GitHubFacebookLinkedin

🥷Security principals

What are security principals?

What are security principals?

  • A security principal is any entity that can be authenticated by the operating system, such as a user account, a computer account, or a thread or process that runs in the security context of a user or computer account, or the security groups for these accounts.

  • Every security principal is uniquely identified by a Security Identifier (SID), which the system uses rather than relying on usernames, ensuring security and integrity even if names change.

  • A security principal is basis of the Windows Security Model ,the Windows Security Model is built on the concept of Identity, Authentication, and Authorization to control access to system resources :

1️⃣ Security Principals (Identity)

🔹 A Security Principal is any entity that has an identity and can be authenticated.

2️⃣ Authentication (Who Are You?)

🔹 The process of verifying the identity of a security principal. 🔹 Uses passwords, smart cards, biometrics, or Kerberos/NTLM protocols. 🔹 Once authenticated, the system creates an Access Token that contains:

  • The user’s SID

  • Group memberships

  • Privileges assigned to the user

💡 Example: When you log in to Windows, you provide a password. If it matches, Windows creates an access token for your session.

3️⃣ Authorization (What Can You Do?)

🔹 Once authenticated, the system checks if the security principal has permission to access a resource. 🔹 Uses Access Control Lists (ACLs) stored in each object’s security descriptor. 🔹 ACLs contain Access Control Entries (ACEs) that define:

  • Who can Read, Write, Execute, or Modify a file, folder, or system resource.

💡 Example: If Alice tries to open Secret.txt, Windows checks the ACL. If Alice is listed with "Read" permission, she can open it.

Types of Security principals ?

1. User Principal

What It Is:

  • A User Principal represents an individual human user who interacts with a system or resources.

  • This could be a person logging into a computer, accessing files, running applications, or managing server resources.

Key Characteristics:

  • Authentication: The user is authenticated using credentials such as a username and password, biometrics, or multi-factor authentication (MFA).

  • Identity: Each user has a unique identifier, often called a Security Identifier (SID) in Windows or a User ID (UID) in Linux.

  • Permissions: The user’s permissions determine what resources they can access and what actions they can perform.

  • Security Context: When a user logs in, their security context is created, which includes:

    • Their identity (e.g., SID or UID).

    • Group memberships (if applicable).

    • Privileges (special rights granted to the user).

    • Integrity levels (in systems like Windows).

2. Group Principal

What It Is:

  • A Group Principal represents a collection of users. Instead of assigning permissions to individual users, permissions are assigned to the group, and all members of the group inherit those permissions.

Key Characteristics:

  • Simplified Management: Groups make it easier to manage access for multiple users at once.

  • Types of Groups:

    • Security Groups: Used for granting access to resources.

    • Distribution Groups: Primarily used for communication (e.g., email lists), but not typically for security purposes.

    • Dynamic Groups: Membership can be automatically determined based on attributes like department, location, or job role.

  • Inheritance: Users inherit the permissions of the groups they belong to. This is reflected in their security context .

3. Service Principal

What It Is:

  • A Service Principal represents a non-human identity, such as an application, service, or automation tool. It allows these entities to authenticate and interact with the system without requiring a human user.

Key Characteristics:

  • Authentication: Service principals authenticate using mechanisms like API keys, certificates, or client secrets.

  • Unique Identity: Each service principal has its own unique identifier, just like a user.

  • Role Assignments: Service principals can be assigned roles or permissions, allowing them to perform specific tasks.

  • Automation-Friendly: They are ideal for scenarios where human intervention is not required, such as automated scripts, background services/

PreviousWindows Logon ProcessNextsecurity group

Last updated