5 SECURITY DESCRIPTORS
In the preceding chapter, we discussed the security access token, which describes the user’s identity to the SRM. In this chapter, you’ll learn how security descriptors define a resource’s security. A security descriptor does several things. It specifies the owner of a resource, allowing the SRM to grant specific rights to users who are accessing their own data. It also contains the discretionary access control (DAC) and mandatory access control (MAC), which grant or deny access to users and groups. Finally, it
can contain entries that generate audit events. Almost every kernel resource has a security descriptor, and ...
Get Windows Security Internals now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.