
Dr. Ahmed J. Obaid
 
Unit 1 q&a
Unit 1 q&aUnit 1 q&a
Unit 1 q&a
Dr.M.Karthika parthasarathy
 
L-3 BCE OS FINAL.ppt
L-3 BCE OS FINAL.pptL-3 BCE OS FINAL.ppt
L-3 BCE OS FINAL.ppt
Kirti Verma
 
e.pdf
e.pdfe.pdf
e.pdf
ay3539355
 
Operating System
Operating SystemOperating System
Operating System
Subhasis Dash
 
R20CSE2202-OPERATING-SYSTEMS .pdf
R20CSE2202-OPERATING-SYSTEMS .pdfR20CSE2202-OPERATING-SYSTEMS .pdf
R20CSE2202-OPERATING-SYSTEMS .pdf
cVan3
 
chapter 3 opreating system lecture note and its is impaortamt concept for mn
chapter 3 opreating system lecture note and its is impaortamt concept for mnchapter 3 opreating system lecture note and its is impaortamt concept for mn
chapter 3 opreating system lecture note and its is impaortamt concept for mn
dejenehundaol91
 
Ch3 OS
Ch3 OSCh3 OS
Ch3 OSC.U
 

Similar to Osonto documentatie (20)

UNIT II.pptx
UNIT II.pptxUNIT II.pptx
UNIT II.pptx
 
Operating Systems R20 Unit 1.pptx
Operating Systems R20 Unit 1.pptxOperating Systems R20 Unit 1.pptx
Operating Systems R20 Unit 1.pptx
 
Chapter 1 Introduction to Operating System Concepts
Chapter 1 Introduction to Operating System ConceptsChapter 1 Introduction to Operating System Concepts
Chapter 1 Introduction to Operating System Concepts
 
Bedtime Stories on Operating Systems.pdf
Bedtime Stories on Operating Systems.pdfBedtime Stories on Operating Systems.pdf
Bedtime Stories on Operating Systems.pdf
 
Os
OsOs
Os
 
Os
OsOs
Os
 
Operating system
Operating systemOperating system
Operating system
 
Operating system notes pdf
Operating system notes pdfOperating system notes pdf
Operating system notes pdf
 
Ch3
Ch3Ch3
Ch3
 
ch3 - operating system structures.ppt
ch3 - operating system structures.pptch3 - operating system structures.ppt
ch3 - operating system structures.ppt
 
OpeatingSystemPPT
OpeatingSystemPPTOpeatingSystemPPT
OpeatingSystemPPT
 
Os lecture 6
Os lecture 6Os lecture 6
Os lecture 6
 
Operating system
Operating systemOperating system
Operating system
 
Unit 1 q&a
Unit 1 q&aUnit 1 q&a
Unit 1 q&a
 
L-3 BCE OS FINAL.ppt
L-3 BCE OS FINAL.pptL-3 BCE OS FINAL.ppt
L-3 BCE OS FINAL.ppt
 
e.pdf
e.pdfe.pdf
e.pdf
 
Operating System
Operating SystemOperating System
Operating System
 
R20CSE2202-OPERATING-SYSTEMS .pdf
R20CSE2202-OPERATING-SYSTEMS .pdfR20CSE2202-OPERATING-SYSTEMS .pdf
R20CSE2202-OPERATING-SYSTEMS .pdf
 
chapter 3 opreating system lecture note and its is impaortamt concept for mn
chapter 3 opreating system lecture note and its is impaortamt concept for mnchapter 3 opreating system lecture note and its is impaortamt concept for mn
chapter 3 opreating system lecture note and its is impaortamt concept for mn
 
