set322 - Windows NT Security Cunsheng Ding HKUST, Hong...

Info iconThis preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Windows NT Security Cunsheng Ding HKUST, Hong Kong, CHINA Agenda • Brief information about Windows NT • Security architecture • Identification and authentication • Access control • Administration C. Ding - COMP4631 - L22 ¡ Some Brief Information • Windows NT was developed by Microsoft. • It is an operating system that could run on a variety of processor architectures, e.g., Intel x86, DEC Alpha, Power PC. • It allows to run MS/DOS, OS/2 and Windows applications. • Windows NT includes networking capabilities . • Its design follows the object-oriented paradigm. C. Ding - COMP4631 - L22 ¡ Security Architecture C. Ding - COMP4631 - L22 ¡ Security Architecture • The core operating system service is the Windows NT executive . • User programs make application program interface (API) calls to invoke operating system services. • Two modes: user and kernel modes – User programs (user mode) – Operating system services (kernel mode) C. Ding - COMP4631 - L22 ¡ C. Ding - COMP4631 - L22 ¡ Windows NT : kernel vs user mode Cache Manager Device drivers Virtual Memory Processes & Threads Security PnP/Power Manager I/O Manager Hardware interfaces (read/write port, timers, clocks, cache control, etc.) Alerter WinLogon User Application Subsystem DLLs OS/2 Services Applicatio ns File systems Object management / Executive RTL Kernel Hardware Abstraction Layer (HAL) User Mode System Threads Kernel Mode Executive API Win32 NTDLL.DLL ( NT Layer DLL that control NT system functions ) System Processes Subsystems Security Subsystems • Security Reference Monitor (SRM) : – in charge of access control, – an executive component running in “kernel mode” . • Local Security Authority (LSA) : – a user mode component involved at login when it checks the user account and creates a system access token (SAT). – the LSA is also responsible for auditing functions. C. Ding - COMP4631 - L22 ¡ Security Subsystems ctd. • Security Account Manager (SAM) : – A user mode component that maintains the user account database used by the LSA – It provides user authentication for the LSA. C. Ding - COMP4631 - L22 ¡ Winlogon LSA SAM account data base The Registry • It is the central database for Windows NT configuration data. • Entries in the registry are called keys (not be confused with cryptographic keys). • It is a hierarchical database. At the top level, the registry is structured into four sections called hives (or root keys) . Hives contains keys (directories) which in turn contain subkeys (subdirectories) or data items C. Ding - COMP4631 - L22 ¡ Protection of the Registry • The registry is stored in a proprietary format. • Only the operating system tool Registry Editor can modify the registry....
View Full Document

This note was uploaded on 09/21/2011 for the course COMP 4631 taught by Professor Ding during the Fall '11 term at HKUST.

Page1 / 52

set322 - Windows NT Security Cunsheng Ding HKUST, Hong...

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online