Short answer Local Security Authority SubSystem. It performs the authentication of log-on credentials passed from the WinLogon process against the Security Account Manager or other authentication packages. In other words it is responsible for the local system security policy (such as which users are allowed to log on to the machine, password policies, privileges granted to users and groups, and the system security auditing settings), user authentication, and sending security audit messages to the Event Log.
 
Lsas has a database that contains the local system security policy settings. This database is stored in the registry under HKLM\SECURITY. It includes such information as what domains are entrusted to authenticate logon attempts, who has permission to access
the system and how (interactive, network, and service logons), who is
assigned which privileges, and what kind of security auditing is to be
performed. The Lsass policy database also stores "secrets" that
include logon information used for cached domain logons and Win32
service user-account logons. It also checks TCP/IP connections
It is also known to be the site of some hacker attacks utilizing pwdump2.exe which injects samdump.dll into the LSAS process to steal passwords.