Ch3 OS
Ch3 OSCh3 OS
Ch3 OS
 

Osonto documentatie

  • 1. OSOnto Razvan Benchea, Catalin Lita BogdanTimofte Abstract. The operating system has always been one of the most important part of the software that runs on a computer. As technology becomes more and more advanced so does the software. In this paper we present an ontology of a general operating system. This ontology may be used as a guide line for security software that wants to create a snapshot of an operating system in order to detect intrusion detection. Keywords: operating system, ontology, security 1 Introduction 1.1 Motivation In the last years more and more devices have been created that use an operating system already available on the market. Even though the devices have become more and more complex, the basic architecture of an operating system remains the same. Mainly this is because the architecture of a device is still based on a Turing Machine. In the last few years we also witnessed a great increase in the number of malware. Because of the great number of malware that appear every day, most of the security products can no longer analyze every malware so they are searching for an automated way of detecting it. By giving a logical description of every part of an operating system, one can use it to create a snapshot of a running machine and compare it to a original one. By comparing the differences one can detected, based on additional heuristics, if the system has been compromised. 2 Organizational structure 2.1 An operating system’s basic description is given in the following section presenting requirements that need to be fulfilled. Then, as components are identified,
  • 2. more detail is presented about each concept modeled in the ontology. Short descriptions and graphs showing the ontology are also presented. Conclusions and future work are described in the last section. Annex 1 contains a list of classes and properties with a brief. The main classes that make the operating system are SystemObject, Resource, ObjectType and AdditionalObject. The SystemObject will contain every object that we consider fundamental. A resource refers to a piece of hardware controlled by an operating system. This part is responsible for maintaining a list of available resource for every piece of hardware that makes an operating system(ex: used memory, total memory, free memory). The class ObjectType contains individuals that describe every object and state in the ontology. AdditionalObject contain objects that are not general for an operating system. These object may be used or not. We described here the users and some security specifications.
  • 3. 2.2 Resources The superscript numeral used to refer to a footnote appears in the text either directly after the word to be discussed or – in relation to a phrase or a sentence – following the punctuation mark (comma, semicolon, or period). Footnotes should appear at the bottom of the normal text area, with a line of about 5cm set immediately above them 1 The central processing unit (CPU) is the portion of a computer system that carries out the instructions of a computer program, and is the primary element carrying out the computer's functions. The central processing unit carries out each instruction of the program in sequence, to perform the basic arithmetical, logical, and input/output operations of the system. This term has been in use in the computer industry at least since the early 1960s.[1] The form, design and implementation of CPUs have changed dramatically since the earliest examples, but their fundamental operation remains much the same. The fundamental operation of most CPUs, regardless of the physical form they take, is to execute a sequence of stored instructions called a program. The program is represented by a series of numbers that are kept in some kind of computer memory. There are four steps that nearly all CPUs use in their operation: fetch, decode, execute, and writeback. The clock rate is the speed at which a microprocessor executes instructions. Every computer contains an internal clock that regulates the rate at which instructions are executed and synchronizes all the various computer components. The CPU requires a fixed number of clock ticks (or clock cycles) to execute each instruction. The faster the clock, the more instructions the CPU can execute per second. Another strategy of achieving performance is to execute multiple programs or threads in parallel. This area of research is known as parallel computing. In Flynn's taxonomy, this strategy is known as Multiple Instructions-Multiple Data or MIMD.. 2.3 Additional Objects We described here mainly Security Objects. If the ontology wishes to be extended this is where the new objects should be used. Currently there are described here the following Objects: ACL, DACL, USER. An access control list (ACL) is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject and an operation. For instance, if a file has an ACL that contains (Alice, delete), this would give Alice permission to delete the file. 1
