Learn New 1-Windows Access Control

Windows Access Control

Copyright mikefeng

Security level: Based on NT Windows Yesc2 Level. C2 is a security level in the Orange Book specification. The orangebook is an official standard issued by the National Computer Security Center (NCSC) of the National Security Agency (NSA) in August 1983, its official name is "Trusted Computer System Evaluation Criteria", and its cover is orange. as one of the most authoritative security standards for computer systems, Orange Book NCSC is also responsible for security testing of computer systems and related products. the definition of a trusted system in the orange peel is as follows: a system composed of complete hardware and software, without violating access permissions, it can serve a limited number of users at the same time and process information in different ranges from general to top secret. Furthermore, orange books classifies the degree of trust that a computer system can accept, and systems that meet certain security conditions, benchmarks, and rules can be classified as certain security levels. Orange books divides the security performance of computer systems from high to low into four levels: A, B, C, and D. In particular, the higher level of security covers the lower level of security, each major level is further divided into several small levels by number of security levels, where: D-minimum protection (minimal protection ), this level applies to systems that have not passed other security level tests, such as personal computers such as IBM-PC and Apple Macintosh, probably belongs to this level. C-Custom Protection (discretionary protection). This level of security features that system objects (such as files and directories) can be subject to western topics (such as system administrators, support, and applications) custom access. For example, the administrator can decide that a file can only be read by a specific user and written by another user. Michael can decide that a directory of Michael can be published to other users for reading and writing. This attribute can be seen in UNIX, Windows NT, and other operating systems. This level is based on two security levels: low security and high security: C1 and C2. B: mandatory protection. This level of security is characterized by the system's mandatory security protection. In the forced protection mode, each system object (such as files, directories, and other resources) and topic (such as System Administrators, Users, and applications) have their own security labels ), the system grants the user access permissions to each object based on the user's security level. A: verified protection. Although the Orange Book may still define a higher security level than A1, this level currently only has an A1 level, the function of Level A is basically the same as that of level B3, the A-level system has formal analysis and mathematical methods to fully prove the integrity and consistency of the system's security policies and security specifications. Windows NT 3.51 + is claimed to have a C2 security level, but Windows NT 4.0 and later have a C2 security level. In other words, its security feature is its custom protection, and NT may be upgraded to B2 security level in the future. The following content is applicable to Windows

• Security Descriptor: Contains security information.
• Security object: an object with a security descriptor. Security objects are passed in many windows APIs, such as createfile.
• Access Control Model: A model that can control processes to access secure objects.
• Access tokens: security information of a login user.
• Access permission and access mask: the access mask is a set of 32-bit information, each of which defines an access permission.
• Trustee: The ace application object. It can be a user account, group account, or login session.
• ACE: Access control entry. It can contain a Sid, access mask, Ace type, and some identification spaces. There are three types of ACE: For DACL to prohibit access to ace and to allow access to ace, user SACE system to monitor ace
• ACL: List of ACE. There are two types of ACLs: DACL and SACL.
• DACL: whether to allow access to the ACL list of a security object
• SACL: whether to record the user access ACL list

Security Descriptor in the process of creating a security object: assign a user-defined security description to a new object or use the default security descriptor. The application obtains this security object and analyzes it to determine whether it has access permissions. Check DACL: analyze each ACL and accumulate the result. The final permission is applied to access. Null DACL: if a security descriptor is set to null, all permissions are obtained by default. Empty DACL: If a DACL is empty, no permissions are granted to change a DACL by default:

1. Obtain the DACL of a security object. Call the getnamedsecurityinfo function;
2. Create an explicit_accsse (EA;
3. Set this ea as the content of the ACE and the original ACL to a new DACL;
4. Set the ACL to a security object again.

Example function: intsetaccess (lpstr filename) {bool bsuccess = false; // assume failure DWORD dwerror; existingdacl = NULL; newacl = NULL; PSD = NULL; printf ("operations on % s... ", filename); // get current DACL on specified file if (maintian = 1) {dwerror = getnamedsecurityinfo (filename, se_file_object, dacl_security_information, null, null, & existingdacl, null, & PSD); If (dwerror! = Error_success) {displaylasterror ("getnamedsecurityinfo"); Return rtn_error ;}}buildexplicitaccesswithname (& EA, trusteename, accessmask, option, inheritflag // container_inherit_ace inherit_only_ace encode // object_inherit_ace encode // define sub_objects_only_inherit); // no_inheritance // Add specified access to the object Dwerror = setentriesinacl (1, & EA, existingdacl, & newacl); If (dwerror! = Warn) {displaylasterror ("setentriesinacl"); goto cleanup;} // apply new security to file dwerror = setnamedsecurityinfo (filename, se_file_object, // object type dacl_security_information, null, null, newacl, null); If (dwerror! = Error_success) {displaylasterror ("setnamedsecurityinfo"); goto cleanup;} bsuccess = true; // indicate success printf ("successful/N", filename); cleanup: If (newacl! = NULL) accfree (newacl); If (PSD! = NULL) accfree (PSD); If (existingdacl! = NULL) accfree (existingdacl); If (! Bsuccess) return rtn_error; return rtn_ OK ;}