Security Strategies in Windows Platforms and Applications, 3rd Edition by Michael G. Solomon

All computer users, including attackers, need to establish access to a computer system before accessing its resources. The operating system is responsible for providing access to authorized users while denying access to unauthorized users. This process of providing and denying access is called access control. As developers of operating systems have become more concerned with security issues, access control has matured with each new operating system release. Access control is a multistep process, starting with identification and authentication. Regardless of the methods used, the operating system needs to identify the user asking for access to a resource. Most often, the user provides a username (or user ID). ...