  • 4. The ACL is technically a list of access control entries (ACE). Each ACE in an ACL identifies a trustee and specifies the access rights allowed, denied, or audited for that trustee. The security descriptor for a securable object can contain two types of ACLs: a DACL and a SACL. A discretionary access control list (DACL) identifies the trustees that are allowed or denied access to a securable object. When a process tries to access a securable object, the system checks the ACEs in the object's DACL to determine whether to grant access to it. If the object does not have a DACL, the system grants full access to everyone. If the object's DACL has no ACEs, the system denies all attempts to access the object because the DACL does not allow any access rights. The system checks the ACEs in sequence until it finds one or more ACEs that allow all the requested access rights, or until any of the requested access rights are denied. For more information, see How DACLs Control Access to an Object. A user account allows a user to authenticate to system services and be granted authorization to access them; however, authentication does not imply authorization. To log in to an account, a user is typically required to authenticate oneself with a password or other credentials for the purposes of accounting, security, logging, and resource management.Once the user has logged on, the operating system will often use an identifier such as an integer to refer to them, rather than their username, through a process known as identity correlation 2.4 System Objects Files: A computer file is a block of arbitrary information, or resource for storing information, which is available to a computer program and is usually based on some kind of durable storage. A file is durable in the sense that it remains available for programs to use after the current program has finished. Computer files can be considered as the modern
  • 5. counterpart of paper documents which traditionally are kept in offices' and libraries' files, and this is the source of the term. Processes. A key abstraction utilized in the design of an operating system is the notion of process. A process is a program in execution. The status of a process includes: - the code that is executing - the values of its variables - the contents of the CPU registers, especially the program counter (PC) - the state of the process (running, ready, waiting, etc.) At any given time, the system kernel is managing a collection of processes. Some are user processes (shells, applications, etc.), some are system processes (print spooler, accounting process, etc.) An important kernel function is the management of processes. The kernel is responsible for creating, scheduling and deleting processes and often for inter-process communication.A thread of execution is the smallest unit of processing that can be scheduled by an operating system. It generally results from a fork of a computer program into two or more concurrently running tasks.Multiple threads can exist within the same process and share resources such as memory, while different processes do not share these resources. In particular, the threads of a process share the latter's instructions (its code) and its context (the values that its variables reference at any given moment). Threads differ from traditional multitasking operating system processes in that: processes are typically independent, while threads exist as subsets of a process processes carry considerable state information, whereas multiple threads within a process share state as well as memory and other resources processes have separate address spaces, whereas threads share their address space processes interact only through system-provided inter-process communication mechanisms. Context switching between threads in the same process is typically faster than context switching between processes.
