Security Model Architecture

Figure 2.1 on the facing page shows the components of the Windows NT security model, which include:

Figure 2.1 Windows NT Security Components

Together, these components are known as the security subsystem. This subsystem is called an integral subsystem, not an environmental subsystem, because it affects the entire Windows NT operating system.

The Windows NT security model is designed for C2-level security, as defined by the U.S. Department of Defense. Some of the most important requirements of C2-level security are:

For example, the system protects memory so that its contents cannot be read after it is freed by a process. When a file is deleted, users must not be able to access the data from that file.

For more information about C2-level security, see "Security Considerations and C2 Security Rating," later in this chapter.