Scribd
Upload
24 views

07 - Windows Security

This document discusses Windows security and its components. It covers key security milestones in Windows versions, security components like the kernel security reference monitor and user-mode security accounts manager. It also describes Active Directory, access control using security identifiers, privileges, and objects. Access control lists and inheritance are explained. The document provides an overview of principles, subjects, tokens, access rights and generic rights in Windows security.

Uploaded by

Syarifah Ayuwandira
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
24 views

07 - Windows Security

This document discusses Windows security and its components. It covers key security milestones in Windows versions, security components like the kernel security reference monitor and user-mode security accounts manager. It also describes Active Directory, access control using security identifiers, privileges, and objects. Access control lists and inheritance are explained. The document provides an overview of principles, subjects, tokens, access rights and generic rights in Windows security.

Uploaded by

Syarifah Ayuwandira
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

CSC662

COMPUTER SECURITY

07 - WINDOWS SECURITY

These slides are prepared from Prof Pavel Laskov‘s lecture slide Version 2.0

(SECURITY) FAMILY TREE

Key (in) security milestones:


NT 3.51 (1993): network drivers and TCP/IP
Windows 2000: Active Directory, Kerberos, security architecture.
Server 2003: security policies, LAN and wireless security
Vista (2007): no “admin-by-default”, rewall, DEP

1
SECURITY COMPONENTS
Kernel mode:
Security Reference Monitor: ACL
veri cation
User mode:
Log-on process (winlogon): user
logon
Local Security Authority (LSA):
password veri cation and change,
access tokens, audit logs (MS04-11
buffer over ow: Sasser worm!)
Security Accounts Manager (SAM):
accounts database, password
encryption
User Account Control (UAC, Vista):
enforcement of limited user privileges

WINDOWS SECURITY
ARCHITECTURE

2
WINDOWS REGISTRY

A hierarchical database containing critical system


information
Key-value pairs, subkeys, 11 values types
A registry hive is a group of keys, subkeys, and
values
Security-related registry hives:
HKEY_LOCAL_MACHINE \ SAM: SAM database
HKEY_LOCAL_MACHINE \ Security: security logs, etc
HKEY_LOCAL_MACHINE \ Software: paths to
programs!

WINDOWS DOMAINS
A domain is a
collection of machines
sharing user accounts
and security policies.
Domain
authentication is
carried out by a
domain controller
(DC).
To avoid a single point
of failure, a DC may
be replicated

3
ACTIVE DIRECTORY

Active directory introduced in Windows 2000


is an LDAP-like directory service for
organization of system resources:
Users and groups
Security credentials and certi cates
System resources (desktops, servers, printers)
Security policies
DNS service
Trust management

ACTIVE DIRECTORY STRUCTURE

4
ACCESS CONTROL IN WINDOWS
Access control is applied to objects: les,
registry keys and hives, Active Directory
objects.
More than just access control on les!
Various means exist for expressing security
policies:
Groups
Roles
Ownership and inheritance rules
Compex access rights

ACCESS CONTROL IN WINDOWS


4. An object 2. A subject
1. OS
primitive
created
by
principle
5. Security
descriptor

3. Security
credential

5
PRINCIPALS
Principals are active entities in security policies
Principals can be
local users
aliases
domain users
groups
machines
Principals have a human readable user name and a
unique security identi er (SID)
Local principals are created by a LSA, e.g.
principal = MACHINE\principal
Domain principals are administered by DC, e.g.
principal@domain = DOMAIN\principal

SECURITY IDENTIFIERS
A security identi er (SID) is a unique, machine
generated code of varying length used to identify
principals.
Format: S-1-IA-SA-SA-SA-N, where
IA (identi er authority): characterizes an issues, e.g.
World Authority (1) or Local Authority (2)
SA (subauthority): identi es a speci c SID issue, e.g. a
domain controller
N: relative identi er, unique for each authority
Examples:
Everyone (World): S-1-1-0
System: S-1-5-18
Administrator: S-1-5-21-<local authority>-500

6
PRINCIPALS USED FOR ACCESS
CONTROL
SID: an individual principal
Group: a collection of principals managed by
DC; groups have their own SIDs and can be
nested
Alias: a local group managed by LSA;
cannot be nested
Aliases implement logical roles: an
application may de ne an alias to which
SIDs are assigned at run-time

SUBJECTS

Subjects are active entities in OS primitives.


Windows subjects are processes and threads.
Security credentials for a subject are stored in
a token.
Tokens provide a principal/subject mapping
and may contain additional security attributes.
Tokens are inherited (possibly with restrictions)
during creation of new processes.

7
TOKEN CONTENTS

Identity and authorisation contents


user SID, group SIDs, alias SIDs
privileges
Defaults for new securable objects
owner SID, group SID, DACL
Miscellaneous attributes
logon SID

PRIVILEGES
A set of xed privileges is de ned by numeric
constants in Winnt.h
Privileges control access to system resources.
Example privileges:
load or unload a device driver
lock a page in a physical memory
create a computer account
shut down a system
modify a system time
Privileges are not access rights!

8
OBJECTS

Objects represent various passive OS


entities
Security of built-in objects is managed by
OS
Security of private objects must be managed
by applications
Securable objects are equipped with a
security descriptor

EXAMPLE OF WINDOWS OBJECTS

les or directories objects


pipes registry keys
processes and printers
threads network shares
le mappings synchronization
access tokens objects
window- job objects
management Active Directory
objects objects

9
SECURITY DESCRIPTOR

Owner: a principal who owns an object


Primary group: for POSIX compatibility
DACL: speci es who is granted and who is denied
access
SACL: speci es a security audit policy

ACCESS RIGHTS: AN OVERVIEW

Describe what one can do to an object


Encoded as a 32-bit mask
Standard access rights: common to most object
types
DELETE
READ_CONTROL: read object’s security descriptor
SYNCHRONIZE: use object for synchronization (not all
objects)
WRITE_DAC: change object’s DACL
WRITE_OWNER: change object’s owner
Object-speci c access rights are tailored to each
class of objects

10
GENERIC ACCESS RIGHTS

The rst 4 bits represent generic access rights:


GENERIC_READ
GENERIC_WRITE
GENERIC_EXECUTE
GENERIC_ALL
Each class of objects maps its generic rights to
object-speci c rights.
Generic rights are used to simplify design: they
provide an intermediate description level for
access rights.

ACLs IN WINDOWS
DACL in a security descriptor is a list of
Access Control Entries (ACE)
ACE format:
ACE type: positive or negative permissions
Principal SID
Access rights mask
Inheritance ags
ACEs are processed sequentially until either
some entry denies all requested access
rights and a set of ACE grants all requested
access rights

11
ACL PROCESSING EXAMPLE

ACL INHERITANCE

When a new object is created, is ACL is inherited


from that of the enclosing container, e.g. a
directory.
Only ACEs with a matching object type are
inherited

12
KEY POINTS

Windows systems contain complex security


mechanisms for user account and object
management as well as access control.
DACS enable ne-grained access control of
heterogeneous entities in Windows itself as well as
applications.
The complexity of Windows security mechanisms
is also its enemy: miscon guration as well as
implementation bugs may lead to severe security
incidents.

Thank You

13

You might also like