  • 6. 2.5 Object Type In order to make the ontology as clear as possible we included the state of system objects in ObjectType. The Class object type describes every state that an object (system object or additional object) can be at one moment in time. It describes the state of processes, thread, files, user rights, priorities, etc: 4 Individuals In order to make the ontology as practical as we could we created some instances of the classes described above. In fact, we created the same individuals that will appear in a windows machine. We present you a screen-shot from Protégé 4.0 of the way individuals are organized. Due to the lack of space, we did not include here all the individuals. For example, we did not include processes, threads or file. These can be observed by opening the ontology
  • 7.
  • 8. 5 Conclusions An OS takes care for all input and output in a computer system. It manages users, processes, memory management, printing, telecommunication, networking etc. It sends data to a disk, the printer, the screen and other peripherals connected to the computer. And because every machine is build different, commands for in or output will have to be treated differently too. In almost all cases an Operating System is not one large big behemoth but consists of many small system programs governed by the core or kernel of the OS. Because of the compactness of these small supporting programs it is easier to rewrite parts or packages of the OS than to redesign an entire program. In general programmers only have to make a "call" to the system to make
  • 9. things happen. This not only makes their live less miserable but the production time becomes shorter. As well as that programs can run on different types of machines with the same family of CPU's without changing anything in the program. This is what makes a standard Operating System so important. In fact any form of standardization is important for production and compatibility. In our ontology we tried to create an operating system as general as possible that can be used for many aspects. We presented the class Additional Objects as an way to extend this ontology and we gave an example by using security objects.
  • 10. ANNEX 1 Class: AccessRightType • + Thing o + ObjectType  AccessRightType Equivalents (1) • {Deny, Alow} Superclasses (1) • ObjectType Disjoints (5) FileType, RightType, SystemUserType, ThreadPriorityType, ThreadStateT ype Disjoints (2) Alow, Deny Usage (3) • Alow: AccessRightType • Deny: AccessRightType • hasType Range AccessRightType Class: ACL + Thing + AditionalObject  ACL Superclasses (1) • AditionalObject Disjoints (2) DACL, User Disjoints (4) aclAlowBMR, aclAlowBTE, aclAlowKID, aclDenyBMR Usage (8) • aclAlowBMR: ACL • aclAlowBTE: ACL • aclAlowKID: ACL
  • 11. aclDenyBMR: ACL • hasRight Domain ACL • hasType Domain ACL • hasUser Domain ACL • hasACL Range ACL Class: AditionalObject + Thing + AditionalObject  ACL  DACL  User Superclasses (1) Thing Disjoints (3) ObjectType, Resource, SystemObject Class: AttributeType + Thing o + ObjectType  AttributeType Equivalents (1) {AttributeExecute, AttributeWrite, AttributeArchive, AttributeHidden, At tributeRead, AttributeSystem} Superclasses (1) ObjectType Disjoints (6) AttributeArchive, AttributeExecute, AttributeHidden, AttributeRead, Attrib uteSystem, AttributeWrite Usage (7) • AttributeArchive: AttributeType • AttributeExecute: AttributeType • AttributeHidden: AttributeType • AttributeRead: AttributeType • AttributeSystem: AttributeType • AttributeWrite: AttributeType • hasFileAttribute Range AttributeType
  • 12. Class: CPU + Thing + Resource  CPU Superclasses (1) Resource Disjoints (2) HDD, Memory Disjoints (1) primaryCPU Usage (5) • primaryCPU: CPU • hasFreeComputingPowerValue Domain CPU • hasTotalComputingPowerValue Domain CPU • hasUsedComputingPowerValue Domain CPU • hasRunningThreadID Domain CPU Class: DACL + Thing + AditionalObject  DACL Superclasses (1) AditionalObject Disjoints (2) ACL, User Disjoints (2) DACL_allow_BTE_KID_deny_BMR, DACL_alow_BMR_BTE_KID Usage (4) • DACL_allow_BTE_KID_deny_BMR: DACL • DACL_alow_BMR_BTE_KID: DACL • hasACL Domain DACL • hasDacl Range DACL Class: File + Thing + SystemObject File
