HostedDB - Dedicated UNIX Servers

nt-part2_12 Analysis of the Security of  Windows NT 1 March 1999 12 3.3  Executive The executive is the only part of the system that executes in kernel mode, and is divided into three levels. The lowest level is called HAL, which provides an abstract view of the underlying machine architecture. The motive for having this layer is to make the system (more) portable. FIGURE 1. NT system overview Above HAL is the microkernel. This is responsible for low-level support for execution, interrupts and exception handling, and synchronization [43]. The top-most layer in the executive consists of a number of components (modules) implementing basic OS services, such as: virtual memory management, object man- agement, process and thread management, I/O management, Interprocess Communica- tion   (IPC),   and   security   reference   monitoring.   Communication   between   these components works through a set of well defined functions in each component. ADMINISTRATOR TOOLS PROTECTED SERVERS WinLogon LSA SAM Session Manager Service Controller Win32 Print Spooler Event Logger Started By Service Controller User mode Kernel mode Security Reference Monitor Process Manager Executive Object Services LPC Facility VDM Control (x86 only) Object ManagerConfigu-ration Manager Memory Manager I/O Subsystem I/O Manager Cache Manager File Systems Device Drivers Microkernel Hardware Abstraction Layer HARDWARE EXECUTIVE Indicates Hardware Dependability Window Manager Graphics Device Interface Graphics Device Drivers