8
Windows 2000(XP)
8.1
4 1 23
.
,
6
8.2
8.2.1
8.2.2
RST
8.2.3
/
ERWOR
8.2.4
12
345
1
2
3
8.3 1 23
8.3.1 ()/
26261062 UNIX+*/%#
26326+26*26+26*26*26=1827818
(15)15150
Windows NTUNIX
UNIX
8.3.2
1mEmm
1
2
2
8.4
8.4.1 11(Subject) 2(Object) 3
2
1(ACMAccess Control Matrix)
2
C ()AB C DORWRW BRW A B CORWOX RDABOOwnerRReadWWriteXExecute
AAA
AAAAAHHAAAA
3ACL ACL
FILE1FILE2PRG1HELPUSER-C RACLUSER-BUSER-CUSER-AORWRW ORWUSER-AUSER-DOXXUSER-AUSER-BUSER-CUSER-DRRRWOOWONERRREADWWRITEXEXCUTE FILE1 FILE2 PRG1 HELP
4 Capability
5
8.4.2
8.4.2.2
1-- --
--
2 --
UserGroupWorldUNIXVAX VMNTLINUX
12121
8.4.2.3 1
2UNIXSet UserIDSUIDSet GroupIDSGIDIDIDsetuidsetgidsetuidsetgid
UNIXSUID/SGIDSUID
8.4.2.4 ACLVAX VMS/SE
ITEM
8.4.3 1(TBAC)
2(OBAC) OBAC
8.5 Windows 2000(XP) Windows 2000(XP)Windows 2000(XP) Windows 2000(XP)
8.5.1 Windows1Windows(Discretion Access Control)(Object Reuse) (Mandatory log on)(Control of Access to Object)
2WindowsWinlogonGraphical Identification and Authentication DLL (GINA)Local Security Authority(LSA)Security Support Provider Interface(SSPI)Authentication PackagesSecurity Support ProvidersNetlogon ServiceSecurity Account Manager(SAM)
8.5.2 1 Windows2000(XP)(User Account)2 Windows 2000(XP)
3 SAMSAM
Windows 2000(Windows 2000 Server)
8.5.3 1 Windows 2000(XP)1NTLM(Windows NT 4.0) 2Kerberos V53
24Windows 2000WinlogonWinlogonLSA(Local Security Authority)LSA
LSASAMSAMSIDSIDLSALSA(Access Token)LSAWinlogonWindows 2000
8.5.4 11 232(Active Directory)
8.5.5 Windows 2000 1 23456
8.5.6 Windows 2000 1(Service Pack)(Hotfix)2Administrator3Administrator45
678910windows 2000 11
DES44ACLACLACL