第 8 章 操作系统安全
DESCRIPTION
第 8 章 操作系统安全. 本章主要内容. 操作系统的安全问题 存储器保护 用户认证 访问控制 Windows 2000(XP) 系统的安全机制. 8.1 操作系统的安全问题. 操作系统安全的重要性 操作系统的安全是整个计算机系统安全的基础,没有操作系统安全,就不可能真正解决数据库安全、网络安全和其他应用软件的安全问题。. 操作系统面临的安全威胁. ( 4 )在多用户操作系统中,各用户程序执行过程中相互间会产生不良影响,用户之间会相互干扰。. ( 1 )恶意用户. ( 2 )恶意破坏系统资源或系统的正常运行,危害计算机系统的可用性. - PowerPoint PPT PresentationTRANSCRIPT
-
8
-
Windows 2000(XP)
-
8.1
-
4 1 23
-
.
-
,
-
6
-
8.2
-
8.2.1
-
8.2.2
-
RST
-
8.2.3
-
/
-
ERWOR
-
8.2.4
-
12
-
345
-
1
-
2
-
3
-
8.3 1 23
-
8.3.1 ()/
-
26261062 UNIX+*/%#
-
26326+26*26+26*26*26=1827818
-
(15)15150
-
Windows NTUNIX
-
UNIX
-
8.3.2
1mEmm
-
1
-
2
-
2
-
8.4
-
8.4.1 11(Subject) 2(Object) 3
-
2
1(ACMAccess Control Matrix)
-
2
-
C ()AB C DORWRW BRW A B CORWOX RDABOOwnerRReadWWriteXExecute
-
AAA
-
AAAAAHHAAAA
-
3ACL ACL
-
FILE1FILE2PRG1HELPUSER-C RACLUSER-BUSER-CUSER-AORWRW ORWUSER-AUSER-DOXXUSER-AUSER-BUSER-CUSER-DRRRWOOWONERRREADWWRITEXEXCUTE FILE1 FILE2 PRG1 HELP
-
4 Capability
-
5
-
8.4.2
-
8.4.2.2
-
1-- --
-
--
-
2 --
-
UserGroupWorldUNIXVAX VMNTLINUX
-
12121
-
8.4.2.3 1
-
2UNIXSet UserIDSUIDSet GroupIDSGIDIDIDsetuidsetgidsetuidsetgid
-
UNIXSUID/SGIDSUID
-
8.4.2.4 ACLVAX VMS/SE
-
ITEM
-
8.4.3 1(TBAC)
-
2(OBAC) OBAC
-
8.5 Windows 2000(XP) Windows 2000(XP)Windows 2000(XP) Windows 2000(XP)
-
8.5.1 Windows1Windows(Discretion Access Control)(Object Reuse) (Mandatory log on)(Control of Access to Object)
-
2WindowsWinlogonGraphical Identification and Authentication DLL (GINA)Local Security Authority(LSA)Security Support Provider Interface(SSPI)Authentication PackagesSecurity Support ProvidersNetlogon ServiceSecurity Account Manager(SAM)
-
8.5.2 1 Windows2000(XP)(User Account)2 Windows 2000(XP)
-
3 SAMSAM
-
Windows 2000(Windows 2000 Server)
-
8.5.3 1 Windows 2000(XP)1NTLM(Windows NT 4.0) 2Kerberos V53
-
24Windows 2000WinlogonWinlogonLSA(Local Security Authority)LSA
-
LSASAMSAMSIDSIDLSALSA(Access Token)LSAWinlogonWindows 2000
-
8.5.4 11 232(Active Directory)
-
8.5.5 Windows 2000 1 23456
-
8.5.6 Windows 2000 1(Service Pack)(Hotfix)2Administrator3Administrator45
-
678910windows 2000 11
DES44ACLACLACL