ACCESS Control Model under NT / 2000 / XP platform
By Leezy_2000 2003-7-16 15:59
(-)
In view of the development procedures under the NT class operating system, it is possible to make the registry, read and write files, and control services, and to make such programs can be used correctly under different accounts, you need to understand the storage control of the NT class operating system. Model, so I wrote this article. This article involves most of the instructions in MSDN, and the small part of the content comes from personal experience. I also hope that the ax is right.
Basic concepts and abbreviations:
SID (Security Identifier): Used to uniquely identify the beam of the user or group
Access token: Storage token contains security information for each login account. Whenever the user logs in to the system, the system creates an Access Token, and the process performed by this user has a copy of this Access Token. The content contained in Access token has
l User SID
l Group SIDS
l Privilege Information
l Other access information
ACE (Access Control Entry): Contains a series of stored privileges and who have this permission.
ACL (Access Control List): An ACE linked list for explaining that a security object can be operated by what kind of permissions.
DACL (Discretionary Access Control List): ACL controlled by the owner of the secure object (ie, the founder).
Trustee: a trustee is The User Account, Group Account, or Logon Session To Which An Access Control Entry (ACE) Applies
Using these concepts, let's take a look at the security objects to follow these steps. (see picture 1)
This process is this, the system compares the thread's Access Token Trustee with each ACL Trustee in DACL until a certain condition:
l A ACE clearly indicates that an action is invalid to this Access Token. For example, THREAD A access process.
l A ACE clearly shows that you can accept this ACCESS TOKEN. For example, Thread B requires WRITE, Read or Execute operations.
l All ACE has been checked, but there is still one or more permissions are not allowed. At this time, IMPLICITLY DENIED.
In addition, if the ACE has a different order in DACL, there may be a completely different result for an access token. For example, the ACE 2 is in front of the ACE 1, Thread A will be able to write this object.
(Figure 1 from MSDN)
Attached 1:
Some important indicators about C2-Level Security
l Must be able to control access to resources by manipulating permissions of individual users or user groups.
l The memory needs to be protected, and the memory released by a process cannot be read by another process. The same file system also guarantees that the deleted file cannot be read.
l Users to identify themselves in the unique way, All Auditable Actions Must Identify The User Performing The Action
l System administrators should be able to check security events. However, the access authority of the security event is set by Authorized Administrators.