Upload
oki
View
79
Download
4
Embed Size (px)
DESCRIPTION
第 8 章 操作系统安全. 本章主要内容. 操作系统的安全问题 存储器保护 用户认证 访问控制 Windows 2000(XP) 系统的安全机制. 8.1 操作系统的安全问题. 操作系统安全的重要性 操作系统的安全是整个计算机系统安全的基础,没有操作系统安全,就不可能真正解决数据库安全、网络安全和其他应用软件的安全问题。. 操作系统面临的安全威胁. ( 4 )在多用户操作系统中,各用户程序执行过程中相互间会产生不良影响,用户之间会相互干扰。. ( 1 )恶意用户. ( 2 )恶意破坏系统资源或系统的正常运行,危害计算机系统的可用性. - PowerPoint PPT Presentation
Citation preview
8
Windows 2000(XP)
8.1
4 1 23
.
,
6
8.2
8.2.1
8.2.2
RST
8.2.3
/
ERWOR
8.2.4
12
345
1
2
3
8.3 1 23
8.3.1 ()/
26261062 UNIX+*/%#
26326+26*26+26*26*26=1827818
(15)15150
Windows NTUNIX
UNIX
8.3.2
1mEmm
1
2
2
8.4
8.4.1 11(Subject) 2(Object) 3
2
1(ACMAccess Control Matrix)
2
C ()AB C DORWRW BRW A B CORWOX RDABOOwnerRReadWWriteXExecute
AAA
AAAAAHHAAAA
3ACL ACL
FILE1FILE2PRG1HELPUSER-C RACLUSER-BUSER-CUSER-AORWRW ORWUSER-AUSER-DOXXUSER-AUSER-BUSER-CUSER-DRRRWOOWONERRREADWWRITEXEXCUTE FILE1 FILE2 PRG1 HELP
4 Capability
5
8.4.2
8.4.2.2
1-- --
--
2 --
UserGroupWorldUNIXVAX VMNTLINUX
12121
8.4.2.3 1
2UNIXSet UserIDSUIDSet GroupIDSGIDIDIDsetuidsetgidsetuidsetgid
UNIXSUID/SGIDSUID
8.4.2.4 ACLVAX VMS/SE
ITEM
8.4.3 1(TBAC)
2(OBAC) OBAC
8.5 Windows 2000(XP) Windows 2000(XP)Windows 2000(XP) Windows 2000(XP)
8.5.1 Windows1Windows(Discretion Access Control)(Object Reuse) (Mandatory log on)(Control of Access to Object)
2WindowsWinlogonGraphical Identification and Authentication DLL (GINA)Local Security Authority(LSA)Security Support Provider Interface(SSPI)Authentication PackagesSecurity Support ProvidersNetlogon ServiceSecurity Account Manager(SAM)
8.5.2 1 Windows2000(XP)(User Account)2 Windows 2000(XP)
3 SAMSAM
Windows 2000(Windows 2000 Server)
8.5.3 1 Windows 2000(XP)1NTLM(Windows NT 4.0) 2Kerberos V53
24Windows 2000WinlogonWinlogonLSA(Local Security Authority)LSA
LSASAMSAMSIDSIDLSALSA(Access Token)LSAWinlogonWindows 2000
8.5.4 11 232(Active Directory)
8.5.5 Windows 2000 1 23456
8.5.6 Windows 2000 1(Service Pack)(Hotfix)2Administrator3Administrator45
678910windows 2000 11
DES44ACLACLACL