This article has multiple issues.Please helpimprove itor discuss these issues on thetalk page.(Learn how and when to remove these messages)
|
The concept oftype enforcement(TE), in the field ofinformation technology,is an access control mechanism for regulating access in computer systems. Implementing TE gives priority tomandatory access control(MAC) overdiscretionary access control(DAC). Access clearance is first given to a subject (e.g. process) accessing objects (e.g. files, records, messages) based on rules defined in an attachedsecurity context.A security context in a domain is defined by a domain security policy. In the Linux security module (LSM) inSELinux,the security context is an extended attribute. Type enforcement implementation is a prerequisite for MAC, and a first step beforemultilevel security(MLS) or its replacementmulti categories security(MCS). It is a complement ofrole-based access control(RBAC).
Control
editType enforcement implies fine-grained control over the operating system, not only to have control over process execution, but also overdomain transitionorauthorization scheme.This is why it is best implemented as a kernel module, as is the case with SELinux. Using type enforcement is a way to implement theFLASKarchitecture.
Access
editUsing type enforcement, users may (as inMicrosoftActive Directory) or may not (as inSELinux) be associated with a Kerberos realm, although the original type enforcement model implies so. It is always necessary to define a TE access matrix containing rules about clearance granted to a given security context, or subject's rights over objects according to an authorization scheme.
Security
editPractically, type enforcement evaluates a set of rules from the source security context of a subject, against a set of rules from the target security context of the object. A clearance decision occurs depending on the TE access description (matrix). Then, DAC or other access control mechanisms (MLS / MCS,...) apply.
History
editType enforcement was introduced in theSecure Ada Targetarchitecture in the late 1980s with a full implementation developed in the Logical Coprocessing Kernel (LOCK) system.[1][2]TheSidewinder Internet Firewallwas implemented on a custom version of Unix that incorporated type enforcement.
A variant calleddomain type enforcementwas developed in theTrusted MACHsystem.
The original type enforcement model stated that labels should be attached to subject and object: a “domain label” for a subject and a “type label” for an object. This implementation mechanism was improved by theFLASKarchitecture, substituting complex structures and implicit relationship. Also, the original TE access matrix was extended to other structures: lattice-based, history-based, environment-based, policy logic... This is a matter of implementation of TE by the various operating systems. In SELinux, TE implementation does not internally distinguish TE-domain from TE-types. It should be considered a weakness of TE original model to specify detailed implementation aspects such as labels and matrix, especially using the terms “domain” and “types” which have other, more generic, widely accepted meanings.
References
edit- ^SeeEarl Boebert Oral history interview28 April 2015,Charles Babbage Institute,University of Minnesota>
- ^Richard Y. Kain Oral history interview,27 May 2015,Charles Babbage Institute,University of Minnesota
- P. A. Loscocco, S. D. Smalley, P. A. Muckelbauer, R. C. Taylor, S. J. Turner, and J. F. Farrell.The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments.In Proceedings of the 21st National Information Systems Security Conference, pages 303–314, October 1998.[1]
- L. Badger, D. F. Sterne, D. L. Sherman, K. M. Walker and S. A. Haghighat,A Domain and Type Enforcement UNIX Prototype,In Proceedings of the 5th USENIX UNIX Security Symposium, June 1995.[2]
- W. E. Boebert and R. Y. Kain,A Practical Alternative to Hierarchical Integrity Policies,In Proceedings of the 8th National Computer Security Conference, page 18, 1985.
- LOCK - A trusted computing system