Q&A What is the Windows Integrity Mechanism?

Did you knew that?

  • Yes

    Votes: 7 36.8%
  • No

    Votes: 12 63.2%

  • Total voters
    19

Umbra

Level 61
Content Creator
Trusted
Joined
May 16, 2011
Messages
17,778
OS
Windows 10
Antivirus
Default-Deny
#1
The Windows integrity mechanism is a core component of the Windows security architecture that restricts the access permissions of applications that are running under the same user account and that are less trustworthy.

The Windows Vista® integrity mechanism extends the security architecture of the operating system by assigning an integrity level to application processes and securable objects.

The integrity level is a representation of the trustworthiness of running application processes and objects, such as files created by the application. The integrity mechanism provides the ability for resource managers, such as the file system, to use pre-defined policies that block processes of lower integrity, or lower trustworthiness, from reading or modifying objects of higher integrity. The integrity mechanism allows the Windows security model to enforce new access control restrictions that cannot be defined by granting user or group permissions in access control lists (ACLs).

The Windows security architecture is based primarily on granting access rights (read, write, and execute permissions) and privileges to users or groups that are represented internally by security identifiers (SIDs). When a user logs on to Windows, the security subsystem sets the user’s SID and group membership SIDs in a security access token. The security access token is assigned to every application process that is run by that user. Every time the application process opens an object, such as a file or registry key, the resource manager that manages the object calls on the security subsystem to make an access decision. The access check determines the allowed access permissions for this user. The security subsystem (also known as the Security Reference Monitor) compares the user and group SIDs in the access token with the access rights in a security descriptor that is associated with the object. If the user SID is granted full access rights in the object’s ACL, then the application process that user runs has full access to the object. For more information on the Windows security architecture, see Windows Integrity Mechanism Resources.
read more here : What is the Windows Integrity Mechanism?

This article is a must-be-understood for everybody who really want to go deeper in security.