@@ -344,21 +344,19 @@ Out of scope use cases and environments include those explicitly carved out by t
## 4.3 Product overview and architecture
> NOTE: Below is the technical definition as of August 2025 draft.
Operating systems include software products with digital elements that provide an abstract interface of the underlying hardware and control the execution of software, and that may provide services such as computing resource management and configuration, scheduling, input-output control, managing data, and providing an interface through which applications interact with system resources and peripherals.
This category includes but is not limited to real-time operating systems, general-purpose and special-purpose operating systems.
Visualization of the architecture overview:
An operating system abstracts the hardware and provides services to itself and any other software on the system. It often serves as a central organizing authority that controls access to system resources, dividing up available resources among the applications and its own subsystems to meet implicit or explicit goals or constraints. An operating system often uses a large part of the resources of the system it runs on, but in return it simplifies the development and deployment of the overall system.
An operating system abstracts the hardware and provides services to other software on the system with the overall purpose of making the development and execution of software simpler, more convenient, and more secure. While in most cases the operating system mediates access to the hardware, in some use cases software outside of the operating system directly accesses hardware.
Operating system architecture is quite varied, depending on factors such as the intended use case, the underlying platform, and the design philosophy of the developers. This overview will focus on the elements of operating system architecture that have a significant impact on the security functions and risk mitigations of an operating system.
To oversimplify, the security of an operating system depends on appropriately controlling the instructions to be executed on processors. Instruction flow is dependent on the text of the executable, any data it accesses, and the effects of hardware devices that have the ability to change either data or which instructions are being executed. For example, a network interface adapter can write to system memory, and a USB controller can raise an interrupt which can cause the interrupt controller to force the CPU to switch to executing interrupt handling code.
> FIXME finish this section
> FIXME Detailed OS architecture description in progress, temporarily located in Annex E
> NOTE: More notes on OS architecture temporarily located in Annex E