  • 13. Superclasses (1) SystemObject Disjoints (2) Process, Thread Disjoints (64) file_aaclient.dll, file_acaptuser64.dll, file_accessibilitycpl.dll, file_ACCTRE S.dll, file_acledit.dll, file_aclui.dll, file_acppage.dll, file_acproxy.dll,file_Acti onCenter.dll, file_ActionCenterCPL.dll, file_ActionQueue.dll, file_activeds.dll , file_actxprxy.dll, file_AdapterTroubleshooter.exe,file_admparse.dll, file_Ad mTmpl.dll, file_AdobePDF.dll, file_AdobePDFUI.dll, file_adprovider.dll, file_a dsldp.dll, file_adsldpc.dll,file_adsmsext.dll, file_adsnt.dll, file_adtschema.dll , file_advapi32.dll, file_advpack.dll, file_aecache.dll, file_aeevts.dll, file_aei nv.dll,file_aelupsvc.dll, file_aepdu.dll, file_aepic.dll, file_aitagent.exe, file_a lg.exe, file_AltTab.dll, file_amstream.dll, file_amxread.dll,file_apds.dll, file_ api-ms-win-core-io-l1-1-0.dll, file_api-ms-win-core-ums-l1-1-0.dll, file_apil ogen.dll, file_apircl.dll, file_apisetschema.dll,file_apphelp.dll, file_Apphlpdm .dll, file_appidapi.dll, file_appidcertstorecheck.exe, file_appidpolicyconverte r.exe,file_AppIdPolicyEngineApi.dll, file_appidsvc.dll, file_calc.exe, file_csrs s.exe, file_explorer.exe, file_firefox.exe, file_kernel32.dll,file_lsass.exe, file _notepad.exe, file_ntdll.dll, file_services.exe, file_smss.exe, file_solitaire.ex e, file_spoolsv.exe, file_svchost.exe,file_winlogon.exe Usage (70) • file_aaclient.dll: File • file_acaptuser64.dll: File • file_accessibilitycpl.dll: File • file_ACCTRES.dll: File • file_acledit.dll: File • file_aclui.dll: File • file_acppage.dll: File • file_acproxy.dll: File • file_ActionCenter.dll: File • file_ActionCenterCPL.dll: File • file_ActionQueue.dll: File • file_activeds.dll: File • file_actxprxy.dll: File • file_AdapterTroubleshooter.exe: File • file_admparse.dll: File • file_AdmTmpl.dll: File • file_AdobePDF.dll: File • file_AdobePDFUI.dll: File • file_adprovider.dll: File
  • 14. file_adsldp.dll: File • file_adsldpc.dll: File • file_adsmsext.dll: File • file_adsnt.dll: File • file_adtschema.dll: File • file_advapi32.dll: File • file_advpack.dll: File • file_aecache.dll: File • file_aeevts.dll: File • file_aeinv.dll: File • file_aelupsvc.dll: File • file_aepdu.dll: File • file_aepic.dll: File • file_aitagent.exe: File • file_alg.exe: File • file_AltTab.dll: File • file_amstream.dll: File • file_amxread.dll: File • file_apds.dll: File • file_api-ms-win-core-io-l1-1-0.dll: File • file_api-ms-win-core-ums-l1-1-0.dll: File • file_apilogen.dll: File • file_apircl.dll: File • file_apisetschema.dll: File • file_apphelp.dll: File • file_Apphlpdm.dll: File • file_appidapi.dll: File • file_appidcertstorecheck.exe: File • file_appidpolicyconverter.exe: File • file_AppIdPolicyEngineApi.dll: File • file_appidsvc.dll: File • file_calc.exe: File • file_csrss.exe: File • file_explorer.exe: File • file_firefox.exe: File • file_kernel32.dll: File • file_lsass.exe: File • file_notepad.exe: File • file_ntdll.dll: File
  • 15. file_services.exe: File • file_smss.exe: File • file_solitaire.exe: File • file_spoolsv.exe: File • file_svchost.exe: File • file_winlogon.exe: File • hasFileAddressValue Domain File • hasFileName Domain File • hasFileSizeValue Domain File • hasFileAttribute Domain File • hasFileType Domain File • hasOpenFile Range File Class: FileType + Thing + ObjectType  FileType Equivalents (1) {Folder, SystemFile, Document, Executable} Superclasses (1) ObjectType Disjoints (5) AccessRightType, RightType, SystemUserType, ThreadPriorityType, Thre adStateType Disjoints (4) Document, Executable, Folder, SystemFile Usage (5) • Document: FileType • Executable: FileType • Folder: FileType • SystemFile: FileType • hasFileType Range FileType Class: HDD + Thing + Resource HDD Superclasses (1)
  • 16. Resource Disjoints (2) CPU, Memory Disjoints (1) primaryHDD Usage (4) • primaryHDD: HDD • hasFreeSpaceValue Domain HDD • hasTotalSpaceValue Domain HDD • hasUsedSpaceValue Domain HDD Class: Memory + Thing + Resource Memory Superclasses (1) • Resource Disjoints (2) CPU, HDD Disjoints (1) primaryMemory Usage (4) • primaryMemory: Memory • hasFreeMemoryValue Domain Memory • hasTotalMemoryValue Domain Memory • hasUsedMemoryValue Domain Memory Class: ObjectType + Thing + ObjectType AccessRightType AttributeType FileType 4 more... Superclasses (1) • Thing Disjoints (3)
