Download presentation
Presentation is loading. Please wait.
1
计算机系 信息处理实验室 Lecture 11 Security xlanchen@04/29/2005
2
计算机系 信息处理实验室 xlanchen@04/29/2005Understanding the Inside of Windows2000 2 Why security? Multi-user system must preventing unauthorized access Providing Security configuration mechanism Obvious security mechanisms Accounts/passwords/file protection Others mechanisms protecting OS from corruption preventing less privileged users from performing privileged actions not allowing user programs to adversely affect the programs of other users or OS
3
计算机系 信息处理实验室 xlanchen@04/29/2005Understanding the Inside of Windows2000 3 Contents Security Ratings Security System Components Protecting Objects Security Auditing Logon
4
计算机系 信息处理实验室 xlanchen@04/29/2005Understanding the Inside of Windows2000 4 Security Ratings TCSEC C2 security rating A secure logon facility Discretionary access control Security auditing Object reuse protection B-level security Trusted path functionality Trusted facility management
5
计算机系 信息处理实验室 xlanchen@04/29/2005Understanding the Inside of Windows2000 5 Security System Components
6
计算机系 信息处理实验室 xlanchen@04/29/2005Understanding the Inside of Windows2000 6 Lsass Local security authority subsystem
7
计算机系 信息处理实验室 xlanchen@04/29/2005Understanding the Inside of Windows2000 7 Protecting Objects the essence of discretionary access control and auditing The objects that can be protected on 2K include files, devices, mailslots, pipes (named and anonymous), jobs, processes, threads, events, mutexes, semaphores, shared memory sections, I/O completion ports, LPC ports, waitable timers, access tokens, window stations, desktops, network shares, services, registry keys, and printers
8
计算机系 信息处理实验室 xlanchen@04/29/2005Understanding the Inside of Windows2000 8 Access Checks
9
计算机系 信息处理实验室 xlanchen@04/29/2005Understanding the Inside of Windows2000 9 Security Identifiers
10
计算机系 信息处理实验室 xlanchen@04/29/2005Understanding the Inside of Windows2000 10 Tokens
11
计算机系 信息处理实验室 xlanchen@04/29/2005Understanding the Inside of Windows2000 11 Impersonation
12
计算机系 信息处理实验室 xlanchen@04/29/2005Understanding the Inside of Windows2000 12 Restricted Tokens
13
计算机系 信息处理实验室 xlanchen@04/29/2005Understanding the Inside of Windows2000 13 Security Descriptors & Access Control ACL Assignment Determining Access
14
计算机系 信息处理实验室 xlanchen@04/29/2005Understanding the Inside of Windows2000 14 Discretionary access-control list (DACL)
15
计算机系 信息处理实验室 xlanchen@04/29/2005Understanding the Inside of Windows2000 15 ACL Assignment
16
计算机系 信息处理实验室 xlanchen@04/29/2005Understanding the Inside of Windows2000 16 Determining Access
17
计算机系 信息处理实验室 xlanchen@04/29/2005Understanding the Inside of Windows2000 17 Access validation example
18
计算机系 信息处理实验室 xlanchen@04/29/2005Understanding the Inside of Windows2000 18 Security Auditing Flow of security audit records
19
计算机系 信息处理实验室 xlanchen@04/29/2005Understanding the Inside of Windows2000 19 Process and thread security structures
20
计算机系 信息处理实验室 xlanchen@04/29/2005Understanding the Inside of Windows2000 20 Logon Components involved in logon
21
计算机系 信息处理实验室 xlanchen@04/29/2005Understanding the Inside of Windows2000 21 Winlogon Initialization \Windows\WinSta0 three desktops an LPC connection a window class data structure Registers the SAS Registers the window User Logon Steps
Similar presentations
