Access Control Mechanisms

Security Identifier (SID)

In Window's enviornments a SID is used to identify entities. Each entity/principal that can be authenticated to (Users/Groups) has a unique SID. The SID of local accounts and groups are generated by the Local Security Authority (LSA) while the SID of domain users, and groups is generated by the Domain controller. A SID can not be changed and is created at the same time as the user or group.

Access Token

After an entity is authenticated to windows generates an access token for the assigned user. The token itself contains various pieces of infromation that describe the security context of the entity and outlines a set of rules and attributes that are in effect.

The security context of an Access Token consist of the entity's SID, SIDs of groups the entities is a member of, and all privileges associated with the entity itself and it's groups.

When an entity starts a process a primary token is assigned to the processes itself all running threads which outlines all permissions for interacting with objects. It is a copy of the access token of the entity. Threads can also have an impersonation token which provides a different security context than the process that owns the thread. The thread will then interact with objects as the impersonated token instead of the primary token of the processes.

Mandatory Integrity Control

Mandatory Integrity Control leverages integirty levels to control access to secure-able objects. When a process is started or an object created it recieves the integirty level of the principal performing the operation. A princiapl with a low integrity level can not write to an object with a high level even if permissions normally allow. There are five integrity levels within a Windows OS.

* System: SYSTEM (kernel, ...)
* High: Elevated users
* Medium: Standard users
* Low: Very restricted rights often used in sandboxed processes 
* Untrusted: Lowest integrity level with extremely limited access rights 

The integrity level of a processes can be viewed with Process Explorer or whoami /groups and the integrity level of files can be viewed with icacls

User Account Control (UAC)

UAC is a security feature designed to protect the host by running the majority of applications and tasks with the users privileges even if the user executing them is an Administrator. To accomplish this every Administrator obtains two access tokens when successfully logged in. The first token acts as a standard user token which can be used to perform all non privledged operations. Their second token is an administrator token that will execute processes with a higher admistrative integrity. When a user wants to leverage the Administrative token a UAC consent prompt will need to be confirmed.