tailieunhanh - Windows Internals covering windows server 2008 and windows vista- P10

Windows Internals covering windows server 2008 and windows vista- P10: In this chapter, we’ll introduce the key Microsoft Windows operating system concepts and terms we’ll be using throughout this book, such as the Windows API, processes, threads, virtual memory, kernel mode and user mode, objects, handles, security, and the registry. | The security mechanisms in Windows use two components to determine what objects can be accessed and what secure operations can be performed. One component comprises the token s user account SID and group SID fields. The SRM uses SIDs to determine whether a process or thread can obtain requested access to a securable object such as an NTFS file. The group SIDs in a token indicate which groups a user s account is a member of. For example a server application can disable specific groups to restrict a token s credentials when the server application is performing actions a client requests. Disabling a group produces nearly the same effect as if the group wasn t present in the token it results in a deny-only group described later . Disabled SIDs are used as part of security access checks described later in the chapter. Group SIDs can also include a special SID that contains the integrity level of the process or thread. The SRM uses another field in the token which describes the mandatory integrity policy to perform the mandatory integrity check described later in the chapter. The second component in a token that determines what the token s thread or process can do is the privilege array. A token s privilege array is a list of rights associated with the token. An example privilege is the right for the process or thread associated with the token to shut down the computer. Privileges are described in more detail later in this chapter. A token s default primary group field and default discretionary access control list DACL field are security attributes that Windows applies to objects that a process or thread creates when it uses the token. By including security information in tokens Windows makes it convenient for a process or thread to create objects with standard security attributes because the process or thread doesn t need to request discrete security information for every object it creates. Each token s type distinguishes a primary token a token that identifies the .

TỪ KHÓA LIÊN QUAN