MSDN Library

6 References

The following books include useful content that covers aspects of the Windows Security Model in greater depth:

  • Brown, Keith, "Programming Windows Security", Addison-Wesley Professional, 2000, ISBN 0201604426.

  • Howard, Michael and LeBlanc, David, "Writing Secure Code", Microsoft Press, 2002, ISBN 0735617228.

  • Russinovich, Mark E. and Solomon, David A., "Microsoft Windows Internals, 4th ed.", Microsoft Press, 2005, ISBN 0735619174.

To provide background on security requirements, the National Computer Security Center, part of the United States Department of Defense (DoD), published the Trusted Computer System Evaluation Criteria as DoD 5200.28-STD. This has been supplanted by profiles written to the Common Criteria.

The Common Criteria is an ISO standard (ISO/IEC 15408) formal method of specifying requirements for security computer systems. Microsoft Windows uses profiles published by the DoD through the National Information Assurance Partnership (NIAP) program. For more information about NIAP, including the profiles themselves, see "Introducing NIAP" [NIAP] by The National Security Agency.

Microsoft websites (see Microsoft Corporation [MSFT]) contain a number of articles about security in Windows. Developer documentation on the MSDN home page [MSDN] by Microsoft also contains more in-depth information.

© 2016 Microsoft