  • 17. AditionalObject, Resource, SystemObject Class: Process + Thing + SystemObject Process Superclasses (1) SystemObject Disjoints (2) File, Thread Disjoints (14) alg.exe, calc.exe, csrss.exe, explorer.exe, firefox.exe, lsass.exe, notepad .exe, services.exe, smss.exe, solitaire.exe, spoolsv.exe,svchost.exe, syste m.exe, winlogon.exe Usage (22) • alg.exe: Process • calc.exe: Process • csrss.exe: Process • explorer.exe: Process • firefox.exe: Process • lsass.exe: Process • notepad.exe: Process • services.exe: Process • smss.exe: Process • solitaire.exe: Process • spoolsv.exe: Process • svchost.exe: Process • system.exe: Process • winlogon.exe: Process • hasCPUUsageValue Domain Process • hasMemoryUsageValue Domain Process • hasProcessIDValue Domain Process • hasOpenFile Domain Process • hasParent Domain Process • hasThread Domain Process • hasParent Range Process • isFromProcess Range Process Class: Resource
  • 18. + Thing + Resource CPU HDD Memory Superclasses (1) • Thing Disjoints (3) AditionalObject, ObjectType, SystemObject Class: RightType + Thing + ObjectType RightType Equivalents (1) • {RightExecute, RightRead, RightWrite} Superclasses (1) • ObjectType Disjoints (5) AccessRightType, FileType, SystemUserType, ThreadPriorityType, Thread StateType Disjoints (3) RightExecute, RightRead, RightWrite Usage (4) • RightExecute: RightType • RightRead: RightType • RightWrite: RightType • hasRight Range RightType Class: SystemObject + Thing + SystemObject File Process
  • 19. Thread Superclasses (1) • Thing Disjoints (3) AditionalObject, ObjectType, Resource Usage (2) • hasDacl Domain SystemObject • hasOwner Domain SystemObject Class: SystemUserType + Thing + ObjectType SystemUserType Equivalents (1) • {userTypeNormal, userTypeAdministrator, userTypeGuest} Superclasses (1) • ObjectType Disjoints (5) AccessRightType, FileType, RightType, ThreadPriorityType, ThreadStateT ype Disjoints (3) userTypeAdministrator, userTypeGuest, userTypeNormal Usage (4) • userTypeAdministrator: SystemUserType • userTypeGuest: SystemUserType • userTypeNormal: SystemUserType • hasSystemRight Range SystemUserType Class: Thread + Thing + SystemObject Thread Superclasses (1) • SystemObject Disjoints (2) File, Process
  • 20. Disjoints (25) threadId1000, threadId1004, threadId1008, threadId1012, threadId101 6, threadId1020, threadId1024, threadId1028, threadId1032,threadId1036 , threadId1040, threadId1044, threadId1048, threadId1052, threadId1056, threadId1060, threadId1064, threadId1068,threadId1072, threadId1076, t hreadId1080, threadId1084, threadId1088, threadId1092, threadId1096 Usage (31) • threadId1000: Thread • threadId1004: Thread • threadId1008: Thread • threadId1012: Thread • threadId1016: Thread • threadId1020: Thread • threadId1024: Thread • threadId1028: Thread • threadId1032: Thread • threadId1036: Thread • threadId1040: Thread • threadId1044: Thread • threadId1048: Thread • threadId1052: Thread • threadId1056: Thread • threadId1060: Thread • threadId1064: Thread • threadId1068: Thread • threadId1072: Thread • threadId1076: Thread • threadId1080: Thread • threadId1084: Thread • threadId1088: Thread • threadId1092: Thread • threadId1096: Thread • hasThreadIDValue Domain Thread • hasThreadPriority Domain Thread • hasThreadState Domain Thread • isFromProcess Domain Thread • hasRunningThreadID Range Thread • hasThread Range Thread Class: ThreadPriorityType
  • 21. + Thing + ObjectType ThreadPriorityType Equivalents (1) • {Low, Medium, High} Superclasses (1) • ObjectType Disjoints (5) AccessRightType, FileType, RightType, SystemUserType, ThreadStateTyp e Disjoints (3) High, Low, Medium Usage (4) • High: ThreadPriorityType • Low: ThreadPriorityType • Medium: ThreadPriorityType • hasThreadPriority Range ThreadPriorityType Class: ThreadStateType + Thing + ObjectType ThreadStateType Equivalents (1) • {threadStateIdle, threadStateRunning, threadStateSuspended, threadS tateResumed} Superclasses (1) • ObjectType Disjoints (5) AccessRightType, FileType, RightType, SystemUserType, ThreadPriorityT ype Disjoints (4) threadStateIdle, threadStateResumed, threadStateRunning, threadState Suspended Usage (5) • threadStateIdle: ThreadStateType • threadStateResumed: ThreadStateType • threadStateRunning: ThreadStateType
  • 22. threadStateSuspended: ThreadStateType • hasThreadState Range ThreadStateType Class: User + Thing + AditionalObject User Superclasses (1) • AditionalObject Disjoints (2) ACL, DACL Disjoints (3) userBMR, userBTE, userKID Usage (7) • userBMR: User • userBTE: User • userKID: User • hasNameValue Domain User • hasSystemRight Domain User • hasOwner Range User • hasUser Range User