8

Windows 2000(XP)

8.1

4 1 23

.

,

6

8.2

8.2.1

8.2.2

RST

8.2.3

/

ERWOR

8.2.4

12

345

1

2

3

8.3 1 23

8.3.1 ()/

26261062 UNIX+*/%#

26326+26*26+26*26*26=1827818

(15)15150

Windows NTUNIX

UNIX

8.3.2

1mEmm

1

2

2

8.4

8.4.1 11(Subject) 2(Object) 3

2

1(ACMAccess Control Matrix)

2

C ()AB C DORWRW BRW A B CORWOX RDABOOwnerRReadWWriteXExecute

AAA

AAAAAHHAAAA

3ACL ACL

FILE1FILE2PRG1HELPUSER-C RACLUSER-BUSER-CUSER-AORWRW ORWUSER-AUSER-DOXXUSER-AUSER-BUSER-CUSER-DRRRWOOWONERRREADWWRITEXEXCUTE FILE1 FILE2 PRG1 HELP

4 Capability

5

8.4.2

8.4.2.2

1-- --

--

2 --

UserGroupWorldUNIXVAX VMNTLINUX

12121

8.4.2.3 1

2UNIXSet UserIDSUIDSet GroupIDSGIDIDIDsetuidsetgidsetuidsetgid

UNIXSUID/SGIDSUID

8.4.2.4 ACLVAX VMS/SE

ITEM

8.4.3 1(TBAC)

2(OBAC) OBAC

8.5 Windows 2000(XP) Windows 2000(XP)Windows 2000(XP) Windows 2000(XP)

8.5.1 Windows1Windows(Discretion Access Control)(Object Reuse) (Mandatory log on)(Control of Access to Object)

2WindowsWinlogonGraphical Identification and Authentication DLL (GINA)Local Security Authority(LSA)Security Support Provider Interface(SSPI)Authentication PackagesSecurity Support ProvidersNetlogon ServiceSecurity Account Manager(SAM)

8.5.2 1 Windows2000(XP)(User Account)2 Windows 2000(XP)

3 SAMSAM

Windows 2000(Windows 2000 Server)

8.5.3 1 Windows 2000(XP)1NTLM(Windows NT 4.0) 2Kerberos V53

24Windows 2000WinlogonWinlogonLSA(Local Security Authority)LSA

LSASAMSAMSIDSIDLSALSA(Access Token)LSAWinlogonWindows 2000

8.5.4 11 232(Active Directory)

8.5.5 Windows 2000 1 23456

8.5.6 Windows 2000 1(Service Pack)(Hotfix)2Administrator3Administrator45

678910windows 2000 11

DES44ACLACLACL