HostedDB - Dedicated UNIX Servers
nt-part2_11 Analysis of the Security of  Windows NT 1 March 1999 11 3. System Overview 3.1  Background The NT operating system (OS) was developed by Microsoft Inc. and was first released in 1992. It is expected to replace Windows 3.x. Unlike Windows 3.x, NT is a full- fledged 32-bit OS with support for: processes, multiple threads, symmetric multipro- cessing, distributed computing. NT is a single user system with support for multiple concurrent or parallel processes. Moreover, the system is designed to be able to exe- cute on a variety of hardware platforms, e.g. Intel 386 (or later), MIPS and Alpha AXP. It is mainly implemented in C with the exception of the software that communicate directly with the hardware. These software components are written in assembler. NT uses an object model to manage its resources. Therefore, the term object is used instead of resource. Microsoft claims that NT is designed to be a secure operating system, e.g. one of the goals is to meet the C2 evaluation criteria. A C2 system must implement dis- cretionary access control at user level, and it must provide mechanisms for tracking all accesses (or attempted access) to an individual object [19]. Another C2 level require- ment is elimination of residue exposure. The user interface (Win32) is designed to give the user the impression of working in the familiar Windows 3.x, but behind the facade Windows 3.x and NT are totally different. 3.2  System Architecture An OS can be designed in different ways. In one approach, common for small systems, such as MS-DOS, the OS consists of a set of procedures, which may call each other. This structure, often called a monolithic structure, has a number of shortcomings, e.g. a change in one procedure can result in an error in a seemingly unrelated part of the sys- tem [28]. Another design strategy is to divide the system into modules and layers. These systems are known as layered systems. Each module provides a set of functions that other mod- ules (on a higher level) can use. Systems designed in this way are more easily modified and tested [28], [3]. Moreover, it is possible to replace a layer. A third approach is known as the client/server model [28], [3]. In this model, the OS is divided into one or more processes. Each process is called a server. Such a process pro- vides a particular service, for example memory management. An executing application is called a client. A client can, by sending a message to a specific server, request a ser- vice. All messages in the system are sent via the microkernel, which is executing in kernel mode. If multiple servers exist, they all share a single microkernel. On the other hand, both clients and servers are executing in user mode. One advantage with the cli- ent/server structure is, that a server can fail, and perhaps be restarted, without influenc- ing the rest of the system. MACH [2] is constructed in this way. The structure of NT is a hybrid between the layered model and the client/server model, see Figure 1. NT uses the later to provide the user with multiple OS environments (Windows, MS-DOS, OS/2 and POSIX (Portable Operating System Interface based on uniX).