Table of contents
TOC
Collapse the table of content
Expand the table of content

Security Features for File Systems

Last Updated: 7/30/2016

Unlike most other types of drivers, file systems are intimately involved in normal security processing. This is because of the nature of security and its implementation within Microsoft Windows. The general Windows security model associates a security descriptor with an object--in this case, the FILE_OBJECT. File systems that support Windows security are responsible for storing and retrieving security descriptors. In addition, file systems are responsible for handing several other special security considerations that fall outside the normal scope of standard kernel-mode drivers.

This section discusses key features that may be added to a file system to support Windows security. None of these are mandatory and file systems can be constructed without using any of these interfaces. Further, it is possible to implement some security features while ignoring others--this is specific to the implementation of the file system.

This section includes the following topics:

Security Descriptors

Privileges

Auditing


© 2016 Microsoft