Professional Documents
Culture Documents
Security Models
Security Models
Components
1. Security Reference Monitor (SRM): SRM is a component running in kernelmode that checks for proper authorization before granting access to objects.
2. Local Security Authority Subsystem (Lsass): Lsass is a user-mode component
that is responsible for the local system security policy, user authentication,
and sending security audit messages to the event log.
3. Security Accounts Manager (SAM): SAM service is a set of subroutines
responsible for managing the database that contains the username and
groups defined on the local machine.
4. Logon Process (Winlogon): Winlogon is a user-mode process that is
responsible for responding to the Lsass and for managing interactive logon
sessions.
5. User Account Control (UAC): UAC is a component that limit applications to
standard user privileges until an administrator authorizes an elevation.
Linux
The Linux security model is a collection of several active process, daemon services,
and libraries that provide a secure framework for the Linux kernel work in.
Components
1. Pluggable Authentication Module (PAM): PAM provide dynamic
authentication support for applications and services. It separate the tasks of
authentication into four independent management groups (listed below).
2. Authentication Module: It is a module used to authenticate users and for set
or destroy credentials.
3. Account Management Module: It performs actions related to access, account
and credential expiration.
4. Password Management Module: It handles and manages user's passwords
including setting, resetting, and changing passwords.
5. Session Management Module: It is used for initializing and terminating
sessions. It also deals with creating the appropriate log entries for every
initialized session.
Comparison
Both systems are modularized in a way that their security components are sort of
independent services and process working in the kernel mode and user mode. These
process are used by the operating system to accomplish a specific task such as
authentication, logging, enforcing policies, and account management. Such
modularization makes the system more stable and easier to maintain.
References
Bassil, Youssef. Windows and Linux Operating Systems From a Security Perspective.
URL: http://arxiv.org/abs/1204.0197
Srivistava, Vishal. Understanding and configuring PAM. URL:
http://www.ibm.com/developerworks/library/l-pam/
Noyes, Katherine. Why Linux Is More Secure Than Windows. URL:
http://www.pcworld.com/article/202452/why_linux_is_more_secure_than_window
s.html
Usage share of operations. URL:
http://en.wikipedia.org/wiki/Usage_share_of_operating_systems#Market_share_by
_category
The Windows Security Model. URL: http://msdn.microsoft.com/enus/library/bb385791.aspx